>> Storing some fingerprint of a certificate or public key locally >> in some trusted place (such as a local file system) seems to be >> quite secure (should be the same level as having a CAs root >> certificate in a file), however, I'm not sure if this works with >> OpenSSL which seems to expect to be able to verifiy the whole >> certificate chain up to the root certificate even if intermediate >> certificates are locally avialable. As far as I know / >> understood - please correct me if I'm wrong! > >Remember, he's using his own server and client code. So he can disable >certificate checking in OpenSSL and do his own. There are several ways to do >this, but one that I've used a few times works like this: > >The server can use any key/certificate at all to establish the SSL >connection. It doesn't matter. (Self-signed, issued by CA, persistent, >temporary, makes no difference.) > >Set OpenSSL to accept self-signed certificates and not to check the name. > >After the SSL session is established but before any important data is >exchanged, perform your own verification step that meets your own security >requirements. Make certain that the verification includes data from the SSL >handshake to prevent a MITM from substituting his own SSL session but >passing the second level authentication. >(SSL_get_finished/SSL_get_peer_finished) > >In this second step of verification, you can exchange public keys, >certificates, challenges, responses, and so on. Each side can verify what it >is talking to on the other side by whatever mechanism you want. > >Again, the only serious potential gotcha is a MITM who might replace the >single SSL session with his two (one to each end) and proxy the second step >and then takeover or monitor the data connection. Ensuring that each side's >SSL_get_finished matches the other side's SSL_get_peer_finished should be >sufficient to prevent this. (Include these in the signed objects you >exchange.)
Hello David, I would like to learn more on MITM in this particular scenario. I used to believe that if a server is using a signed certificate, the MITM is not possible (Is it possible with techniques like DNS poisoning?). Looks like I missed something important. Could you point me to the information on this? Thanks, ~ Urjit DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
