On Tue, Apr 07, 2009 at 08:36:27PM -0400, Dave Thompson wrote:
> The simple solution openssl does 'builtin' is to use CA-signed
> certs (can be your own private CA) and a 'local trusted store' --
> a file or directory containing the (root) CA cert(s) you trust.
> (And which it is presumed an attacker can't/didn't change.)
> If that is OK for you, just use SSL_CTX_load_verify_locations
> and don't bother with a verify_callback.
OpenSSL does not verify the peername only the trust chain, it is up to
applications to verify the peernames of suitable (typically just the
ones with valid trust chains) leaf certificates. So one can't entirely
leave verification to the library, unless the trusted CAs only issue
certificates to a restricted set of uniformly trusted clients.
Because the peername is retained with peer certificate in the cacheable
SSL_SESSION object (along with the trust chain verification status, but
NOT the entire trust chain), a natural approach is to postpone peername
verification until the session is established (or resumed) and then
check the peername, disconnecting in a graceful way via the application
layer protocol if the peername is not suitable.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
