[openssl-users] Has client validated successfully?

Kyle Hamilton aerowolf at gmail.com
Tue Feb 20 18:50:01 UTC 2018


No, you cannot query the SSL layer to know if the client validated the
certificate.  SSL/TLS don't provide any means of querying the remote
side.

Here's how the workflow works:

1) client doesn't trust certificate, doesn't override distrust:
connection closes with fatal unknown_ca or expired_certificate alert.
2) client doesn't trust certificate, does override distrust:
connection continues.  No way to query if distrust was overridden.
3) client does trust certificate, no need to override: connection
continues.  No way to query if distrust was overridden.

There's no way for the server to know if the client trusts the
certificate, or if the client overrode the distrust.

There's generally also no way for Javascript on the client to know
this, either.  However, because this is a list about OpenSSL (and not
about any given application of OpenSSL, i.e. the web) it's not the
best place to ask about how to do this on the web.

Certificate chain updates (to avoid chain expiration) by the server
are expected to be done unilaterally, by the server operator.

If different certificate chains need to be provided to different
clients, the different clients can request different hostnames (via
the Server Name Indication extension) so the server can decide which
certificate chain to present.

As much as it sucks, this is the only server certificate selection
mechanism that exists in SSL/TLS.

-Kyle H

On Tue, Feb 20, 2018 at 9:34 AM, J Decker <d3ck0r at gmail.com> wrote:
>
>
> On Tue, Feb 13, 2018 at 9:33 AM, Emmanuel Deloget <logout at free.fr> wrote:
>>
>> Hello,
>>
>> On Tue, Feb 13, 2018 at 7:14 AM, Kyle Hamilton <aerowolf at gmail.com> wrote:
>>
>> > The only thing that the server can know is whether the client has
>> > terminated the connection with a fatal alert.  If the client validates
>> > presented cert chains, then its continuation with the connection means
>> > that it passed validation.  If the client does not, or ignores any
>> > given error, then it doesn't mean that it passed validation.
>> >
>> > In other words, you can only know if the client's applied policy
>> > allows the connection to continue.  You cannot know if the policy that
>> > was applied was specifically related to the certificate chain
>> > presented.
>> >
>> > -Kyle H
>> >
>> > On Mon, Feb 12, 2018 at 10:06 PM, J Decker <d3ck0r at gmail.com> wrote:
>> > > Is there a way for a server to know if the client verified the cert
>> > > chain
>> > > successfully or not?
>> >
>>
>> From a security PoV, that doesn't help much. One can build a malicious
>> version of openvpn that will tell you "everything's ok" (or "it failed!",
>> depending of its goal). The server should not make any decision w.r.t. the
>> client state (that's more or less what is implied by Kyle's answer ; I
>> just
>> wanted to stress it).
>>
>
> Yes that is true.... however here's the scenario.
> Client does a verification and passes or fails, and via the SSL layer I can
> query if the client validated the certificate.
> If it failed, provide a option for the client to get a renewed certificate
> for verification.  If success, no action.
> If an actor lies in this scenario he answers
> lies *yes* and didn't, don't give him a means to actually verify. *noop*
> lies *no* but did, then give him the root cert he already has.... *noop*
>
> so I don't have to trust the reply.... I'm willing to give him the right
> root.
>
>>
>> BR,
>>
>> -- Emmanuel Deloget
>
>


More information about the openssl-users mailing list