API for Certificate checking without date checks
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Mar 5 08:24:37 UTC 2024
On Mon, Mar 04, 2024 at 10:22:36PM -0800, Hal Murray wrote:
>
> Context is the chicken and egg problem of using TLS before a system knows the
> time.
>
> I work on NTP software. NTP uses NTS (Network Time Security) which uses TLS
> to make sure it is talking to the right servers.
>
> I'm trying to figure out how to get started on a system that doesn't know the
> time yet. (Many low cost systems like the Raspberry Pi don't have a battery
> backed clock.)
>
> I think I want to try something like:
> Do everything except check the time on certificates
> Get the time, assuming those certificates are valid.
> Now check to see if those certificates were valid.
>
> The command line tools have -no_check_time
>
> Is there something similar in the API? I've looked, but maybe not in the
> right place.
You can override specific error conditions in a verification callback,
registered via SSL_set_verify(3) or SSL_CTX_set_verify(3).
In the callback, you can use:
int verify_callback(int preverify, X509_STORE_CTX* ctx)
{
switch (X509_STORE_CTX_get_error(ctx)) {
default: return preverify;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_CERT_HAS_EXPIRED:
return 1;
}
}
Advanced fine-tuning: You might not want to cache the session that was
used to seed the clock, perhaps only subsequent sessions should be
cached for resumption? Perhaps you don't do resumption at all, or
don't care...
You can inspect the certificate validity after the completion of the
handshake and choose to not cache the session (or session ticket), the
SSL_get_verify_result(3) function will return the last error condition
reported even for resumed sessions (the error in question is stored as
part of the session).
You'd need to implement the new session callbacks, and then save the
session for resumption only conditionally. OpenSSL, for rather weak
reasons, has an internal cache even for client connections, which is
only used to trigger session "remove" callbacks when the internal
session count is too high, or some sessions are too old, but it is much
better to do that in your own cache, and disable OpenSSL's internal
cache:
SSL_CTX_set_session_cache_mode(ctx,
SSL_SESS_CACHE_CLIENT |
SSL_SESS_CACHE_NO_INTERNAL_STORE |
SSL_SESS_CACHE_NO_AUTO_CLEAR);
--
Viktor.
More information about the openssl-users
mailing list