RE: RE : SSL_CTX_set_client_CA_list functions
Hi Fred, Thanks for the response. I have read the manual page ;-) However I don't understand the full implications of using or not using this function in a server. If I use it what does the client do with it? Does the client still need a copy of the root certificate or is this provided automatically by the server? The O'Reilly Book makes no mention of this function that I can find. Do I need to program the client side any differently? Does SSL_load_client_CA_file() load the relevent information from the root certificate or do I have to do something else to get this info? Thanks & Regards, Mark > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Frédéric Donnat fdonnat-at-netsecureone.com |Openssl/1.0-Allow| > Sent: 05 December 2005 23:16 > To: Mark Williams > Subject: RE : SSL_CTX_set_client_CA_list functions > > Hi, > > In SSL protocol the server is supposed to send the client a > list of CA (taht the server trust) for client authentication. > The SSL_CTX_set_client_CA_list() is here to setup this list > of CA "name". If none are provided the certificate location > should be used to do so. > > Have a look at the online documentation. > http://www.openssl.org/docs/ssl/SSL_CTX_set_client_CA_list.html# > > hope it could help > Fred > > Message d'origine > De: Mark [mailto:[EMAIL PROTECTED] > Date: ven. 12/2/2005 2:22 > À:openssl-users@openssl.org > Cc: > Objet:SSL_CTX_set_client_CA_list functions > Hi All, > > Can somebody please explain whether one of the CA_list functions > is necessary in a server that needs to authenticate a client? > > I am using the SSL_CTX_load_verify_locations() to point to the > certificates directory containing the root certificate and all > client certificates. Is that sufficient? > > Best Regards, > Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: RE : SSL_CTX_set_client_CA_list functions
Mark wrote: Hi Fred, Hello Mark, I have read the manual page ;-) However I don't understand the full implications of using or not using this function in a server. If I use it what does the client do with it? Does the client still need a copy of the root certificate or is this provided automatically by the server? The O'Reilly Book makes no mention of this function that I can find. ??? Root cert for what ? For his own cert ? To verify that he is himself ? The root cert is needed by that side of the communication that wants to verify the certificate presented by the other side. * If the client wants to verify that he really is talking to the server he wants to talk to, he needs the root cert of the cert chain that signed the server cert. * If the server wants to verify the client certificate, he needs the root certificate of the chain that signed the client certificate (if he also needs the intermediate certificates or if the client sends them, I don't know) And since the server initiates the verify he sends a list of names of CA certificates he accepts for verify. Since both sides use the root certificate as ultimate foundation of trust, both sides need the root certificates they trust locally. (And should discard all root certificates the peer sent) Do I need to program the client side any differently? If you want to be able to use more than one client certificate (depending on what the server wants), you have to set an client_cert_callback. In it you fetch the list of accepted CA certificates the server sent with SSL_get_client_CA_list(), determine which cert (and key) you want to use, set it with the appropriate functions and return the callback. Does SSL_load_client_CA_file() load the relevent information from the root certificate or do I have to do something else to get this info? On client side or server side ? It is not for use on client side. You can use it on server side to load the list of CA names the server accepts (if he points his verify data to this file) Bye Goetz -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frédéric Donnat fdonnat-at-netsecureone.com |Openssl/1.0-Allow| Sent: 05 December 2005 23:16 To: Mark Williams Subject: RE : SSL_CTX_set_client_CA_list functions In SSL protocol the server is supposed to send the client a list of CA (taht the server trust) for client authentication. The SSL_CTX_set_client_CA_list() is here to setup this list of CA "name". If none are provided the certificate location should be used to do so. Have a look at the online documentation. http://www.openssl.org/docs/ssl/SSL_CTX_set_client_CA_list.html# Message d'origine De: Mark [mailto:[EMAIL PROTECTED] Can somebody please explain whether one of the CA_list functions is necessary in a server that needs to authenticate a client? I am using the SSL_CTX_load_verify_locations() to point to the certificates directory containing the root certificate and all client certificates. Is that sufficient? -- DMCA: The greed of the few outweighs the freedom of the many smime.p7s Description: S/MIME Cryptographic Signature
RE: RE : SSL_CTX_set_client_CA_list functions
Hi Goetz, Thanks again for replying to my questions ;-) > > I have read the manual page ;-) However I don't understand the full > > implications of using or not using this function in a server. If I > > use it what does the client do with it? Does the client still need > > a copy of the root certificate or is this provided automatically by > > the server? The O'Reilly Book makes no mention of this function > > that I can find. > > ??? > Root cert for what ? > For his own cert ? > To verify that he is himself ? Our application is a client/server application for which we (i.e. the server) need to authenticate the client (users) and hence we are the only CA allowed. This is not a public application so the server and all the client certs are signed by us. Client authorisation is very important for us. We (well me) will be developing all the server software and a API for the client applications. I have already written a prototype with much help from this list, but I need to understand how to make the communications properly secure. > The root cert is needed by that side of the communication that wants > to verify the certificate presented by the other side. > > * If the client wants to verify that he really is talking to >the server he wants to talk to, >he needs the root cert of the cert chain that signed the server >cert. > * If the server wants to verify the client certificate, >he needs the root certificate of the chain that signed the >client certificate (if he also needs the intermediate >certificates or if the client sends them, I don't know) >And since the server initiates the verify he sends a list >of names of CA certificates he accepts for verify. I guess what I really want to know what would happen if I don't use the SSL_CTX_set_client_CA_list() function. The manual page seems to suggest there is a default value but I don't know what it is. > Since both sides use the root certificate as ultimate foundation > of trust, both sides need the root certificates they trust locally. > (And should discard all root certificates the peer sent) > > > > Do I need to program the client side any differently? > > If you want to be able to use more than one client certificate > (depending on what the server wants), > you have to set an client_cert_callback. > In it you fetch the list of accepted CA certificates > the server sent with SSL_get_client_CA_list(), > determine which cert (and key) you want to use, > set it with the appropriate functions and return the callback. Each client will only have one certificate. Do I need to use a client cert callback in this case? I am very confused about which callbacks are necessary and what exactly has to be done in them. > > Does SSL_load_client_CA_file() load the relevent > information from the > > root certificate or do I have to do something else to get this info? > > On client side or server side ? > It is not for use on client side. > You can use it on server side to load > the list of CA names the server accepts > (if he points his verify data to this file) On the server side. I guess this all boils down to what default CA list OpenSSL uses? Thanks again, Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: RE : SSL_CTX_set_client_CA_list functions
Mark wrote: Our application is a client/server application for which we (i.e. the server) need to authenticate the client (users) and hence we are the only CA allowed. This is not a public application so the server and all the client certs are signed by us. Client authorisation is very important for us. We (well me) will be developing all the server software and a API for the client applications. I have already written a prototype with much help from this list, but I need to understand how to make the communications properly secure. Let me guess: root CA -- signs --> client cert \- signs --> server cert To do verify on both sides you need: * client: client key, client cert, root cert (to verify server cert) * server: server key, server cert, root cert (to verify client cert) * On server: * tell SSL which cert and key you use: SSL_CTX_use_PrivateKey_file() SSL_CTX_use_certificate_file() * if your server cert is signed by the root, you can turn off sending of the root to the cert by SSL_CTX_set_mode(ctx,SL_MODE_NO_AUTO_CHAIN) * add the CA cert to the servers verify data X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx),root) * activate verify SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE,cb) (AFAIR cb could be NULL and OpenSSL used default build in) * Tell SSL which cert names it should send to client (and which CA certs are accepted for client auth) SSL_CTX_add_client_CA(xtx,root) * On Client: * tell SSL which cert and key you use: SSL_CTX_use_PrivateKey_file() SSL_CTX_use_certificate_file() * add the CA cert to the servers verify data X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx),root) * activate verify SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE,cb) (AFAIR cb could be NULL and OpenSSL used default build in) I guess what I really want to know what would happen if I don't use the SSL_CTX_set_client_CA_list() function. The manual page seems to suggest there is a default value but I don't know what it is. AFAIR there will no list of client CA names sent to the client. Each client will only have one certificate. Do I need to use a client cert callback in this case? No. Does SSL_load_client_CA_file() load the relevent information from the root certificate or do I have to do something else to get this info? You can use it on server side to load the list of CA names the server accepts (if he points his verify data to this file) I guess this all boils down to what default CA list OpenSSL uses? This boils down to the list of client CAs the server will accept from the client... There are two things you must set on the server: what CA certificates to use in verify and what CA certificates to tell the client the server accepts. Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many smime.p7s Description: S/MIME Cryptographic Signature
RE: RE : SSL_CTX_set_client_CA_list functions
Hi Goetz, Thanks again for the helpful reply. > Let me guess: > > root CA -- signs --> client cert > \- signs --> server cert That's it. > To do verify on both sides you need: > * client: client key, client cert, root cert (to verify server cert) > * server: server key, server cert, root cert (to verify client cert) I do things pretty much as you described except for the following: > * On server: >* if your server cert is signed by the root, > you can turn off sending of the root to the cert by > SSL_CTX_set_mode(ctx,SL_MODE_NO_AUTO_CHAIN) I can't find this option (or similar) in the docs or header files. Was this added in 0.9.7 or later? On server and client: >* add the CA cert to the servers verify data > X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx),root) I use SSL_CTX_load_verify_locations(ctx, root, path). Does this do the same thing? Cheers, Mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: RE : SSL_CTX_set_client_CA_list functions
Mark wrote: I do things pretty much as you described except for the following: * On server: * if your server cert is signed by the root, you can turn off sending of the root to the cert by SSL_CTX_set_mode(ctx,SL_MODE_NO_AUTO_CHAIN) I can't find this option (or similar) in the docs or header files. Was this added in 0.9.7 or later? (Naturally SSL_MODE_NO_AUTO_CHAIN) This flag was added 2003-Feb-12 to 0.9.7 and HEAD (I remember we had a problem with a changed root cert causing verify of server certs to fail if the server sent the root cert) I got you right ? You are still using 0.9.6 ? I strongly recommend that you update OpenSSL to a newer version. 3 year old software is almost like back to stone age... On server and client: * add the CA cert to the servers verify data X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx),root) I use SSL_CTX_load_verify_locations(ctx, root, path). Does this do the same thing? Yes. Only with X509_STORE_add_cert() you load a cert, set it for verify and add it to the SSL verify data. So you don't have to load it twice. (And you are sure which cert you set and that you really set only one cert...) Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many smime.p7s Description: S/MIME Cryptographic Signature
RE: RE : SSL_CTX_set_client_CA_list functions
Hi Goetz, > >> * On server: > >>* if your server cert is signed by the root, > >> you can turn off sending of the root to the cert by > >> SSL_CTX_set_mode(ctx,SL_MODE_NO_AUTO_CHAIN) > > > > I can't find this option (or similar) in the docs or header > files. Was this added in 0.9.7 or later? > > (Naturally SSL_MODE_NO_AUTO_CHAIN) I guessed that :-) > This flag was added 2003-Feb-12 to 0.9.7 and HEAD > I got you right ? > You are still using 0.9.6 ? > I strongly recommend that you update OpenSSL to a newer version. > 3 year old software is almost like back to stone age... Indeed I have already recommended this too. However we will be using OpenSSL on OpenVMS 7.3-1 and HP's implementation for that platform is based on 0.9.6. > > On server and client: > > > >>* add the CA cert to the servers verify data > >> X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx),root) > > > > I use SSL_CTX_load_verify_locations(ctx, root, path). Does > this do the same thing? > > Yes. > Only with X509_STORE_add_cert() you load a cert, set it for verify > and add it to the SSL verify data. So you don't have to load it twice. > (And you are sure which cert you set and that you really set > only one cert...) I'm not sure I understand. Why would I have to load it twice if I don't use X509_STORE_add_cert() ? Cheers, Mark. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: RE : SSL_CTX_set_client_CA_list functions
Mark wrote: Hello Mark, You are still using 0.9.6 ? I strongly recommend that you update OpenSSL to a newer version. 3 year old software is almost like back to stone age... Indeed I have already recommended this too. However we will be using OpenSSL on OpenVMS 7.3-1 and HP's implementation for that platform is based on 0.9.6. Since 0.9.6 isn't maintained anymore, an upgrade becomes more urgent as the time goes by (and bugs are found). I use SSL_CTX_load_verify_locations(ctx, root, path). Does this do the same thing? Only with X509_STORE_add_cert() you load a cert, set it for verify and add it to the SSL verify data. So you don't have to load it twice. (And you are sure which cert you set and that you really set only one cert...) I'm not sure I understand. Why would I have to load it twice if I don't use X509_STORE_add_cert() ? Both SSL_CTX_get_cert_store() and and SSL_load_client_CA_file() access the certificate on the file system. With X509_STORE_add_cert() you are loading the cert before you set it in the SSL_CTX (or have it embedded in your program, so you never load id from a file...) Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many smime.p7s Description: S/MIME Cryptographic Signature
