Description
## Summary:
The SSL options ISSUERCERT, EC_CURVES and CRLFILE are silently ignored for e.g. the mbedTLS backend, which allows MITM attacks for the ISSUERCERT and CRLFILE bug, and can reduce the security and compliance by ignoring the specified curve for the EC_CURVES bug.
## Affected version
Tested with latest master version, commit 2d5a063121202acaa23bb77975b2739bec4551ce, and mbedTLS 3.6 and 4.0.
## Steps To Reproduce:
Install Docker on a Linux system, and run the test.sh script. It compiles 2 versions of curl: with mbedTLS, and with OpenSSL. It then tests all 3 bugs with a custom C program which is needed for the bug, and in addition the EC_CURVES bug from the command line. Expected output:
```
=== mbedTLS ===
===========================================
curl 8.19.0-DEV (mbedTLS/4.0.0)
===========================================
--- CURLOPT_ISSUERCERT ---
Setting: "fake_issuer.pem"
setopt: No error
perform: No error
Result: VULNERABLE - silently ignored!
--- CURLOPT_SSL_EC_CURVES ---
Setting: "INVALID_CURVE_NAME"
setopt: No error
perform: No error
Result: VULNERABLE - silently ignored!
--- CURLOPT_CRLFILE ---
Setting: "fake_crl.pem"
setopt: No error
perform: Failed to load CRL file (path? access rights?, format?)
Result: CORRECT - CRL check enforced
===========================================
SUMMARY
===========================================
CURLOPT_ISSUERCERT VULNERABLE
CURLOPT_SSL_EC_CURVES VULNERABLE
CURLOPT_CRLFILE OK
FOUND 2 VULNERABILITIES
=== OpenSSL ===
===========================================
curl 8.19.0-DEV (OpenSSL/3.0.13)
===========================================
--- CURLOPT_ISSUERCERT ---
Setting: "fake_issuer.pem"
setopt: No error
perform: Issuer check against peer certificate failed
Result: CORRECT - issuer check enforced
--- CURLOPT_SSL_EC_CURVES ---
Setting: "INVALID_CURVE_NAME"
setopt: No error
perform: Could not use specified SSL cipher
Result: CORRECT - EC curve validated
--- CURLOPT_CRLFILE ---
Setting: "fake_crl.pem"
setopt: No error
perform: Failed to load CRL file (path? access rights?, format?)
Result: CORRECT - CRL check enforced
===========================================
SUMMARY
===========================================
CURLOPT_ISSUERCERT OK
CURLOPT_SSL_EC_CURVES OK
CURLOPT_CRLFILE OK
No vulnerabilities found.
########################################
# CLI TEST (--curves)
########################################
=== mbedTLS CLI ===
Running: curl --curves INVALID_CURVE https://curl.se
200 -> VULNERABLE (silently ignored)
=== OpenSSL CLI ===
Running: curl --curves INVALID_CURVE https://curl.se
000 -> CORRECT (rejected invalid curve)
########################################
# RESULT
########################################
VULNERABILITIES CONFIRMED: mbedTLS ignores SSL options that OpenSSL enforces
```
It probably is also a problem for Windows with the Schannel backend, but I didn't test this.
## Supporting Material/References:
Attached files:
- `Dockerfile`: Builds curl with both mbedTLS and OpenSSL backends
- `test_ssl_options.c`: Test program for all SSL options
- `run_test.sh`: Test script (runs inside container)
- `test.sh`: Build and run (host entry point)
The fix should be easy: Return `CURLE_NOT_BUILT_IN` for backends that don't implement these features.
```c
case CURLOPT_ISSUERCERT:
if(!Curl_ssl_supports(data, SSLSUPP_ISSUERCERT))
return CURLE_NOT_BUILT_IN;
return Curl_setstropt(&data->set.str[STRING_SSL_ISSUERCERT], va_arg(param, char *));
```
This requires:
1. Adding feature flags (e.g., `SSLSUPP_ISSUERCERT`, `SSLSUPP_EC_CURVES`) to the SSL backend interface
2. Each backend declaring which features it supports
3. Checking support before accepting the option
## Impact
## Summary
### MITM Attack Enablement
Applications and scripts that rely on `CURLOPT_ISSUERCERT` or `CURLOPT_CRLFILE` for certificate validation are vulnerable to MITM attacks when built against affected backends. An attacker with any valid certificate can intercept supposedly-pinned connections.
### Cryptographic Downgrade
The `CURLOPT_SSL_EC_CURVES`/`--curves` option being ignored allows servers (or MITM attackers) to negotiate weaker elliptic curves than intended, potentially exploiting known cryptographic weaknesses.
### Silent Failure
The most critical aspect is that these options fail silently, returning `CURLE_OK` and proceeding without the security check. Applications have no way to detect that their security requirements are not being enforced.
## Affected Platforms
All systems which use affected backends. For example OpenWrt (which replaced WolfSSL with mbedTLS in newer releases), Windows builds using Schannel, and many IoT devices and Docker containers. WolfSSL probably has the same bug.
## Attack Surface
The bugs affect both libcurl applications (via `curl_easy_setopt()`) and curl command line users (via `--curves` and `--crlfile` flags). Two of three vulnerabilities are exploitable from the CLI, not just custom programs.
The SSL options ISSUERCERT, EC_CURVES and CRLFILE are silently ignored for e.g. the mbedTLS backend, which allows MITM attacks for the ISSUERCERT and CRLFILE bug, and can reduce the security and compliance by ignoring the specified curve for the EC_CURVES bug.
## Affected version
Tested with latest master version, commit 2d5a063121202acaa23bb77975b2739bec4551ce, and mbedTLS 3.6 and 4.0.
## Steps To Reproduce:
Install Docker on a Linux system, and run the test.sh script. It compiles 2 versions of curl: with mbedTLS, and with OpenSSL. It then tests all 3 bugs with a custom C program which is needed for the bug, and in addition the EC_CURVES bug from the command line. Expected output:
```
=== mbedTLS ===
===========================================
curl 8.19.0-DEV (mbedTLS/4.0.0)
===========================================
--- CURLOPT_ISSUERCERT ---
Setting: "fake_issuer.pem"
setopt: No error
perform: No error
Result: VULNERABLE - silently ignored!
--- CURLOPT_SSL_EC_CURVES ---
Setting: "INVALID_CURVE_NAME"
setopt: No error
perform: No error
Result: VULNERABLE - silently ignored!
--- CURLOPT_CRLFILE ---
Setting: "fake_crl.pem"
setopt: No error
perform: Failed to load CRL file (path? access rights?, format?)
Result: CORRECT - CRL check enforced
===========================================
SUMMARY
===========================================
CURLOPT_ISSUERCERT VULNERABLE
CURLOPT_SSL_EC_CURVES VULNERABLE
CURLOPT_CRLFILE OK
FOUND 2 VULNERABILITIES
=== OpenSSL ===
===========================================
curl 8.19.0-DEV (OpenSSL/3.0.13)
===========================================
--- CURLOPT_ISSUERCERT ---
Setting: "fake_issuer.pem"
setopt: No error
perform: Issuer check against peer certificate failed
Result: CORRECT - issuer check enforced
--- CURLOPT_SSL_EC_CURVES ---
Setting: "INVALID_CURVE_NAME"
setopt: No error
perform: Could not use specified SSL cipher
Result: CORRECT - EC curve validated
--- CURLOPT_CRLFILE ---
Setting: "fake_crl.pem"
setopt: No error
perform: Failed to load CRL file (path? access rights?, format?)
Result: CORRECT - CRL check enforced
===========================================
SUMMARY
===========================================
CURLOPT_ISSUERCERT OK
CURLOPT_SSL_EC_CURVES OK
CURLOPT_CRLFILE OK
No vulnerabilities found.
########################################
# CLI TEST (--curves)
########################################
=== mbedTLS CLI ===
Running: curl --curves INVALID_CURVE https://curl.se
200 -> VULNERABLE (silently ignored)
=== OpenSSL CLI ===
Running: curl --curves INVALID_CURVE https://curl.se
000 -> CORRECT (rejected invalid curve)
########################################
# RESULT
########################################
VULNERABILITIES CONFIRMED: mbedTLS ignores SSL options that OpenSSL enforces
```
It probably is also a problem for Windows with the Schannel backend, but I didn't test this.
## Supporting Material/References:
Attached files:
- `Dockerfile`: Builds curl with both mbedTLS and OpenSSL backends
- `test_ssl_options.c`: Test program for all SSL options
- `run_test.sh`: Test script (runs inside container)
- `test.sh`: Build and run (host entry point)
The fix should be easy: Return `CURLE_NOT_BUILT_IN` for backends that don't implement these features.
```c
case CURLOPT_ISSUERCERT:
if(!Curl_ssl_supports(data, SSLSUPP_ISSUERCERT))
return CURLE_NOT_BUILT_IN;
return Curl_setstropt(&data->set.str[STRING_SSL_ISSUERCERT], va_arg(param, char *));
```
This requires:
1. Adding feature flags (e.g., `SSLSUPP_ISSUERCERT`, `SSLSUPP_EC_CURVES`) to the SSL backend interface
2. Each backend declaring which features it supports
3. Checking support before accepting the option
## Impact
## Summary
### MITM Attack Enablement
Applications and scripts that rely on `CURLOPT_ISSUERCERT` or `CURLOPT_CRLFILE` for certificate validation are vulnerable to MITM attacks when built against affected backends. An attacker with any valid certificate can intercept supposedly-pinned connections.
### Cryptographic Downgrade
The `CURLOPT_SSL_EC_CURVES`/`--curves` option being ignored allows servers (or MITM attackers) to negotiate weaker elliptic curves than intended, potentially exploiting known cryptographic weaknesses.
### Silent Failure
The most critical aspect is that these options fail silently, returning `CURLE_OK` and proceeding without the security check. Applications have no way to detect that their security requirements are not being enforced.
## Affected Platforms
All systems which use affected backends. For example OpenWrt (which replaced WolfSSL with mbedTLS in newer releases), Windows builds using Schannel, and many IoT devices and Docker containers. WolfSSL probably has the same bug.
## Attack Surface
The bugs affect both libcurl applications (via `curl_easy_setopt()`) and curl command line users (via `--curves` and `--crlfile` flags). Two of three vulnerabilities are exploitable from the CLI, not just custom programs.
Basic Information
ID
H1:3516974
Published
Jan 19, 2026 at 20:10
Modified
Jan 20, 2026 at 06:48