Re: verify depth behavior change from 1.0.2 to 1.1.0?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: verify depth behavior change from 1.0.2 to 1.1.0?

Viktor Dukhovni

> On Apr 3, 2017, at 4:26 PM, Benjamin Kaduk <[hidden email]> wrote:
>
> There was a fair amount of churn in x509_vfy.c with the inclusion
> of the DANE stuff and whatnot, so it's not immediately clear to me
> when this change actually happened.  I think there are good
> arguments for the current 1.1.0 behavior and it doesn't really make
> sense to try to change back to the historical behavior, but it would
> be good to know when the change actually happened and that it is/was
> a known change.  Ideally we could also document the different
> behavior between 1.0.x and 1.1.0 better; any thoughts about where to
> do so?

https://www.openssl.org/docs/man1.1.0/apps/verify.html

   -verify_depth num

        Limit the certificate chain to num intermediate CA certificates.
        A maximal depth chain can have up to num+2 certificates, since
        neither the end-entity certificate nor the trust-anchor
        certificate count against the -verify_depth limit.

https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_verify_depth.html

        SSL_CTX_set_verify_depth() sets the maximum depth for the
        certificate chain verification that shall be allowed for ctx.
        (See the BUGS section.)
        ...
        BUGS

        The certificate verification depth set with SSL[_CTX]_verify_depth()
        stops the verification at a certain depth. The error message
        produced will be that of an incomplete certificate chain and
        not X509_V_ERR_CERT_CHAIN_TOO_LONG as may be expected.

The 1.0.2 behaviour was under-documented and somewhat broken.  This
was fixed in 1.1.0.


Unfortunately, the SSL_CTX_set_verify_depth(3) was not brought up to date,
contributes welcome:

   https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_verify_depth.html

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [openssl-dev] verify depth behavior change from 1.0.2 to 1.1.0?

OpenSSL - User mailing list
Ben Kaduk:

Do we know the values that are being passed to SSL_CTX_set_Verify_depth() match the -verify_depth argument, or do they differ?
If they differ, do identical arguments to the function behave the same in 1.1.0 and 1.0.2?

Viktor:

What we’re getting at here, is that this appears to be a potentially significant behavioral change. We want to understand it better.
--
-Todd Short
// "One if by land, two if by sea, three if by the Internet."

On Apr 3, 2017, at 4:43 PM, Viktor Dukhovni <[hidden email]> wrote:


On Apr 3, 2017, at 4:26 PM, Benjamin Kaduk <[hidden email]> wrote:

There was a fair amount of churn in x509_vfy.c with the inclusion
of the DANE stuff and whatnot, so it's not immediately clear to me
when this change actually happened.  I think there are good
arguments for the current 1.1.0 behavior and it doesn't really make
sense to try to change back to the historical behavior, but it would
be good to know when the change actually happened and that it is/was
a known change.  Ideally we could also document the different
behavior between 1.0.x and 1.1.0 better; any thoughts about where to
do so?

https://www.openssl.org/docs/man1.1.0/apps/verify.html

  -verify_depth num

Limit the certificate chain to num intermediate CA certificates.
A maximal depth chain can have up to num+2 certificates, since
neither the end-entity certificate nor the trust-anchor
certificate count against the -verify_depth limit.

https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_verify_depth.html

SSL_CTX_set_verify_depth() sets the maximum depth for the
certificate chain verification that shall be allowed for ctx.
(See the BUGS section.)
...
BUGS

The certificate verification depth set with SSL[_CTX]_verify_depth()
stops the verification at a certain depth. The error message
produced will be that of an incomplete certificate chain and
not X509_V_ERR_CERT_CHAIN_TOO_LONG as may be expected.

The 1.0.2 behaviour was under-documented and somewhat broken.  This
was fixed in 1.1.0.


Unfortunately, the SSL_CTX_set_verify_depth(3) was not brought up to date,
contributes welcome:

  https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_verify_depth.html

--
Viktor.

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [openssl-dev] verify depth behavior change from 1.0.2 to 1.1.0?

Viktor Dukhovni

> On Apr 4, 2017, at 10:41 AM, Short, Todd via openssl-users <[hidden email]> wrote:
>
> Ben Kaduk:
>
> Do we know the values that are being passed to SSL_CTX_set_verify_depth()
> match the -verify_depth argument, or do they differ?  If they differ, do
> identical arguments to the function behave the same in 1.1.0 and 1.0.2?

The "-verify_depth" argument to verify(1) just calls SSL_CTX_set_verify_depth(3)
with the given depth value.  In OpenSSL 1.1.0, this sets a limit on the
intermediate CA count and returns sensible errors when the depth limit is
exceeded.

> Viktor:
>
> What we’re getting at here, is that this appears to be a potentially
> significant behavioral change. We want to understand it better.

The code no longer returns misleading errors, and is better documented
in verify(3), but it seems I missed additional requisite documentation
updates in SSL_CTX_set_verify_depth(3).  It would be great if someone
volunteered to complete the documentation update.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [openssl-dev] verify depth behavior change from 1.0.2 to 1.1.0?

OpenSSL - User mailing list
On 04/04/2017 10:39 AM, Viktor Dukhovni wrote:

      
On Apr 4, 2017, at 10:41 AM, Short, Todd via openssl-users [hidden email] wrote:

Ben Kaduk:

Do we know the values that are being passed to SSL_CTX_set_verify_depth()
match the -verify_depth argument, or do they differ?  If they differ, do
identical arguments to the function behave the same in 1.1.0 and 1.0.2?
The "-verify_depth" argument to verify(1) just calls SSL_CTX_set_verify_depth(3)
with the given depth value.  In OpenSSL 1.1.0, this sets a limit on the
intermediate CA count and returns sensible errors when the depth limit is
exceeded.

(Pedantic note: the apps call X509_VERIFY_PARAM_set_depth() directly, and s_client goes on to use SSL_CTX_set1_param().)  But the answer to the actual question asked is the same, the depth argument used for verification is just the one passed on the command line.  Behavior differences stem in the library.


      
Viktor:

What we’re getting at here, is that this appears to be a potentially
significant behavioral change. We want to understand it better.
The code no longer returns misleading errors, and is better documented
in verify(3), but it seems I missed additional requisite documentation
updates in SSL_CTX_set_verify_depth(3).  It would be great if someone
volunteered to complete the documentation update.


I have it on my list of things to look at if there is free time available (which is hardly guaranteed).

-Ben

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...