Re: TLS compatibility problem -- can connect to server with NSS but not OpenSSL.

Wed, 03 Jun 2009 12:02:52 -0700 

On Wed, Jun 03, 2009 at 07:27:00PM +0100, David Woodhouse wrote:

> On Tue, 2009-06-02 at 21:39 -0400, Victor Duchovni wrote:
> > The CAfile is for verification, not for sending alon the trust chain
> > of a given certificate. 
> 
> OpenSSL currently _does_ use the CAfile for sending along the trust
> chain of its client certificate. It's buggy, but it tries :)
> 
> > DO NOT append your CAfile to your certificate, instead include just
> > the leaf cert, then the issuing CAs bottom-up in the right order.
> 
> AFAICT that doesn't make any difference -- OpenSSL doesn't use them from
> there anyway (unless it's a PKCS#12 file, but the client application has
> to handle all that manually anyway).

For most OpenSSL based applications that use a key+cert own (rather
than just verify remote certs), the private key and own cert are loaded
via code along the lines of (this is from Postfix):

    /*
     * We need both the private key (in key_file) and the public key
     * certificate (in cert_file). Both may specify the same file.
     *
     * Code adapted from OpenSSL apps/s_cb.c.
     */
    ERR_clear_error();
    if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) {
        msg_warn("cannot get %s certificate from file %s: "
                 "disabling TLS support", cert_type, cert_file);
        tls_print_errors();
        return (0);
    }
    if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
        msg_warn("cannot get %s private key from file %s: "
                 "disabling TLS support", cert_type, key_file);
        tls_print_errors();
        return (0);
    }
    /*
     * Sanity check.
     */
    if (!SSL_CTX_check_private_key(ctx)) {
        msg_warn("%s private key in %s does not match public key in %s: "
                 "disabling TLS support", cert_type, key_file, cert_file);
        return (0);
    }
    return (1);

with SSL_CTX_use_certificate_chain_file() the entire trust chain is
loaded from the provided file bottom-up order. The first certificate
is the leaf and must match the private key provided.

If you application is using an interface for loading discrete certificates,
it needs to be configured to load the required certificates one at a time,
or via PKCS#12 if that is what it wants to do. The above code-path is
far simpler.

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to