Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider revisiting X509ChainStatusFlag parsing on macOS #32941

Open
bartonjs opened this issue Feb 27, 2020 · 2 comments
Open

Consider revisiting X509ChainStatusFlag parsing on macOS #32941

bartonjs opened this issue Feb 27, 2020 · 2 comments
Labels
area-System.Security backlog-cleanup-candidate An inactive issue that has been marked for automated closure. design-discussion Ongoing discussion about design without consensus no-recent-activity os-mac-os-x macOS aka OSX
Milestone

Comments

@bartonjs
Copy link
Member

The string-matching causes us semi-regular servicing events where we suppress a value that we've previously never seen.

Some thoughts:

  • Leave things as is, stay reactionary.
  • Reduce the OS question/answer to "build this chain and tell me if it's trusted" (e.g. always send cert.NotBefore as the time for the check).
    • If it fails, run it again without revocation, then try running it with the issuer, keep popping and trying again to build the per-cert data.
    • Figure out other things manually?
      • ExplicitDistrust vs casually untrusted is probably still a problem.
      • Have to see what things like InvalidBasicConstraints to do the questions.
  • Map an unknown codes + !success to some existing code, like HasNotSupportedCriticalExtension.
    • This probably isn't a good idea, since it's just a different form of "this worked yesterday, and fails today, and there's nothing you can do about it".
  • See if there's a better set of OS functionality we can call, now that the minimum OS version has moved forward significantly since we originally wrote this.
  • Decide that (assuming we do) we have positive tests for all existing codes, and we'll react to the string changing (if it does), and that we're OK with the platform doing something like changing "Revocation" to "CertRevoked" means existing applications lose that data with no error reported.
    • We /could/ move some of the unit tests to startup tests; but that's tricky due to expiration and potential network needs.
    • We're probably not OK with this.

The most promising would be if there's better OS functionality we can depend on. Otherwise, we're probably best off with keeping the course. Not understanding a new critical failure would be a really bad state to be in.

@Dotnet-GitSync-Bot Dotnet-GitSync-Bot added the untriaged New issue has not been triaged by the area owner label Feb 27, 2020
@bartonjs bartonjs added area-System.Security os-mac-os-x macOS aka OSX design-discussion Ongoing discussion about design without consensus and removed untriaged New issue has not been triaged by the area owner labels Feb 27, 2020
@vcsjones
Copy link
Member

Perhaps one area of improvement is the diagnostic here:

if (ret != 0)
{
Debug.Fail($"X509ChainGetStatusAtIndex returned unexpected error {ret}");
throw new CryptographicException();
}

It isn't very user actionable, but it would make it easier for people and you folks to troubleshoot running in to this. Perhaps we can even get a CFArray of the strings back from the PAL of the strings and include them in the exception.

Copy link
Contributor

Due to lack of recent activity, this issue has been marked as a candidate for backlog cleanup. It will be closed if no further activity occurs within 14 more days. Any new comment (by anyone, not necessarily the author) will undo this process.

This process is part of our issue cleanup automation.

@dotnet-policy-service dotnet-policy-service bot added backlog-cleanup-candidate An inactive issue that has been marked for automated closure. no-recent-activity labels Dec 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-System.Security backlog-cleanup-candidate An inactive issue that has been marked for automated closure. design-discussion Ongoing discussion about design without consensus no-recent-activity os-mac-os-x macOS aka OSX
Projects
None yet
Development

No branches or pull requests

3 participants