[openssl-dev] cert_cb and TLS tickets
Fedor Indutny
fedor at indutny.com
Fri Dec 9 19:43:01 UTC 2016
Hello,
During development of one feature for my TLS proxy bud, I have discovered
that the cert_cb is invoked only for newly generated tickets/sessions. The
reasoning behind this is clear, but I believe that it is most likely needs
a revision. Here is my reasoning:
The major use case is choosing a certificate/private key either dynamically
(based on various parameters of SSL structure) or asynchronously (by
using SSL_ERROR_WANT_X509_LOOKUP). However when the TLS ticket is provided
by the client, it will be parsed and loaded using the ticket key from the
main context, without giving a way for application to override it for
particular servername (from SNI). Furthermore, with the TLS ticket provided
application can no longer chose to provide a different certificate in case
of expiration or revocation.
The documentation says:
"It is B<always> called even is a certificate is already set so the callback
can modify or delete the existing certificate."
Additionally, when talking about things allowed in `cert_cb`:
"An application will typically call SSL_use_certificate() and
SSL_use_PrivateKey() to set the end entity certificate and private key.
It can add intermediate and optionally the root CA certificates using
SSL_add1_chain_cert()."
It only says that it is *typically* for applications to use these functions
not limiting them to set and use different secure contextes on cert_cb.
This is in fact what I've used in bud, and what we use in node.js too.
Proposal:
Invoke cert_cb before looking up session ids and parsing tls tickets. It is
a safe change, and it should be done to match intention of this API
documented in man pages.
Please let me know if I can help or work on this.
Thank you,
Fedor.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20161209/14c33e19/attachment.html>
More information about the openssl-dev
mailing list