Re: question -- should SSL server send certs for all CAs?

[Jason Keltz]

Hi Jeffrey,

Thanks for your response.

So, is it a standard that the SSL enabled 'server app send the certificate
chain, or just something that the app 'should' do?

How can I test what certificates the server is actually sending back?  I
know that uw-imapd doesn't send the whole chain, and that Apache does.
Just to give yet another example -- our exim mail server allows TLS for
incoming mail.  The mail server uses the hash files to find the
certificates for the CA, and has a certificate file which contains our own
certificate (signed by an Intermediate CA).  I thought that the exim
server was sending out the Intermediate CA certificate because when I
tried to send a message using a slightly older than new version of Linux
Mozilla that did not know about the Intermediate CA, it worked.  However,
I then got complaints for our PC users using the same version of Mozilla
that they were getting messages that the Intermediate CA was unknown!  I
added the Intermediate CA certificate to the end of the server certificate
that I was sending back to the client, and now the PC users were happy.
Either exim is sending the full chain out and there was a bug in the
Windows version of Mozilla that I was running, or, the Unix version of
Mozilla i was running did not completely check the chain!  Is there a
client program I can run on both the Unix and Windows side to test exactly
what certificates are being sent from the server to the client?

Thanks,

Jason Keltz
[EMAIL PROTECTED]

On Mon, 10 Jan 2005, Jeffrey Altman wrote:

 The server should send all of the certs which make up the chain but
 not the root cert.  If the root certs is sent, the client must ignore
 it for purposes of validation of the chain.

 Microsoft used to distribute Intermediate certs as part of Windows
 and this resulted in the expectation that clients should have the
 intermediate certs installed on their machines.  Intermediate certs
 expire more frequently then root certs.  The administrators of the
 servers have a relationship with the issuers of the intermediate
 certs; the clients do not.  Therefore, the server administrators
 can more easily update the intermediate certs when needed.  Inclusion
 of the intermediate certs on the client requires the administrator
 of the client to remove the old intermediate cert and replace it with
 the new one.  In practice, this will never happen in most cases because
 most clients do not have administrators.

 Jeffrey Altman


 Jason Keltz wrote:

  Hi.
 
  I have a question with respect to SSL protocol.  Is it part of the
  protocol that the SSL server send to the client the public keys for the
  CAs making up the certificate chain? or is it acceptable to send just the
  server public key and expect the client to complete the chain on its own?
 
  I can demonstrate with two examples... assume a multi-level certificate
  chain -- Root CA - Intermediate CA - server
 
  I have two programs -- Apache httpd, and uw-imapd, and both operate
  differently in this respect.  In terms of uw-imapd, the client connecting
  (Thunderbird 0.8) knew about the Root CA and not the intermediate CA.
  Thunderbird 0.8 was unable to verify the chain, so an SSL connection could
  not be made.  However, placing the public key of the Intermediate CA in
  the key file for the server made the problem go away.
 
  In terms of Apache and running say Opera as a web client -- if the web
  client doesn't know about the intermediate CA, the server sends the
  information, and the client trusts the information without a word to the
  user.  If the Root CA certificate is deleted from the client, the server
  sends both the Root CA public key and the intermediate CA public key,
  Opera prompts the user letting them know that it doesn't know about any of
  the 3 components and asking the user if he would like to trust the CAs.
  The fact that the client even knows about the Root CA means that the
  server is sending the whole chain along.
 
  I'm not writing to ask about either of these programs (Apache/uw-imapd)
  because that is obviously discussion for a different list.  What I'm
  wondering about is the protocol in general -- should the server send the
  whole path, or not?  Is there a standard?
 
  Thanks for any information you can provide..
 
  Jason Keltz
  [EMAIL PROTECTED]
  __
  OpenSSL Project http://www.openssl.org
  User Support Mailing Listopenssl-users@openssl.org
  Automated List Manager   [EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: question -- should SSL server send certs for all CAs?

[Dr. Stephen Henson]

On Wed, Jan 12, 2005, Jason Keltz wrote:

 Hi Jeffrey,
 
 Thanks for your response.
 
 So, is it a standard that the SSL enabled 'server app send the certificate
 chain, or just something that the app 'should' do?
 

Its part of the standard. OpenSSL doesn't currently enforce this but it may do
at some point.

 How can I test what certificates the server is actually sending back?

The -showcerts option of s_client will do that.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

Re: question -- should SSL server send certs for all CAs?

[Jeffrey Altman]

The server should send all of the certs which make up the chain but
not the root cert.  If the root certs is sent, the client must ignore
it for purposes of validation of the chain.
Microsoft used to distribute Intermediate certs as part of Windows
and this resulted in the expectation that clients should have the
intermediate certs installed on their machines.  Intermediate certs
expire more frequently then root certs.  The administrators of the
servers have a relationship with the issuers of the intermediate
certs; the clients do not.  Therefore, the server administrators
can more easily update the intermediate certs when needed.  Inclusion
of the intermediate certs on the client requires the administrator
of the client to remove the old intermediate cert and replace it with
the new one.  In practice, this will never happen in most cases because
most clients do not have administrators.
Jeffrey Altman
Jason Keltz wrote:
Hi.
I have a question with respect to SSL protocol.  Is it part of the
protocol that the SSL server send to the client the public keys for the
CAs making up the certificate chain? or is it acceptable to send just the
server public key and expect the client to complete the chain on its own?
I can demonstrate with two examples... assume a multi-level certificate
chain -- Root CA - Intermediate CA - server
I have two programs -- Apache httpd, and uw-imapd, and both operate
differently in this respect.  In terms of uw-imapd, the client connecting
(Thunderbird 0.8) knew about the Root CA and not the intermediate CA.
Thunderbird 0.8 was unable to verify the chain, so an SSL connection could
not be made.  However, placing the public key of the Intermediate CA in
the key file for the server made the problem go away.
In terms of Apache and running say Opera as a web client -- if the web
client doesn't know about the intermediate CA, the server sends the
information, and the client trusts the information without a word to the
user.  If the Root CA certificate is deleted from the client, the server
sends both the Root CA public key and the intermediate CA public key,
Opera prompts the user letting them know that it doesn't know about any of
the 3 components and asking the user if he would like to trust the CAs.
The fact that the client even knows about the Root CA means that the
server is sending the whole chain along.
I'm not writing to ask about either of these programs (Apache/uw-imapd)
because that is obviously discussion for a different list.  What I'm
wondering about is the protocol in general -- should the server send the
whole path, or not?  Is there a standard?
Thanks for any information you can provide..
Jason Keltz
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]


smime.p7s
Description: S/MIME Cryptographic Signature