[New-bugs-announce] [issue30141] If you forget to call do_handshake, then everything seems to work but hostname is disabled

Nathaniel Smith report at bugs.python.org
Sun Apr 23 06:30:49 EDT 2017 

New submission from Nathaniel Smith:

Basically what it says in the title... if you create an SSL object via wrap_socket with do_handshake_on_connect=False, or via wrap_bio, and then forget to call do_handshake and just go straight to sending and receiving data, then the encrypted connection is successfully established and everything seems to work. However, in this mode the hostname is silently *not* checked, so the connection is vulnerable to MITM attacks.

(I guess from reading the SSL_read and SSL_write manpages that openssl is just silently doing the handshake automatically – very helpfully! – but it's only Python's do_handshake code that knows to check the hostname?)

This doesn't affect correctly written programs that follow the documentation and either use do_handshake_on_connect=True (the default for wrap_socket) or explicitly call do_handshake, so it's not a super-scary bug. But IMHO it definitely shouldn't be this easy to silently fail-open.

The attached test script sets up a TLS echo server that has a certificate for the host "trio-test-1.example.org" that's signed by a locally trusted CA, and then checks:

- connecting to it with do_handshake and expecting the correct hostname: works, as expected
- connecting to it with do_handshake and expecting a different hostname: correctly raises an error due to the mismatched hostnames
- connecting to it withOUT do_handshake and expecting a different hostname: incorrectly succeeds at connecting, sending data, receiving data, etc., without any error

and it checks using both ctx.wrap_socket(..., do_handshake_on_connect=False) and a little custom socket wrapper class defined using ctx.wrap_bio(...).

I've only marked 3.5 and 3.6 as affected because those are the only versions I've tested, but I suspect other versions are affected as well.

----------
assignee: christian.heimes
components: SSL
files: ssl-handshake.zip
messages: 292158
nosy: christian.heimes, njs
priority: normal
severity: normal
status: open
title: If you forget to call do_handshake, then everything seems to work but hostname is disabled
versions: Python 3.5, Python 3.6
Added file: http://bugs.python.org/file46827/ssl-handshake.zip

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30141>
_______________________________________

More information about the New-bugs-announce mailing list