[openssl-users] Is verification supposed to fail with SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT without SSL_CTX_set_client_CA_list?

[Dr. Stephen Henson]

On Sat, Feb 27, 2016, Jeffrey Walton wrote:

> This came up recently on Stack Overflow. The server code specified
> SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, but failed to call
> SSL_CTX_set_client_CA_list. The connection did not fail as expected.
> 
> Looking at the man page for SSL_CTX_set_verify [1] and
> SSL_CTX_set_client_CA_list [2] it looks like the connection is
> supposed to fail. From [1]:
> 
>     SSL_VERIFY_FAIL_IF_NO_PEER_CERT
> 
>         Server mode: if the client did not return a certificate,
>         the TLS/SSL handshake is immediately terminated
>         with a "handshake failure" alert...
> 
> Is verification supposed to fail with SSL_VERIFY_PEER |
> SSL_VERIFY_FAIL_IF_NO_PEER_CERT regardless of the interactions with
> SSL_CTX_set_client_CA_list? Or is there a hidden dependency on
> SSL_CTX_set_client_CA_list?
> 

The function SSL_CTX_set_client_CA_list() sets a list of supportied CA names.
This list is sent to the client during client authentication.
The client can then use that (if it wishes) to decide which certificate
to use for client authentication.

A client may not filter the CAs based on that list: it might give the
user the option to send any client certificate it has available. Also when
presented with an empty list the client might decide that all certificates are
permissible or that it's some kind of error and it can't send any.

So not setting SSL_CTX_set_client_CA_list() is not guaranteed to fail and what
happens depends on the client.

The set of certificates the server trusts for client authentication can be a
separate list though if you don't trust any certificate chains you sent in the
client CA list that would be somewhat odd.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org