SSL options ISSUERCERT, EC_CURVES and CRLFILE silently ignored by non-OpenSSL backends

## Summary: The SSL options ISSUERCERT, EC_CURVES and CRLFILE are silently ignored for e.g. the mbedTLS backend, which allows MITM attacks for the ISSUERCERT and CRLFILE bug, and can reduce the security and compliance by ignoring the specified curve for the EC_CURVES bug. ## Affected version Tested with latest master version, commit 2d5a063121202acaa23bb77975b2739bec4551ce, and mbedTLS 3.6 and 4.0. ## Steps To Reproduce: Install Docker on a Linux system, and run the test.sh script. It compiles 2 versions of curl: with mbedTLS, and with OpenSSL. It then tests all 3 bugs with a custom C program which is needed for the bug, and in addition the EC_CURVES bug from the command line. Expected output: ``` === mbedTLS === =========================================== curl 8.19.0-DEV (mbedTLS/4.0.0) =========================================== --- CURLOPT_ISSUERCERT --- Setting: "fake_issuer.pem" setopt: No error perform: No error Result: VULNERABLE - silently ignored! --- CURLOPT_SSL_EC_CURVES --- Setting: "INVALID_CURVE_NAME" setopt: No error perform: No error Result: VULNERABLE - silently ignored! --- CURLOPT_CRLFILE --- Setting: "fake_crl.pem" setopt: No error perform: Failed to load CRL file (path? access rights?, format?) Result: CORRECT - CRL check enforced =========================================== SUMMARY =========================================== CURLOPT_ISSUERCERT VULNERABLE CURLOPT_SSL_EC_CURVES VULNERABLE CURLOPT_CRLFILE OK FOUND 2 VULNERABILITIES === OpenSSL === =========================================== curl 8.19.0-DEV (OpenSSL/3.0.13) =========================================== --- CURLOPT_ISSUERCERT --- Setting: "fake_issuer.pem" setopt: No error perform: Issuer check against peer certificate failed Result: CORRECT - issuer check enforced --- CURLOPT_SSL_EC_CURVES --- Setting: "INVALID_CURVE_NAME" setopt: No error perform: Could not use specified SSL cipher Result: CORRECT - EC curve validated --- CURLOPT_CRLFILE --- Setting: "fake_crl.pem" setopt: No error perform: Failed to load CRL file (path? access rights?, format?) Result: CORRECT - CRL check enforced =========================================== SUMMARY =========================================== CURLOPT_ISSUERCERT OK CURLOPT_SSL_EC_CURVES OK CURLOPT_CRLFILE OK No vulnerabilities found. ######################################## # CLI TEST (--curves) ######################################## === mbedTLS CLI === Running: curl --curves INVALID_CURVE https://curl.se 200 -> VULNERABLE (silently ignored) === OpenSSL CLI === Running: curl --curves INVALID_CURVE https://curl.se 000 -> CORRECT (rejected invalid curve) ######################################## # RESULT ######################################## VULNERABILITIES CONFIRMED: mbedTLS ignores SSL options that OpenSSL enforces ``` It probably is also a problem for Windows with the Schannel backend, but I didn't test this. ## Supporting Material/References: Attached files: - `Dockerfile`: Builds curl with both mbedTLS and OpenSSL backends - `test_ssl_options.c`: Test program for all SSL options - `run_test.sh`: Test script (runs inside container) - `test.sh`: Build and run (host entry point) The fix should be easy: Return `CURLE_NOT_BUILT_IN` for backends that don't implement these features. ```c case CURLOPT_ISSUERCERT: if(!Curl_ssl_supports(data, SSLSUPP_ISSUERCERT)) return CURLE_NOT_BUILT_IN; return Curl_setstropt(&data->set.str[STRING_SSL_ISSUERCERT], va_arg(param, char *)); ``` This requires: 1. Adding feature flags (e.g., `SSLSUPP_ISSUERCERT`, `SSLSUPP_EC_CURVES`) to the SSL backend interface 2. Each backend declaring which features it supports 3. Checking support before accepting the option ## Impact ## Summary ### MITM Attack Enablement Applications and scripts that rely on `CURLOPT_ISSUERCERT` or `CURLOPT_CRLFILE` for certificate validation are vulnerable to MITM attacks when built against affected backends. An attacker with any valid certificate can intercept supposedly-pinned connections. ### Cryptographic Downgrade The `CURLOPT_SSL_EC_CURVES`/`--curves` option being ignored allows servers (or MITM attackers) to negotiate weaker elliptic curves than intended, potentially exploiting known cryptographic weaknesses. ### Silent Failure The most critical aspect is that these options fail silently, returning `CURLE_OK` and proceeding without the security check. Applications have no way to detect that their security requirements are not being enforced. ## Affected Platforms All systems which use affected backends. For example OpenWrt (which replaced WolfSSL with mbedTLS in newer releases), Windows builds using Schannel, and many IoT devices and Docker containers. WolfSSL probably has the same bug. ## Attack Surface The bugs affect both libcurl applications (via `curl_easy_setopt()`) and curl command line users (via `--curves` and `--crlfile` flags). Two of three vulnerabilities are exploitable from the CLI, not just custom programs.