server authentication

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

server authentication

bschooly
Hello,

I have a legacy app that I converted to use ssl encryption. I have
everything working, except server authentication.

I'm trying to test the host name in the server's cert post
handshake. Using:

void check_cert(SSL *ssl, char *host)
{
    X509 *peer;
    char peer_CN[256];

    if(SSL_get_verify_result(ssl)!=X509_V_OK)
       berr_exit("Certificate doesn't verify");

    /*Check the cert chain. The chain length
      is automatically checked by OpenSSL when
      we set the verify depth in the ctx */

    /*Check the common name*/
    peer=SSL_get_peer_certificate(ssl);

   if(peer) {
      X509_NAME_get_text_by_NID
        (X509_get_subject_name(peer),
        NID_commonName, peer_CN, 256);

      if(strcasecmp(peer_CN,host))
        err_exit("Common name doesn't match host name");
     }
}

This routine is being called after the handshake. What happens is
SSL_get_peer_certificate returns null.

I tried adding a call to SSL_CTX_set_verify() thinking this would
make the server's cert available, but all this did was generate the
following error on the server:

SSL accept error
23956:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca:s3_pkt.c:1053:SSL alert number 48

The server's certificate was self signed. What am I
missing?

Bill
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: server authentication

Patrick Patterson-5
Hi Bill:

On August 6, 2009 10:38:24 am Bill Schoolfield wrote:

> Hello,
>
> I have a legacy app that I converted to use ssl encryption. I have
> everything working, except server authentication.
>
> I'm trying to test the host name in the server's cert post
> handshake. Using:
>
> void check_cert(SSL *ssl, char *host)
> {
>     X509 *peer;
>     char peer_CN[256];
>
>     if(SSL_get_verify_result(ssl)!=X509_V_OK)
>        berr_exit("Certificate doesn't verify");
>
>     /*Check the cert chain. The chain length
>       is automatically checked by OpenSSL when
>       we set the verify depth in the ctx */
>
>     /*Check the common name*/
>     peer=SSL_get_peer_certificate(ssl);
>
>    if(peer) {
>       X509_NAME_get_text_by_NID
>         (X509_get_subject_name(peer),
>         NID_commonName, peer_CN, 256);
>
>       if(strcasecmp(peer_CN,host))
>         err_exit("Common name doesn't match host name");
>      }
> }
>
> This routine is being called after the handshake. What happens is
> SSL_get_peer_certificate returns null.
>

Is your SSL_CTX_set_verify setup as follows?

SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, cb);

(have CB == NULL) if you don't want to have your own custom callback to handle
the verification.

If not, then you're not actually having the SSL/TLS session say to request the
peer's certificate (the SSL_VERIFY_CLIENT_ONCE is optional).

Have fun.

--
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: server authentication

Peter Sylvester-3
In reply to this post by bschooly
Hi;

- verifying a self signed cert is strange. How would you trust it.
  the standard way is to have your own CA, and then issuev a cert
  for your server, and then use the CA cert as trust anchor in your
  client.

Anyway your code for is false for at
least  three reasons:

- The get by nid return the highest common name, not the
  lowest (you can have more in theory).

- You don't treat the character type.

- You don't check whether the common name contains
  for example   hostname\0some.other.domain  (\0 is
  a binary 0.

It is incomplete because you don't check the subjectaltnames
and wild cards.

Bill Schoolfield wrote:

> Hello,
>
> I have a legacy app that I converted to use ssl encryption. I have
> everything working, except server authentication.
>
> I'm trying to test the host name in the server's cert post
> handshake. Using:
>
> void check_cert(SSL *ssl, char *host)
> {
>     X509 *peer;
>     char peer_CN[256];
>
>     if(SSL_get_verify_result(ssl)!=X509_V_OK)
>        berr_exit("Certificate doesn't verify");
>
>     /*Check the cert chain. The chain length
>       is automatically checked by OpenSSL when
>       we set the verify depth in the ctx */
>
>     /*Check the common name*/
>     peer=SSL_get_peer_certificate(ssl);
>
>    if(peer) {
>       X509_NAME_get_text_by_NID
>         (X509_get_subject_name(peer),
>         NID_commonName, peer_CN, 256);
>
>       if(strcasecmp(peer_CN,host))
>         err_exit("Common name doesn't match host name");
>      }
> }
>
> This routine is being called after the handshake. What happens is
> SSL_get_peer_certificate returns null.
>
> I tried adding a call to SSL_CTX_set_verify() thinking this would
> make the server's cert available, but all this did was generate the
> following error on the server:
>
> SSL accept error
> 23956:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca:s3_pkt.c:1053:SSL alert number 48
>
> The server's certificate was self signed. What am I
> missing?
>
> Bill
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [hidden email]
> Automated List Manager                           [hidden email]
>  

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: server authentication

Goetz Babin-Ebell
In reply to this post by bschooly
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bill Schoolfield wrote:
| Hello,
Hello Bill,

| I have a legacy app that I converted to use ssl encryption. I have
| everything working, except server authentication.
|
| I'm trying to test the host name in the server's cert post
| handshake. Using:

[...]

| I tried adding a call to SSL_CTX_set_verify() thinking this would
| make the server's cert available, but all this did was generate the
| following error on the server:
|
| SSL accept error
| 23956:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
| unknown ca:s3_pkt.c:1053:SSL alert number 48
|
| The server's certificate was self signed. What am I
| missing?

Several things.
The first is:
        This is a question concerning the usage of OpenSSL.
        Such questions are to be posted in openssl-users.
        openssl-dev is for discussing the development of
        the OpenSSL library itself.

To give a start for all the other things you and the servers
administrator did do wrong please answer the following question:
        How does the client know that the certificate the server
        presents belongs to the server you want to connect ?
        A hint: checking the commonName field to contain the
        name of the host you want to connect is not sufficient,
        since everybody could generate a cert with this name in
        the commonName field.


Bye

Goetz

- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFKewh82iGqZUF3qPYRAg6fAJ4/kSeDytN1ggrNkcxzMwexJZfo2ACffqi0
zs4gWreLbVmxjRZhvBEjHDo=
=e9Ec
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: server authentication

bschooly
In reply to this post by Patrick Patterson-5
I'm calling:

SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, cb);

but SSL_get_peer_certificate() still returns NULL. Supposedly this
happens only because an anonymous cipher was used. But I have
restricted the ciphers ala:

#define CIPHER_LIST "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"

Maybe self signed certs are never made available as their contents
can't be relied on.

Bill


Patrick Patterson wrote:

> Hi Bill:
>
> On August 6, 2009 10:38:24 am Bill Schoolfield wrote:
>> Hello,
>>
>> I have a legacy app that I converted to use ssl encryption. I have
>> everything working, except server authentication.
>>
>> I'm trying to test the host name in the server's cert post
>> handshake. Using:
>>
>> void check_cert(SSL *ssl, char *host)
>> {
>>     X509 *peer;
>>     char peer_CN[256];
>>
>>     if(SSL_get_verify_result(ssl)!=X509_V_OK)
>>        berr_exit("Certificate doesn't verify");
>>
>>     /*Check the cert chain. The chain length
>>       is automatically checked by OpenSSL when
>>       we set the verify depth in the ctx */
>>
>>     /*Check the common name*/
>>     peer=SSL_get_peer_certificate(ssl);
>>
>>    if(peer) {
>>       X509_NAME_get_text_by_NID
>>         (X509_get_subject_name(peer),
>>         NID_commonName, peer_CN, 256);
>>
>>       if(strcasecmp(peer_CN,host))
>>         err_exit("Common name doesn't match host name");
>>      }
>> }
>>
>> This routine is being called after the handshake. What happens is
>> SSL_get_peer_certificate returns null.
>>
>
> Is your SSL_CTX_set_verify setup as follows?
>
> SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, cb);
>
> (have CB == NULL) if you don't want to have your own custom callback to handle
> the verification.
>
> If not, then you're not actually having the SSL/TLS session say to request the
> peer's certificate (the SSL_VERIFY_CLIENT_ONCE is optional).
>
> Have fun.
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]