On Thu, Dec 01, 2005 at 04:08:38PM -0500, Sean Rhea wrote:
> >Clearly OpenSSL has already verified that the client
> >has a private key that matches the public key in the certificate, or
> >else all the certificace checks are pointless.
>
> Are you SURE about that? I'm not doubting you, it's just that
> "Clearly..." sounds more like an assumption.
Well, it cannot be otherwise, because if that is not the case, there is
nothing your verification code can do to check this, because you don't
get to participate in the protocol handshake and verify the client's
signature on some nonce using the public key from the certificate (the
key exchange happens outside your callback).
All you get to verify is the trust chain, but it is completely irrelevant,
you already know who the client's expected public key or the fingerprint
of his self-signed certificate.
> Okay, I think I have that working. Three sample files are attached.
> The client and server sides, and a common verification routine.
> Would you mind looking them over and letting me know whether they're
> doing what I want? I THINK they are, but security-sensitive code can
> always use a second set of eyeballs. :)
>
Looks ok to me, but I am hoping that someone else will take a look at it
also. In your verification callback the final call to X509_verify is
pointless:
int
verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
// Should have failed due to it being self-signed.
int err = X509_STORE_CTX_get_error(ctx);
if (err != X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
return 0;
// Double check that the certificate is properly signed.
// XXX: is that what X509_verify actually does???
X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
return X509_verify(err_cert, X509_PUBKEY_get(err_cert->cert_info->key));
}
It does not matter who signed the certificate. Indeed the callback can
always return 1 even if the certificate is not self-signed. The properties
you want are:
- The peer has proved possesion of the private key that matches
the certificate public key (the SSL handshake does that).
- The public key (via a fingerprint for convenience) is the one
that you want.
So I would change this to:
int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
return 1;
}
You can test this. Give the client or server a the wrong private key
and the right certificate and watch the SSL handshake fail, even though
you ignore the validity of the certificate chain.
Anyone else have comments on the above?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
