Thank you for your answer Victor,
I am trying to establish a routing path for an anonymity protocol (
http://en.wikipedia.org/wiki/Phantom_Anonymity_Protocol).
This is a one way procedure: the node that wants to be anonymized selects a
couple of other nodes and sends an array with setup packages (encrypted with
the node's public key) to the first node, it had selectd.
Now every such node accepts an anonymous connection from a client,
receives this array,
decrypts the setup package meant for this node,
and finds inside: IP and Certificate of the previous and next node (and some
more information unrelated to openssl).
When establishing a connection to the next node, the current node can thus
verify the certificate of the next node.
However, now that the current node also got to know the previous node's
certificate in a secure way, it can also verify the previous node's
certificate.
However, the handshake was already made, and the previous node did not send
a certificate.
That is why I am looking for a way to get this certificate after the
handshake was already made, so the current node can verify it.
===
also thanks for your remarks about how to actually verify a socket. I will
extend my verification method by also checking the extensions.
I would be grateful, if you could help!
Michael
On Wed, Sep 23, 2009 at 10:18 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:
> On Wed, Sep 23, 2009 at 10:04:48PM +0200, Michael Prinzinger wrote:
>
> > and let the client verify the servers certificate, like this
> >
> > X509* x509 = SSL_get_peer_certificate(s);
> > > CHECK(x509 != NULL);
> > >
> > > //check certificate
> > > long certVerifyResults = SSL_get_verify_result(s);
> > > if(certVerifyResults != X509_V_OK)
> > > throw SSLException("Error! Certificate could not be
> verified.\n);
> > >
> > > //free x509
> > > X509_free(x509);
>
> This only verifies the server's *trust chain*, but not its identity. To
> properly verify a server, you MUST examine the certificate subjectAltName
> extensions and if these are missing the CommonName in the subject DN.
>
> > [2] now a secure connection is established
>
> No "secure" connection is exists unless the client verified the server
> certificate.
>
> > on it the server receives data encrypted with the servers public key,
> so
> > only it can read it
> > in the data is information about the next node and the previous node
> > now the server knows the ssl certificate of the previous node and thus
> > wants to check it,
> > since the verify mode is still set to server only, we set it a new
> >
> > SSL_CTX_set_verify(this->ctx, SSL_VERIFY_PEER |
> > > SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
>
> Entirely pointless after the SSL handshake is done.
>
> > [3] if the server now runs the code above
> >
> > X509* x509 = SSL_get_peer_certificate(s);
> > > CHECK(x509 != NULL);
> > >
> > > //check certificate
> > > long certVerifyResults = SSL_get_verify_result(s);
> > > if(certVerifyResults != X509_V_OK)
> > > throw SSLException("Error! Certificate could not be
> verified.\n);
> > >
> > > //free x509
> > > X509_free(x509);
>
> Again this would just "verify" the trust chain, and say nothing about
> the client identity.
>
> > Has anyone an idea, how this could be achieved with the OpenSSL API?
>
> You are solving the wrong problem. Forget OpenSSL APIs, ... what actual
> security goals are you trying to achieve and what is available on the
> client and server to get you there?
>
> --
> Viktor.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
