CVE-2020-8286: Inferior OCSP verification

cURL (in /lib/vtls/openssl.c) does not check that the certificate serial number in the stapled OCSP response matches the serial number of the certificate it is trying to validate (the peer certificate). This results in a passed validity challenge even when connecting to a site that has had its certificate revoked. An example program showing the vulnerability and a suggested patch are included. EXAMPLE: 1. Identify a site with a revoked certificate. (https://revoked.grc.com) 2. Obtain a valid OCSP response for a site signed by the same issuer as the revoked site. (https://www.grc.com). See https://akshayranganath.github.io/OCSP-Validation-With-Openssl/ for a how-to. Use the ocsp option 'respout' to obtain the DER encoded OCSP response. Certificates for www.grc.com are provided. Use the following command to obtain an OCSP response for the example certificates: $ openssl ocsp -issuer grc_chain.pem -cert grc_cert.pem -text -url http://ocsp.digicert.com -respout grc_ocsp_resp.der 3. See the OCSP behavior without replacing the OCSP response: $ ./curl_ocsp_vuln_test https://revoked.grc.com Curl Error: SSL server certificate status verification FAILED Curl correctly fails. 4. See the OCSP behavior when replacing the OCSP response with that from www.grc.com: $ ./curl_ocsp_vuln_test https://revoked.grc.com --replace_ocsp grc_ocsp_resp.der <!DOCTYPE html PUBLIC... The result is that cURL succeeds despite the site having a revoked certificate. ## Impact Certificates are usually revoked because important information, such as the private key, has become known. This could allow an attacker to cause a "validated" connection to an attacker-controlled site by substituting the OCSP response.