Setting Up CertStore for TLS Verification

Viktor Dukhovni openssl-users at dukhovni.org
Mon Jan 30 04:50:03 UTC 2023


On Mon, Jan 30, 2023 at 04:00:13AM +0000, Kreissl, Jochen wrote:

> I am facing some uncertainties regarding how to properly set up
> SSL_CTX & SSL structs, so that certificate based, (mutual)
> authentication works (TLS 1.3).
> 
>   *   Certificates are loaded via an external lib and I get them as
>       binary ASN.1. After parsing them into proper openssl X509
>       structs, I load them into a X509_Store with X509_STORE_add_cert
>   *   I use the SSL_CTX_set1_cert_store method to load the thus
>       constructed store into an SSL_CTX

Is this context created just once, or once per (SSL *) connection?  Is
the server single-threaded or multi-threaded?

>   *   I also use SSL_add_client_CA to add all CA/Roots names to the
>       Server list of available Cas (to be sent to the Client when
>       initiating mutual auth)

Do the acceptable CA names vary from connection to connection?  If not,
and the SSL_CTX is shared, why not preload the CA list into the shared
context?

>   *   I have set the Verify flag to Verify_Peer via SSL_set_verify

This can be done last, after all other setup is complete.

>   *   An instance's chain cert are added via SSL_add1_chain_cert
>   *   An instance's key and leaf cert are added via
>       SSL_use_certificate and SSL_use_PrivateKey respectively

Do the key and certificate vary from (SSL *) connection to connection?
If not, why not preload the certificate and private key into the shared
SSL_CTX?

> Q1: Is here anything I forget with regards to the general set-up of
>     the verification process?

Are client certificates unconditionally required?  If so, and you want
to terminate handshakes with anonymous clients promptly, you'll also
want the SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag in SSL_CTX_set_verify()
or SSL_set_verify().  With TLS 1.3, you can alternatively enable
post-handshake authentication by setting the SSL_VERIFY_POST_HANDSHAKE
flag.

> Q2: Assume the Verification Certificates are loaded into SSL_CTX after
>     an SSL struct was already created from it. Will the SSL struct
>     "know" of the Certificate Store and access it properly?

No, that's too late.  SSL connection operations expect the SSL_CTX
to be immutable (apart from its reference count), clone much of
the content, and shallow-copy the rest.  Why would you pre-create
the SSL connection handle???

>     Or would I have to create a new SSL struct from SSL_CTX in order
>     for this configuration to take effect?

A server typically handles more than connection at a time, and ends up
creating SSL connections on the fly, with the context already in place.
The use case for connection before context initialisation is unclear
(and in any case doesn't work).

-- 
    Viktor.


More information about the openssl-users mailing list