Re: [openssl-users] Has client validated successfully?
On 2/20/2018 9:34 AM, J Decker wrote: > Client does a verification and passes or fails, and via the SSL layer > I can query if the client validated the certificate. > If it failed, provide a option for the client to get a renewed > certificate for verification. If success, no action. > If an actor lies in this scenario he answers > lies *yes* and didn't, don't give him a means to actually verify. *noop* > lies *no* but did, then give him the root cert he already has *noop* Er... so I have my malicious MITM server serve up a certificate that the client won't accept, and then helpfully provide it with my root certificate so that it won't have any trouble talking to me? There's a reason for the client to verify the server's certificate. If the client can't verify the server's certificate, then there's no reason to believe that it's the right server and can be trusted. Any certificate updates have to be protected by the previous certificate. If you've let the certificate lapse then you need some kind of out-of-band verification. -- Jordan Brown, Oracle Solaris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Has client validated successfully?
No, you cannot query the SSL layer to know if the client validated the certificate. SSL/TLS don't provide any means of querying the remote side. Here's how the workflow works: 1) client doesn't trust certificate, doesn't override distrust: connection closes with fatal unknown_ca or expired_certificate alert. 2) client doesn't trust certificate, does override distrust: connection continues. No way to query if distrust was overridden. 3) client does trust certificate, no need to override: connection continues. No way to query if distrust was overridden. There's no way for the server to know if the client trusts the certificate, or if the client overrode the distrust. There's generally also no way for Javascript on the client to know this, either. However, because this is a list about OpenSSL (and not about any given application of OpenSSL, i.e. the web) it's not the best place to ask about how to do this on the web. Certificate chain updates (to avoid chain expiration) by the server are expected to be done unilaterally, by the server operator. If different certificate chains need to be provided to different clients, the different clients can request different hostnames (via the Server Name Indication extension) so the server can decide which certificate chain to present. As much as it sucks, this is the only server certificate selection mechanism that exists in SSL/TLS. -Kyle H On Tue, Feb 20, 2018 at 9:34 AM, J Deckerwrote: > > > On Tue, Feb 13, 2018 at 9:33 AM, Emmanuel Deloget wrote: >> >> Hello, >> >> On Tue, Feb 13, 2018 at 7:14 AM, Kyle Hamilton wrote: >> >> > The only thing that the server can know is whether the client has >> > terminated the connection with a fatal alert. If the client validates >> > presented cert chains, then its continuation with the connection means >> > that it passed validation. If the client does not, or ignores any >> > given error, then it doesn't mean that it passed validation. >> > >> > In other words, you can only know if the client's applied policy >> > allows the connection to continue. You cannot know if the policy that >> > was applied was specifically related to the certificate chain >> > presented. >> > >> > -Kyle H >> > >> > On Mon, Feb 12, 2018 at 10:06 PM, J Decker wrote: >> > > Is there a way for a server to know if the client verified the cert >> > > chain >> > > successfully or not? >> > >> >> From a security PoV, that doesn't help much. One can build a malicious >> version of openvpn that will tell you "everything's ok" (or "it failed!", >> depending of its goal). The server should not make any decision w.r.t. the >> client state (that's more or less what is implied by Kyle's answer ; I >> just >> wanted to stress it). >> > > Yes that is true however here's the scenario. > Client does a verification and passes or fails, and via the SSL layer I can > query if the client validated the certificate. > If it failed, provide a option for the client to get a renewed certificate > for verification. If success, no action. > If an actor lies in this scenario he answers > lies *yes* and didn't, don't give him a means to actually verify. *noop* > lies *no* but did, then give him the root cert he already has *noop* > > so I don't have to trust the reply I'm willing to give him the right > root. > >> >> BR, >> >> -- Emmanuel Deloget > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Has client validated successfully?
On 02/20/2018 06:34 PM, J Deckerwrote: > Yes that is true however here's the scenario. > Client does a verification and passes or fails, and via the SSL layer I can > query if the client validated the certificate. > If it failed, provide a option for the client to get a renewed certificate > for verification. If success, no action. > If an actor lies in this scenario he answers > lies *yes* and didn't, don't give him a means to actually verify. *noop* > lies *no* but did, then give him the root cert he already has *noop* > > so I don't have to trust the reply I'm willing to give him the right > root. That's nice from the server's POV, but the client REALLY REALLY SHOULD NOT install and/or put trust into any CA certs it received in-band in a connection that failed verification. The best (for you) it can do is to store it and offer it to its user for additional verification and *then* installation - and I'ld venture a guess that you'ld have to write such a client yourself. (And offering the *root* certificate isn't that far from the common practice of a server sending *most* of its CA chain in addition to its own certificate, anyway, so it's debatable whether you even *need* the result of the client's verification as an input to send the root as well.) Kind regards, -- Jochen Bern Systemingenieur Binect GmbH smime.p7s Description: S/MIME Cryptographic Signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Has client validated successfully?
On Tue, Feb 13, 2018 at 9:33 AM, Emmanuel Delogetwrote: > Hello, > > On Tue, Feb 13, 2018 at 7:14 AM, Kyle Hamilton wrote: > > > The only thing that the server can know is whether the client has > > terminated the connection with a fatal alert. If the client validates > > presented cert chains, then its continuation with the connection means > > that it passed validation. If the client does not, or ignores any > > given error, then it doesn't mean that it passed validation. > > > > In other words, you can only know if the client's applied policy > > allows the connection to continue. You cannot know if the policy that > > was applied was specifically related to the certificate chain > > presented. > > > > -Kyle H > > > > On Mon, Feb 12, 2018 at 10:06 PM, J Decker wrote: > > > Is there a way for a server to know if the client verified the cert > chain > > > successfully or not? > > > > From a security PoV, that doesn't help much. One can build a malicious > version of openvpn that will tell you "everything's ok" (or "it failed!", > depending of its goal). The server should not make any decision w.r.t. the > client state (that's more or less what is implied by Kyle's answer ; I just > wanted to stress it). > > Yes that is true however here's the scenario. Client does a verification and passes or fails, and via the SSL layer I can query if the client validated the certificate. If it failed, provide a option for the client to get a renewed certificate for verification. If success, no action. If an actor lies in this scenario he answers lies *yes* and didn't, don't give him a means to actually verify. *noop* lies *no* but did, then give him the root cert he already has *noop* so I don't have to trust the reply I'm willing to give him the right root. > BR, > > -- Emmanuel Deloget > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Has client validated successfully?
The only thing that the server can know is whether the client has terminated the connection with a fatal alert. If the client validates presented cert chains, then its continuation with the connection means that it passed validation. If the client does not, or ignores any given error, then it doesn't mean that it passed validation. In other words, you can only know if the client's applied policy allows the connection to continue. You cannot know if the policy that was applied was specifically related to the certificate chain presented. -Kyle H On Mon, Feb 12, 2018 at 10:06 PM, J Deckerwrote: > Is there a way for a server to know if the client verified the cert chain > successfully or not? > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Has client validated successfully?
Is there a way for a server to know if the client verified the cert chain successfully or not? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users