[openssl-users] Rejecting SHA-1 certificates

[Jakob Bohm]

On 12/07/2017 07:23, Viktor Dukhovni wrote:
> On Wed, Jul 12, 2017 at 02:02:31AM +0200, Jakob Bohm wrote:
>
>> I don't think a state is really needed for this, if the callback
>> simply checks if the certificate is in the loaded trust collection,
>> and/or if it is self-signed (depending on the application's chosen
>> root CA trust model).
> Yes, though that too is complicated, e.g. DANE-TA(2) validation
> often produces chains where none of the certs are in the local
> store or self-signed.  And checking the trust stores for an
> exact match takes some care...
>
> The stateful approach is in some ways more elementary.
>
Well, I guess that for DANE-TA, it would be OK to just insist
on no SHA-1 in the chain at all.

Given the limited abilities of (at least previous) versions
of the OpenSSL chain validation/building code, just checking
for self-signed would probably be good enough for now.

Hopefully any future improved OpenSSL code (that checks all
attributes currently ignored) would also provide a new
callback prototype that receives extra information about
the (OpenSSL internal) situation in which it was called, such
as "called from TLS server checking received client cert, this
is the end/middle/trusted cert in the candidate chain, and here
is the SSL_CTX* for that connection".  And with more sensibly
named/defined callback return values too (such as "reject this
cert, try another chain", "reject this cert, and all chains
containing it", "abort the connection, never mind the certs",
"accept this cert, despite the list of failed standard checks
reported to the callback (perhaps shown to the user in a prompt)",
"accept this cert and don't check the chain above it").


Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded