General question on SSL

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

General question on SSL

M G-3
Hi list,
 
My goal is to create mutual authentication for small business (each client app is also a server that can share data securely), is there a way to use SSL the "normal" way i.e., to create an X509 store, set verify function, use certificates, etc, ... but not require usrs to sign with a CA certificate?  i.e., Everyone has self-signed certificates with fingerprints that are shared via out-of-band methods.
 
What is the correct way to do this?  Is an X509_store required?  Is my own callback function for verification sufficient (should I use X509_set_verify?)
 
Many thanks for your help!



Find your next car at Yahoo! Canada Autos
Reply | Threaded
Open this post in threaded view
|

Re: General question on SSL

Justin Karneges
On Thursday 27 October 2005 07:25, M G wrote:
> Hi list,
>
> My goal is to create mutual authentication for small business (each client
> app is also a server that can share data securely), is there a way to use
> SSL the "normal" way i.e., to create an X509 store, set verify function,
> use certificates, etc, ... but not require usrs to sign with a CA
> certificate?  i.e., Everyone has self-signed certificates with fingerprints
> that are shared via out-of-band methods.

As far as I know, you can put a self-signed certificate into an X509_STORE as
trusted and then the connection will verify properly.  In fact, all root CA
certs that you usually have in the X509_STORE already are self-signed.  The
only difference between a normal cert and a "CA" cert is that the CA certs
have extra bits in them to indicate they can sign for other certs (but you
don't need this feature, nor is this feature required for a cert to be
allowed inside an X509_STORE and trusted).

Putting your self-signed certs into the X509_STORE would be the safest method
of using SSL, because then everything really would be "normal".  You'd do an
SSL connection as you're supposed to, the cert would verify, and off you go.  
This may also be a more future-proof and compatible method, since not all SSL
libraries will necessarily allow you to ignore invalid certificates (I'm told
this is how J2ME works).

The only trouble I can see you running into is if you don't have all the
client certificates pre-traded.  If each client only has a cache of
fingerprints, then you will have to do some extra voodoo.  Handling this in
OpenSSL would be fairly easy, just compare the fingerprint of the certificate
with your list of allowed fingerprints.

-Justin
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: General question on SSL

M G-3
Thank you Justin!

Just to nail down my understanding of your last
paragraph - you said "just compare the fingerprint of
the certificate with your list of allowed
fingerprints" -  My question is, would this be done in
my verify callback function?  (int
(*verify_callback)(int, X509_STORE_CTX *)) ?

And if yes, do I more or less ignore the value of the
first ("ok") parameter passed in?  (do my own checking
on the expired stuff - or maybe there's some way to
get the reasons for failure if the cert fails?) ...
one of those reasons being acceptable in my case?

Thanks again!


--- Justin Karneges <[hidden email]> wrote:

> On Thursday 27 October 2005 07:25, M G wrote:
> > Hi list,
> >
> > My goal is to create mutual authentication for
> small business (each client
> > app is also a server that can share data
> securely), is there a way to use
> > SSL the "normal" way i.e., to create an X509
> store, set verify function,
> > use certificates, etc, ... but not require usrs to
> sign with a CA
> > certificate?  i.e., Everyone has self-signed
> certificates with fingerprints
> > that are shared via out-of-band methods.
>
> As far as I know, you can put a self-signed
> certificate into an X509_STORE as
> trusted and then the connection will verify
> properly.  In fact, all root CA
> certs that you usually have in the X509_STORE
> already are self-signed.  The
> only difference between a normal cert and a "CA"
> cert is that the CA certs
> have extra bits in them to indicate they can sign
> for other certs (but you
> don't need this feature, nor is this feature
> required for a cert to be
> allowed inside an X509_STORE and trusted).
>
> Putting your self-signed certs into the X509_STORE
> would be the safest method
> of using SSL, because then everything really would
> be "normal".  You'd do an
> SSL connection as you're supposed to, the cert would
> verify, and off you go.  
> This may also be a more future-proof and compatible
> method, since not all SSL
> libraries will necessarily allow you to ignore
> invalid certificates (I'm told
> this is how J2ME works).
>
> The only trouble I can see you running into is if
> you don't have all the
> client certificates pre-traded.  If each client only
> has a cache of
> fingerprints, then you will have to do some extra
> voodoo.  Handling this in
> OpenSSL would be fairly easy, just compare the
> fingerprint of the certificate
> with your list of allowed fingerprints.
>
> -Justin
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                  
> [hidden email]
> Automated List Manager                          
> [hidden email]
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: General question on SSL

Justin Karneges
Hi,

If you just want to compare fingerprints, you can avoid X509_STORE entirely.  
In OpenSSL, a verification failure doesn't mean the connection stops.  This
is how apps are able to show those "do you want to continue?" prompts to the
user after verification problems.

So just use an empty X509_STORE and don't ever call SSL_get_verify_result()
(or some such function, I'm pulling this out of the air) since it will always
be a failure.  Assuming the SSL handshake completes successfully, the
connection will be usable even though the certificate wasn't verified.  It
will be up to you to check the peer X509* however you please before reading
or writing data to the newly formed SSL connection.

-Justin

On Thursday 27 October 2005 15:21, M G wrote:

> Thank you Justin!
>
> Just to nail down my understanding of your last
> paragraph - you said "just compare the fingerprint of
> the certificate with your list of allowed
> fingerprints" -  My question is, would this be done in
> my verify callback function?  (int
> (*verify_callback)(int, X509_STORE_CTX *)) ?
>
> And if yes, do I more or less ignore the value of the
> first ("ok") parameter passed in?  (do my own checking
> on the expired stuff - or maybe there's some way to
> get the reasons for failure if the cert fails?) ...
> one of those reasons being acceptable in my case?
>
> Thanks again!
>
> --- Justin Karneges <[hidden email]> wrote:
> > On Thursday 27 October 2005 07:25, M G wrote:
> > > Hi list,
> > >
> > > My goal is to create mutual authentication for
> >
> > small business (each client
> >
> > > app is also a server that can share data
> >
> > securely), is there a way to use
> >
> > > SSL the "normal" way i.e., to create an X509
> >
> > store, set verify function,
> >
> > > use certificates, etc, ... but not require usrs to
> >
> > sign with a CA
> >
> > > certificate?  i.e., Everyone has self-signed
> >
> > certificates with fingerprints
> >
> > > that are shared via out-of-band methods.
> >
> > As far as I know, you can put a self-signed
> > certificate into an X509_STORE as
> > trusted and then the connection will verify
> > properly.  In fact, all root CA
> > certs that you usually have in the X509_STORE
> > already are self-signed.  The
> > only difference between a normal cert and a "CA"
> > cert is that the CA certs
> > have extra bits in them to indicate they can sign
> > for other certs (but you
> > don't need this feature, nor is this feature
> > required for a cert to be
> > allowed inside an X509_STORE and trusted).
> >
> > Putting your self-signed certs into the X509_STORE
> > would be the safest method
> > of using SSL, because then everything really would
> > be "normal".  You'd do an
> > SSL connection as you're supposed to, the cert would
> > verify, and off you go.
> > This may also be a more future-proof and compatible
> > method, since not all SSL
> > libraries will necessarily allow you to ignore
> > invalid certificates (I'm told
> > this is how J2ME works).
> >
> > The only trouble I can see you running into is if
> > you don't have all the
> > client certificates pre-traded.  If each client only
> > has a cache of
> > fingerprints, then you will have to do some extra
> > voodoo.  Handling this in
> > OpenSSL would be fairly easy, just compare the
> > fingerprint of the certificate
> > with your list of allowed fingerprints.
> >
> > -Justin
>
> ______________________________________________________________________
>
> > OpenSSL Project
> > http://www.openssl.org
> > User Support Mailing List
> > [hidden email]
> > Automated List Manager
> > [hidden email]
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
> !DSPAM:4361565d145611831660039!
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: General question on SSL

M G-3

Hi Justin,

You've been extremely helpful!  Thank you very much!


--- Justin Karneges <[hidden email]> wrote:

> Hi,
>
> If you just want to compare fingerprints, you can
> avoid X509_STORE entirely.  
> In OpenSSL, a verification failure doesn't mean the
> connection stops.  This
> is how apps are able to show those "do you want to
> continue?" prompts to the
> user after verification problems.
>
> So just use an empty X509_STORE and don't ever call
> SSL_get_verify_result()
> (or some such function, I'm pulling this out of the
> air) since it will always
> be a failure.  Assuming the SSL handshake completes
> successfully, the
> connection will be usable even though the
> certificate wasn't verified.  It
> will be up to you to check the peer X509* however
> you please before reading
> or writing data to the newly formed SSL connection.
>
> -Justin
>
> On Thursday 27 October 2005 15:21, M G wrote:
> > Thank you Justin!
> >
> > Just to nail down my understanding of your last
> > paragraph - you said "just compare the fingerprint
> of
> > the certificate with your list of allowed
> > fingerprints" -  My question is, would this be
> done in
> > my verify callback function?  (int
> > (*verify_callback)(int, X509_STORE_CTX *)) ?
> >
> > And if yes, do I more or less ignore the value of
> the
> > first ("ok") parameter passed in?  (do my own
> checking
> > on the expired stuff - or maybe there's some way
> to
> > get the reasons for failure if the cert fails?)
> ...
> > one of those reasons being acceptable in my case?
> >
> > Thanks again!
> >
> > --- Justin Karneges <[hidden email]>
> wrote:
> > > On Thursday 27 October 2005 07:25, M G wrote:
> > > > Hi list,
> > > >
> > > > My goal is to create mutual authentication for
> > >
> > > small business (each client
> > >
> > > > app is also a server that can share data
> > >
> > > securely), is there a way to use
> > >
> > > > SSL the "normal" way i.e., to create an X509
> > >
> > > store, set verify function,
> > >
> > > > use certificates, etc, ... but not require
> usrs to
> > >
> > > sign with a CA
> > >
> > > > certificate?  i.e., Everyone has self-signed
> > >
> > > certificates with fingerprints
> > >
> > > > that are shared via out-of-band methods.
> > >
> > > As far as I know, you can put a self-signed
> > > certificate into an X509_STORE as
> > > trusted and then the connection will verify
> > > properly.  In fact, all root CA
> > > certs that you usually have in the X509_STORE
> > > already are self-signed.  The
> > > only difference between a normal cert and a "CA"
> > > cert is that the CA certs
> > > have extra bits in them to indicate they can
> sign
> > > for other certs (but you
> > > don't need this feature, nor is this feature
> > > required for a cert to be
> > > allowed inside an X509_STORE and trusted).
> > >
> > > Putting your self-signed certs into the
> X509_STORE
> > > would be the safest method
> > > of using SSL, because then everything really
> would
> > > be "normal".  You'd do an
> > > SSL connection as you're supposed to, the cert
> would
> > > verify, and off you go.
> > > This may also be a more future-proof and
> compatible
> > > method, since not all SSL
> > > libraries will necessarily allow you to ignore
> > > invalid certificates (I'm told
> > > this is how J2ME works).
> > >
> > > The only trouble I can see you running into is
> if
> > > you don't have all the
> > > client certificates pre-traded.  If each client
> only
> > > has a cache of
> > > fingerprints, then you will have to do some
> extra
> > > voodoo.  Handling this in
> > > OpenSSL would be fairly easy, just compare the
> > > fingerprint of the certificate
> > > with your list of allowed fingerprints.
> > >
> > > -Justin
> >
> >
>
______________________________________________________________________

> >
> > > OpenSSL Project
> > > http://www.openssl.org
> > > User Support Mailing List
> > > [hidden email]
> > > Automated List Manager
> > > [hidden email]
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> >
>
______________________________________________________________________
> > OpenSSL Project                                
> http://www.openssl.org
> > User Support Mailing List                  
> [hidden email]
> > Automated List Manager                          
> [hidden email]
> >
> > !DSPAM:4361565d145611831660039!
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                  
> [hidden email]
> Automated List Manager                          
> [hidden email]
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]