Reconstructing X509_STORE_CTX from SSL object

Viktor Dukhovni openssl-users at
Tue Mar 21 15:32:04 UTC 2023

On Tue, Mar 21, 2023 at 07:07:42PM +0530, Akshath Hegde wrote:

> My intention is to call the certificate verification function callback as a
> normal function inside the OCSP callback (the reason why this is done is
> due to a separate issue with callback ordering)
> The certificate verification function is set through
> SSL_CTX_set_cert_verify_cb(), and the callback is of the form
> int (*cert_verify_cb) (X509_STORE_CTX *, void *)
> So to be able to call this inside the OCSP callback, I'd need to
> reconstruct the X509_STORE_CTX argument. I'm not very familiar with
> openssl internals, so forgive me if this is silly.

There's nothing to "reconstruct" the X509_STORE_CTX in question is an
ephemeral object, that lives just long enough to perform the certificate
chain construction, validation and subject identity checks.

The related persistent objects are the X509_STORE, which is loaded with
the trusted certificates, and X509_VERIFY_PARAM structure which holds
the identity to check, the "purpose" (sslserver vs. sslclient), and
various flags.

The X509_STORE_CTX is then initialised with the EE certificate to
validate, any related untrusted certificates that may help to build the
chain, the X509_STORE to find trusted issuers and the X509_VERIFY_PARAM
to tweak the process.

If you want to verify some certificate chain other than the one that
is verlfied automatically as part of the TLS handshake, you'll need
to assemble your own X509_STORE_CTX.

> 1)Is it conceptually right to do so?

Hard to say.  Ideally OCSP would be handled automatically internally in
OpenSSL, once you configure OpenSSL to do so.  If not, perhaps someone
could be persuaded to contribute better built-in OCSP support.  I am not
a fan of OCSP (lots of ceremony for little gain IMHO), so I'm not

> 2)Is it possible to construct x509_store_ctx from ssl?

Wrong question.  You can construct it from a STORE and verification
parameters and a set of certificates to check.  The SSL handle can
be queried for the store and the verification paramters.

> 3)I could extract the peer cert chain from SSL through
> SSL_get_peer_cert_stack() and create a x509_store_ctx.

Timing is everything. Has the validated chain already been constructed
by the time your callback runs?  Are certificates other than the EE cert
relevant for OCSP? ... Are you looking at the chain as sent by the peer
or as validated by OpenSSL, the two may not be the same.

> But this wouldn't be identical to how it's created originally and
> might lack information. If it's correct to do so and possible, what's
> the right method to create it?

It sounds to me like you're lost in the concepts.  Which will almost
certainly mean that whatever you concoct, even if it appears to work may
not achieve any productive security goals.  Perhaps the best answer is
to not bother OCSP until you've a better grasp of the fundamentals.

> Do you see any alternative to overall approach?  (For the original
> problem, please have a look at thread named "Stapled OCSP
> Response")

What real problem are you actually trying to solve.  How does doing
something with OCSP solve it?


More information about the openssl-users mailing list