Questions about the semantics of SSL_CTX_set_cert_verify_callback

Viktor Dukhovni openssl-users at
Fri Jul 7 14:18:34 UTC 2023

On Fri, Jul 07, 2023 at 02:01:09PM +0000, Andrew Lee-Thorp wrote:

> >The question makes no sense, the chain is always unvalidated, it is the
> >callback's job to do the validation.
> Imagine the client connects to
> Imagine the server offers certs to the clients the following certs:
> [x, 1,2,3] where 1,2,3 IS a chain, 3 is trusted and 1 is the
> cert. Self-signed cert x is the cert that was actually used in the
> handshake.

The SSL layer will pass "x" as the EE certificate an [1,2,3] in the
untrusted stack.  The chain will initially be NULL.  No validation
of any kind has been performed on entry to the callback.

> (Imagine also the client does not do hostname verification, humour me
> for a moment).

Any verification the client does or does not do is in the <elided code>,
which you have not described.  So nothing can be said about the result.

> Then will the callback contain 1,2,3 or will it contain just x, or
> even [x,1,2,3] ?

The callback does not "contain" anything.  It gets an X509_STORE_CTX,
in which the EE certificate is x, and the untrusted chain is [1,2,3].

The callback's job is to construct and validate a certificate chain,
setting the store context error status to a value other than X509_V_OK
on error.  It should return 1 on success, 0 on error and "-1" if it
couldn't even decide because of some transient problem.


More information about the openssl-users mailing list