openssl-users Digest, Vol 88, Issue 18
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Mar 14 19:58:38 UTC 2022
On Mon, Mar 14, 2022 at 12:47:26PM -0700, Edward Tsang via openssl-users wrote:
> I guess I need to explicitly set X509_STORE_CTX_set_error(ctx,
> X509_V_OK) before return 1 in the example if I need caller
> SSL_get_verify_result to return X509_V_OK?
Yes, but I'd like to strongly suggest that this is a bad idea. Instead,
abort the handshake on errors you're unwiling to accept, and then the
only possible errors at the conclusion of the handshake are those you're
willing to accept.
You can then still observe and log the fact that the handshake was not
in fact fully authenticated, and an error condition was tolerated.
Note that by setting the error condition to X509_V_OK you might be
losing information about earlier error conditions which also returned
"ok = 1", but are not intended to be acceptable at the conclusion of the
handshake. This poses significate security risks.
In other words, if sometimes (or always) return "ok = 1" even for error
conditions that you don't intend to clear, by clearing "expiration" and
treating the connection as verified on X509_V_OK you're opening up a
major security hole. The only way to make this safe is to be sure to
return "ok = 0" on all other error conditions. But, in that case,
there's no point in doing anything drastic with SSL_get_verify_result(),
any error conditions that did not terminate the handshake must have
been acceptable.
You're skating on thin ice, and need to think very carefully about
possible subtle issues with your design choices.
--
Viktor.
More information about the openssl-users
mailing list