On Fri, Dec 12, 2014 at 11:24:06AM +0100, Jonas Wielicki wrote:
> > Great care must be exercised here, for example, after PKIX
> > validation succeeds, a naive request to OpenSSL for the peer's
> > chain returns the list of wire certificates, not the validated
> > chain.
>
> But I assume that one can obtain the actually validated chain using
> the verify_callback mechanism provided by OpenSSL?
Yes with usage 0/1, with usage 2 the traditional chain building
code cannot be used as-is.
> > * Usage DANE-TA(2) is the most difficult to support, and "toy"
> > implementations neglect to perform chain construction and integrity
> > checks or perform name checks, apply name constraints, depth
> > constraints, handle IDNA conversion of hostnames, ...
>
> I wonder whether adding certificates provided by DANE-TA records
> (assuming we have a Cert+Full record) to the trusted store of the SSL
> implementation (only for that particular connection) and check whether
> these have been used after the fact would be sufficient?.
It is not "sufficient", as these are not necessarily self-signed,
and OpenSSL (before 1.0.2) does not have a way to validate chains
that start with trust-anchor that is not self-signed. Postfix can
also verify chains via a "2 1 0 <public key>" TLSA record, even
when the chain does not include the associated certificate!
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
