Questions about the semantics of SSL_CTX_set_cert_verify_callback
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jul 7 14:18:34 UTC 2023
On Fri, Jul 07, 2023 at 02:01:09PM +0000, Andrew Lee-Thorp wrote:
> >The question makes no sense, the chain is always unvalidated, it is the
> >callback's job to do the validation.
>
> Imagine the client connects to foo.com
> Imagine the server offers certs to the clients the following certs:
> [x, 1,2,3] where 1,2,3 IS a chain, 3 is trusted and 1 is the foo.com
> cert. Self-signed cert x is the cert that was actually used in the
> handshake.
The SSL layer will pass "x" as the EE certificate an [1,2,3] in the
untrusted stack. The chain will initially be NULL. No validation
of any kind has been performed on entry to the callback.
> (Imagine also the client does not do hostname verification, humour me
> for a moment).
Any verification the client does or does not do is in the <elided code>,
which you have not described. So nothing can be said about the result.
> Then will the callback contain 1,2,3 or will it contain just x, or
> even [x,1,2,3] ?
The callback does not "contain" anything. It gets an X509_STORE_CTX,
in which the EE certificate is x, and the untrusted chain is [1,2,3].
The callback's job is to construct and validate a certificate chain,
setting the store context error status to a value other than X509_V_OK
on error. It should return 1 on success, 0 on error and "-1" if it
couldn't even decide because of some transient problem.
--
Viktor.
More information about the openssl-users
mailing list