(#2848) Rewrite SSL Certificate Factory, fixing `subjectAltName` leak.
94345ebac6d7Unpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

(#2848) Rewrite SSL Certificate Factory, fixing subjectAltName leak.

This is a major rewrite of the SSL CertificateFactory, which transforms the
way that we build the certificate we are about to sign in response to a CSR.

The main body of rework is to clean up the code and make it easier to manage
and validate, but there are two essential changes:

We no longer inject subjectAltName from local certdnsnames configuration option into every certificate we generate. This fixes CVE-2011-3872, and prevents issuing client certificates that can impersonate the master.

*All* request extensions from the CSR are transported into the final certificate. This includes basicConstraints; we rely on other layers of the Puppet stack having validated the code to this point.

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>

Details

Provenance

Daniel Pittman <daniel@puppetlabs.com>	Authored on
Nick Lewis <nick@puppetlabs.com>	Committed on Oct 21 2011, 7:13 PM
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPUa729d906482d: (#2848) Reject unknown (== all) extensions on the CSR.

Branches

Unknown

Tags