Callback functions higher up in the stack than X509_STORE_set_verify_cb?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Callback functions higher up in the stack than X509_STORE_set_verify_cb?

Ander Juaristi
Hi list,

I'm implementing OCSP stapling for wget2 with OpenSSL. And I was
wondering if there's a better way.

The way I'm doing this currently is by letting the handshake complete
normally and check the received OCSP responses (stapled or not) at the
end. Then, if OCSP does not verify, I close the connection.

I.e. something like the following:

do {
     retval = SSL_connect(ssl);
     /* <snip> */
} while (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE);

if (retval <= 0) {
     /* Error - tell the user and exit */
     /* <snip> */
     goto bail;
}

/* Check the OCSP response here */
ocsp_stap_length = SSL_get_tlsext_status_ocsp_resp(ssl, &ocsp_resp);

certs = SSL_get_peer_cert_chain(ssl);

if (!check_ocsp(ssl, certs, ocsp_resp)) {
     /* Error - OCSP cannot be verified */
     goto bail;
}

The specs (RFC 6960 and RFC 6066) are not clear on whether how a
non-conforming OCSP response should be handled: by sending an alert and
aborting the handshake,
or by closing the connection after the handshake has successfully
completed. Please correct me if I'm wrong here.

I'm currently doing the second one out of a purely technical lack of
knowledge on how to do the first one, but I believe the first one would
be cleaner.

Previously, I would register a callback function with
X509_STORE_set_verify_cb() and perform the OCSP checking there. This
worked for traditional OCSP (RFC 6960). However it will not work for
stapled OCSP, because that callback function is called after the
certificates are read, but before the stapled OCSP is read.

I was wondering if a hook point exists that would allow me to do this
just before ChangeCipherSpec is sent by the client,
as, at that point, all the information should already be available.

TL;DR I want to hook at a point just before SSL_connect() returns.
Reply | Threaded
Open this post in threaded view
|

Re: Callback functions higher up in the stack than X509_STORE_set_verify_cb?

Viktor Dukhovni
On Tue, Aug 04, 2020 at 10:25:44AM +0200, Ander Juaristi wrote:

> /* Check the OCSP response here */
> ocsp_stap_length = SSL_get_tlsext_status_ocsp_resp(ssl, &ocsp_resp);
>
> certs = SSL_get_peer_cert_chain(ssl);

Side comment, if you end up sticking with post-handshake validation you
probably want: SSL_get0_verified_chain(3) rather than
SSL_get_peer_cert_chain(3).

A better early hook into SSL cert chain verification is:

    SSL_CTX_set_cert_verify_callback(3)

which you can you use to wrap X509_verify_cert(3) and do some
post-processing after the verified chain is constructed.  But
this likely fires before the OCSP extension from the server
is processed.

> I was wondering if a hook point exists that would allow me to do this
> just before ChangeCipherSpec is sent by the client,
> as, at that point, all the information should already be available.

You're looking for: SSL_CTX_set_tlsext_status_cb(3).

--
    Viktor.