classification
Title: Add OCSP support to ssl module
Type: enhancement Stage: needs patch
Components: Extension Modules, SSL Versions: Python 3.8
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: Arfrever, ShaneHarvey, barry, behackett, benjamin.peterson, christian.heimes, dkg, georg.brandl, jcea, pconnell, pitrou
Priority: normal Keywords:

Created on 2013-02-04 16:14 by christian.heimes, last changed 2019-10-17 01:46 by dkg.

Messages (10)
msg181341 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-02-04 16:14
Python's ssl module doesn't support OCSP [1]. The example code at [2] doesn't look too complicated. We should consider OCSP at least for 3.4 and may want to backport it to older versions to prevent MITM attacks on PyPI downloads.


[1]http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol)
[2] http://etutorials.org/Programming/secure+programming/Chapter+10.+Public+Key+Infrastructure/10.12+Checking+Revocation+Status+via+OCSP+with+OpenSSL/
msg181353 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2013-02-04 17:07
Can you explain how OCSP helps prevent MITM attacks?

----- Mail original -----
> De: "Christian Heimes" <report@bugs.python.org>
> À: pitrou@free.fr
> Envoyé: Lundi 4 Février 2013 17:14:32
> Objet: [issue17123] Add OCSP support to ssl module
> 
> 
> New submission from Christian Heimes:
> 
> Python's ssl module doesn't support OCSP [1]. The example code at [2]
> doesn't look too complicated. We should consider OCSP at least for
> 3.4 and may want to backport it to older versions to prevent MITM
> attacks on PyPI downloads.
msg181354 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-02-04 17:09
OCSP can prevent MITM attacks when the private server cert or CA cert got compromised or stolen somehow.
msg181372 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2013-02-04 18:57
Christian, I really don't agree this should be a release blocker, and especially not for bugfix branches.
msg200763 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-10-21 12:24
I won't have time for a proper implementation for 3.4. Defer to 3.5
msg275045 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2016-09-08 15:21
I'll add OCSP stapling verification to 3.7.
msg354292 - (view) Author: Daniel Kahn Gillmor (dkg) Date: 2019-10-09 18:33
It would be great to see at least minimal OCSP stapling support (in the form of callbacks on the client and server sides) availabl in the ssl module, similar to the way that pyopenssl has added such callbacks:

    https://github.com/pyca/pyopenssl/pull/580

If that was present in the ssl module, then it would let other implementations supply reasonable callback functionality for fetching and relaying stapled OCSP responses (on the server side) and validating in-band OCSP responses (on the client side).
msg354306 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2019-10-10 01:38
Considering OSCP has fallen out of favor relative to CT in recent years, may be should simply reject this feature request.
msg354756 - (view) Author: Bernie Hackett (behackett) Date: 2019-10-15 23:24
OCSP is the only way Let's Encrypt supports revocation. It would be really useful to have stapling verification supported in the standard library, even just the callback support PyOpenSSL supports.

https://letsencrypt.org/docs/revoking/
msg354825 - (view) Author: Daniel Kahn Gillmor (dkg) Date: 2019-10-17 01:46
On Thu 2019-10-10 01:38:42 +0000, Benjamin Peterson wrote:

> Considering OSCP has fallen out of favor relative to CT in recent
> years, may be should simply reject this feature request.

CT provides the possibility of a website operator to *detect* CA
malfeasance.

OCSP provides a live "proof of freshness" of the certificate at a
cadence significantly shorter than the lifetime of most certificates
(even the 90-day certificates offered by ACME-driven CAs like Let's
Encrypt).

These are orthogonal, and mutually-reinforcing mechanisms, not competing
mechanisms.

      --dkg
History
Date User Action Args
2019-10-17 01:46:40dkgsetmessages: + msg354825
2019-10-15 23:36:26ShaneHarveysetnosy: + ShaneHarvey
2019-10-15 23:24:58behackettsetnosy: + behackett
messages: + msg354756
2019-10-10 01:38:42benjamin.petersonsetmessages: + msg354306
2019-10-09 18:33:48dkgsetnosy: + dkg
messages: + msg354292
2018-02-25 20:28:13christian.heimessetversions: + Python 3.8, - Python 3.7
2016-09-15 07:54:32christian.heimessetassignee: christian.heimes
components: + SSL
2016-09-08 15:21:48christian.heimessetmessages: + msg275045
versions: + Python 3.7, - Python 3.5
2015-04-17 16:52:17Arfreversetnosy: + Arfrever
2013-12-22 00:59:30pitrousettype: security -> enhancement
2013-10-21 16:48:26larrysetnosy: - larry
2013-10-21 12:24:30christian.heimessetmessages: + msg200763
versions: + Python 3.5, - Python 2.6, Python 2.7, Python 3.4
2013-04-28 19:22:52georg.brandlsetversions: - Python 3.2, Python 3.3
2013-04-19 18:46:32pconnellsetnosy: + pconnell
2013-02-04 18:57:37pitrousetpriority: release blocker -> normal

messages: + msg181372
2013-02-04 18:23:44jceasetnosy: + jcea
2013-02-04 17:10:22christian.heimessetpriority: high -> release blocker
nosy: + larry, barry, benjamin.peterson, georg.brandl
2013-02-04 17:09:59christian.heimessetmessages: + msg181354
2013-02-04 17:07:19pitrousetmessages: + msg181353
2013-02-04 16:14:32christian.heimescreate