mbedtls/ChangeLog.d/crl-revocationDate.txt

Security
   * When checking X.509 CRLs, a certificate was only considered as revoked if
     its revocationDate was in the past according to the local clock if
     available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
     certificates were never considered as revoked. On builds with
     MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for
     example, an untrusted OS attacking a secure enclave) could prevent
     revocation of certificates via CRLs. Fixed by no longer checking the
     revocationDate field, in accordance with RFC 5280. Reported by
     yuemonangong in #3340. Reported independently and fixed by
     Raoul Strackx and Jethro Beekman in #3433.
Always revoke certificate on CRL RFC5280 does not state that the `revocationDate` should be checked. In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all. https://tools.ietf.org/html/rfc5280 Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com> 2020-06-15 17:03:13 +02:00			`Security`
			`* When checking X.509 CRLs, a certificate was only considered as revoked if`
			`its revocationDate was in the past according to the local clock if`
			`available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,`
			`certificates were never considered as revoked. On builds with`
			`MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for`
			`example, an untrusted OS attacking a secure enclave) could prevent`
			`revocation of certificates via CRLs. Fixed by no longer checking the`
			`revocationDate field, in accordance with RFC 5280. Reported by`
			`yuemonangong in #3340. Reported independently and fixed by`
			`Raoul Strackx and Jethro Beekman in #3433.`