Confused about OpenSSL and CA Certs

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Confused about OpenSSL and CA Certs

Dave Meetchum
I am trying to use OpenSSL on iOS and Android in conjunction with libcurl for my applications HTTP interface. From what I understand OpenSSL does not come with a CA cert which is understandable. Also my understanding is that if you need a CA cert on the client to verify the server is who they claim to be. So basically I need to embed a CA cert in my app or pull it over the network on an unsecure connection when the app starts up. Is there another way to get a CA cert on these devices? Am I correct that I definitely need one and need to provide it myself?

After reading the documentation the general suggestion is that a CA cert can be obtained from Mozilla. This seems a bit odd. From what I have read, CAs can be added and removed from the cert, and certs expire. How would you know if you your app using OpenSSL needs to update it's cert? Would you have to pull a cert from Mozilla everyday and diff it against the one you are using? Also if you have an app on a mobile device that needs to update its CA cert, how can it do it safely without worrying about a man in the middle attack giving you a bad cert or someone on the device replacing your copy of the CA cert once it has been downloaded?

I feel like I am missing something here and that using OpenSSL should be easier than I am making it out to be. Any help or insight would definitely be appreciated!

Cheers,
Dave
Reply | Threaded
Open this post in threaded view
|

Re: Confused about OpenSSL and CA Certs

Michael S. Zick-4
On Fri February 17 2012, Dave Meetchum wrote:
> I am trying to use OpenSSL on iOS and Android in conjunction with libcurl
> for my applications HTTP interface. From what I understand OpenSSL does not
> come with a CA cert which is understandable. Also my understanding is that
> if you need a CA cert on the client to verify the server is who they claim
> to be. So basically I need to embed a CA cert in my app or pull it over the
> network on an unsecure connection when the app starts up. Is there another
> way to get a CA cert on these devices? Am I correct that I definitely need
> one and need to provide it myself?
>

I can give some general answers, others here can give you the specifics...

The system is built on the concept of a "Trusted Third Party" -
So the general answer is: Yes, you need that "Trust Anchor" from somewhere.

That "somewhere" needs to be other than the server you are trying to verify.
That would be like asking the Fox if the Chickens are safe.  ;-)

> After reading the documentation the general suggestion is that a CA cert
> can be obtained from Mozilla. This seems a bit odd. From what I have read,
> CAs can be added and removed from the cert, and certs expire. How would you
> know if you your app using OpenSSL needs to update it's cert? Would you
> have to pull a cert from Mozilla everyday and diff it against the one you
> are using? Also if you have an app on a mobile device that needs to update
> its CA cert, how can it do it safely without worrying about a man in the
> middle attack giving you a bad cert or someone on the device replacing your
> copy of the CA cert once it has been downloaded?
>
> I feel like I am missing something here and that using OpenSSL should be
> easier than I am making it out to be. Any help or insight would definitely
> be appreciated!
>

There is a mechanism for handling that, "Certificate Revocation List(s)" "CRL".
Any "Trust Anchor" you get should have a field that tells where to get the
current CRL that trust anchor is using.

How often you pull that list and check for changes in status of your trust anchor
is an implementation choice.

I have noticed that common, recent, web browsers seem to check once a week.
I also know that in some systems, the CRL is pulled and checked __every time__
before a certificate (trust anchor) is used.

PS: There is a system of signatures on all of these items to keep MIM attacks
under control.

Mike
> Cheers,
> Dave
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Confused about OpenSSL and CA Certs

MK-35
In reply to this post by Dave Meetchum
On Fri, 17 Feb 2012 12:12:43 -0700
Dave Meetchum <[hidden email]> wrote:

> I am trying to use OpenSSL on iOS and Android in conjunction with
> libcurl for my applications HTTP interface. From what I understand
> OpenSSL does not come with a CA cert which is understandable. Also my
> understanding is that if you need a CA cert on the client to verify
> the server is who they claim to be.

No.  The client browser checks the certificate you register with
openssl (which is public, but may have a private key); this is done as
part of the preliminary negotiation. You do not need to provide the
client with its own certificate or do anything other than:

1) create or obtain a certificate.
2) pass ssl the .crt file and the private key, eg. via
SSL_CTX_use_certificate_file() and SSL_CTX_use_PrivateKey_file() during
initialization of the server.

After that you don't need to do anything.

You can create your own "self-signed" certificate (these trigger a
warning in the client user agent and the user must accept an
"untrusted" connection), or obtain one, usually for a fee from a
trusted certificate authority.  It does not have to be mozilla.  There
are also people who provide them for free, eg:

http://cert.startcom.org/

MK

--
"Enthusiasm is not the enemy of the intellect." (said of Irving Howe)
"The angel of history[...]is turned toward the past." (Walter Benjamin)

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Confused about OpenSSL and CA Certs

Dave Thompson-5
> From: [hidden email] On Behalf Of MK
> Sent: Saturday, 18 February, 2012 10:59

> On Fri, 17 Feb 2012 12:12:43 -0700
> Dave Meetchum <[hidden email]> wrote:
>
> > I am trying to use OpenSSL on iOS and Android in conjunction with
> > libcurl for my applications HTTP interface. From what I understand
> > OpenSSL does not come with a CA cert which is
> understandable. Also my
> > understanding is that if you need a CA cert on the client to verify
> > the server is who they claim to be.
>
> No.  The client browser checks the certificate you register with
> openssl (which is public, but may have a private key); this is done as
> part of the preliminary negotiation. You do not need to provide the
> client with its own certificate or do anything other than:
>
> 1) create or obtain a certificate.
> 2) pass ssl the .crt file and the private key, eg. via
> SSL_CTX_use_certificate_file() and
> SSL_CTX_use_PrivateKey_file() during
> initialization of the server.
>
> After that you don't need to do anything.
>
This is mostly (not always) correct for a *server*. OP asked about
libcurl, a client. An SSL client usually (not always) needs to
verify the server(s) it connects to, and to do that the client needs
the CA root(s) or selfsigned cert(s) for the server(s) obtained by
means adequately safe from tampering by an attacker. If a client app
will only use a predetermined server or set of servers, which in turn
uses predetermined CA(s) or pregenerated selfsigned, you can bundle
those with the app and be done. Otherwise you need to deal with
choosing, obtaining and possibly updating "good" roots.

> You can create your own "self-signed" certificate (these trigger a
> warning in the client user agent and the user must accept an
> "untrusted" connection), or obtain one, usually for a fee from a
> trusted certificate authority.  It does not have to be mozilla.  There
> are also people who provide them for free, eg:
>
> http://cert.startcom.org/
>
Mozilla is not a CA. Mozilla is a client that is distributed and
installed with a set of roots it initially trusts, decided by the
Mozilla releasers, although the user can later add or delete.
Similarly IE/Windows (by Microsoft) and other browsers, and *some*
packaged builds of OpenSSL by the packager(s). Two similar things
are often suggested for an SSL client app especially one using
public servers, and I suspect one or the other of them was here:

- trust the Mozilla install. Export the CA root(s) you want
from a local installed copy of Mozilla, trusting that Mozilla
was installed (and perhaps updated) securely and thus these
CA certs are untampered, and use it(them).

- trust the Mozilla choices. Take *all* the CA roots from a
(local) copy of Mozilla, trusting the Mozilla people have done
a good job of deciding which CAs deserve trust, plus as above
the Mozilla install/update got them safely on your machine.

If you as an app developer don't have time and/or expertise to
make these choices yourself, piggybacking on the work already
done by Mozilla is a good alternative. In fact the curl
developers more or less recommend it:
http://curl.haxx.se/docs/sslcerts.html
http://curl.haxx.se/docs/caextract.html
although curl, like any decent OpenSSL app, will use
whatever truststore you choose to give it.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]