429 lines
16 KiB
Groff
429 lines
16 KiB
Groff
.\" $NetBSD: SSL_CTX_set_verify.3,v 1.1 2001/04/12 10:45:41 itojun Exp $
|
|
.\"
|
|
.\" Automatically generated by Pod::Man version 1.02
|
|
.\" Thu Apr 12 19:27:23 2001
|
|
.\"
|
|
.\" Standard preamble:
|
|
.\" ======================================================================
|
|
.de Sh \" Subsection heading
|
|
.br
|
|
.if t .Sp
|
|
.ne 5
|
|
.PP
|
|
\fB\\$1\fR
|
|
.PP
|
|
..
|
|
.de Sp \" Vertical space (when we can't use .PP)
|
|
.if t .sp .5v
|
|
.if n .sp
|
|
..
|
|
.de Ip \" List item
|
|
.br
|
|
.ie \\n(.$>=3 .ne \\$3
|
|
.el .ne 3
|
|
.IP "\\$1" \\$2
|
|
..
|
|
.de Vb \" Begin verbatim text
|
|
.ft CW
|
|
.nf
|
|
.ne \\$1
|
|
..
|
|
.de Ve \" End verbatim text
|
|
.ft R
|
|
|
|
.fi
|
|
..
|
|
.\" Set up some character translations and predefined strings. \*(-- will
|
|
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
|
|
.\" double quote, and \*(R" will give a right double quote. | will give a
|
|
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
|
|
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
|
|
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
|
|
.tr \(*W-|\(bv\*(Tr
|
|
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
|
|
.ie n \{\
|
|
. ds -- \(*W-
|
|
. ds PI pi
|
|
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
|
|
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
|
|
. ds L" ""
|
|
. ds R" ""
|
|
. ds C` `
|
|
. ds C' '
|
|
'br\}
|
|
.el\{\
|
|
. ds -- \|\(em\|
|
|
. ds PI \(*p
|
|
. ds L" ``
|
|
. ds R" ''
|
|
'br\}
|
|
.\"
|
|
.\" If the F register is turned on, we'll generate index entries on stderr
|
|
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
|
|
.\" index entries marked with X<> in POD. Of course, you'll have to process
|
|
.\" the output yourself in some meaningful fashion.
|
|
.if \nF \{\
|
|
. de IX
|
|
. tm Index:\\$1\t\\n%\t"\\$2"
|
|
. .
|
|
. nr % 0
|
|
. rr F
|
|
.\}
|
|
.\"
|
|
.\" For nroff, turn off justification. Always turn off hyphenation; it
|
|
.\" makes way too many mistakes in technical documents.
|
|
.hy 0
|
|
.if n .na
|
|
.\"
|
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
|
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
|
.bd B 3
|
|
. \" fudge factors for nroff and troff
|
|
.if n \{\
|
|
. ds #H 0
|
|
. ds #V .8m
|
|
. ds #F .3m
|
|
. ds #[ \f1
|
|
. ds #] \fP
|
|
.\}
|
|
.if t \{\
|
|
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
|
|
. ds #V .6m
|
|
. ds #F 0
|
|
. ds #[ \&
|
|
. ds #] \&
|
|
.\}
|
|
. \" simple accents for nroff and troff
|
|
.if n \{\
|
|
. ds ' \&
|
|
. ds ` \&
|
|
. ds ^ \&
|
|
. ds , \&
|
|
. ds ~ ~
|
|
. ds /
|
|
.\}
|
|
.if t \{\
|
|
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
|
|
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
|
|
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
|
|
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
|
|
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
|
|
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
|
|
.\}
|
|
. \" troff and (daisy-wheel) nroff accents
|
|
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
|
|
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
|
|
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
|
|
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
|
|
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
|
|
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
|
|
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
|
|
.ds ae a\h'-(\w'a'u*4/10)'e
|
|
.ds Ae A\h'-(\w'A'u*4/10)'E
|
|
. \" corrections for vroff
|
|
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
|
|
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
|
|
. \" for low resolution devices (crt and lpr)
|
|
.if \n(.H>23 .if \n(.V>19 \
|
|
\{\
|
|
. ds : e
|
|
. ds 8 ss
|
|
. ds o a
|
|
. ds d- d\h'-1'\(ga
|
|
. ds D- D\h'-1'\(hy
|
|
. ds th \o'bp'
|
|
. ds Th \o'LP'
|
|
. ds ae ae
|
|
. ds Ae AE
|
|
.\}
|
|
.rm #[ #] #H #V #F C
|
|
.\" ======================================================================
|
|
.\"
|
|
.IX Title "SSL_CTX_set_verify 3"
|
|
.TH SSL_CTX_set_verify 3 "0.9.6a" "2001-04-12" "OpenSSL"
|
|
.UC
|
|
.SH "NAME"
|
|
SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters
|
|
.SH "LIBRARY"
|
|
libcrypto, -lcrypto
|
|
.SH "SYNOPSIS"
|
|
.IX Header "SYNOPSIS"
|
|
.Vb 1
|
|
\& #include <openssl/ssl.h>
|
|
.Ve
|
|
.Vb 6
|
|
\& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
|
|
\& int (*verify_callback)(int, X509_STORE_CTX *));
|
|
\& void SSL_set_verify(SSL *s, int mode,
|
|
\& int (*verify_callback)(int, X509_STORE_CTX *));
|
|
\& void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
|
|
\& void SSL_set_verify_depth(SSL *s, int depth);
|
|
.Ve
|
|
.Vb 1
|
|
\& int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);
|
|
.Ve
|
|
.SH "DESCRIPTION"
|
|
.IX Header "DESCRIPTION"
|
|
\&\fISSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and
|
|
specifies the \fBverify_callback\fR function to be used. If no callback function
|
|
shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR.
|
|
.PP
|
|
\&\fISSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and
|
|
specifies the \fBverify_callback\fR function to be used. If no callback function
|
|
shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In
|
|
this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If
|
|
no special \fBcallback\fR was set before, the default callback for the underlying
|
|
\&\fBctx\fR is used, that was valid at the the time \fBssl\fR was created with
|
|
SSL_new(3).
|
|
.PP
|
|
\&\fISSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain
|
|
verification that shall be allowed for \fBctx\fR. (See the \s-1BUGS\s0 section.)
|
|
.PP
|
|
\&\fISSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain
|
|
verification that shall be allowed for \fBssl\fR. (See the \s-1BUGS\s0 section.)
|
|
.SH "NOTES"
|
|
.IX Header "NOTES"
|
|
The verification of certificates can be controlled by a set of logically
|
|
or'ed \fBmode\fR flags:
|
|
.Ip "\s-1SSL_VERIFY_NONE\s0" 4
|
|
.IX Item "SSL_VERIFY_NONE"
|
|
\&\fBServer mode:\fR the server will not send a client certificate request to the
|
|
client, so the client will not send a certificate.
|
|
.Sp
|
|
\&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the
|
|
server will send a certificate which will be checked. The result of the
|
|
certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake
|
|
using the SSL_get_verify_result(3) function.
|
|
The handshake will be continued regardless of the verification result.
|
|
.Ip "\s-1SSL_VERIFY_PEER\s0" 4
|
|
.IX Item "SSL_VERIFY_PEER"
|
|
\&\fBServer mode:\fR the server sends a client certificate request to the client.
|
|
The certificate returned (if any) is checked. If the verification process
|
|
fails as indicated by \fBverify_callback\fR, the \s-1TLS/SSL\s0 handshake is
|
|
immediately terminated with an alert message containing the reason for
|
|
the verification failure.
|
|
The behaviour can be controlled by the additional
|
|
\&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0 and \s-1SSL_VERIFY_CLIENT_ONCE\s0 flags.
|
|
.Sp
|
|
\&\fBClient mode:\fR the server certificate is verified. If the verification process
|
|
fails as indicated by \fBverify_callback\fR, the \s-1TLS/SSL\s0 handshake is
|
|
immediately terminated with an alert message containing the reason for
|
|
the verification failure. If no server certificate is sent, because an
|
|
anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored.
|
|
.Ip "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4
|
|
.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"
|
|
\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0
|
|
handshake is immediately terminated with a \*(L"handshake failure\*(R" alert.
|
|
This flag must be used together with \s-1SSL_VERIFY_PEER\s0.
|
|
.Sp
|
|
\&\fBClient mode:\fR ignored
|
|
.Ip "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4
|
|
.IX Item "SSL_VERIFY_CLIENT_ONCE"
|
|
\&\fBServer mode:\fR only request a client certificate on the initial \s-1TLS/SSL\s0
|
|
handshake. Do not ask for a client certificate again in case of a
|
|
renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER\s0.
|
|
.Sp
|
|
\&\fBClient mode:\fR ignored
|
|
.PP
|
|
Exactly one of the \fBmode\fR flags \s-1SSL_VERIFY_NONE\s0 and \s-1SSL_VERIFY_PEER\s0 must be
|
|
set at any time.
|
|
.PP
|
|
\&\fISSL_CTX_set_verify_depth()\fR and \fISSL_set_verify_depth()\fR set the limit up
|
|
to which depth certificates in a chain are used during the verification
|
|
procedure. If the certificate chain is longer than allowed, the certificates
|
|
above the limit are ignored. Error messages are generated as if these
|
|
certificates would not be present, most likely a
|
|
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued.
|
|
The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R",
|
|
\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum
|
|
depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9,
|
|
allowing for the peer certificate and additional 9 \s-1CA\s0 certificates.
|
|
.PP
|
|
The \fBverify_callback\fR function is used to control the behaviour when the
|
|
\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and
|
|
receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of
|
|
the certificate in question was passed (preverify_ok=1) or not
|
|
(preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used
|
|
for the certificate chain verification.
|
|
.PP
|
|
The certificate chain is checked starting with the deepest nesting level
|
|
(the root \s-1CA\s0 certificate) and worked upward to the peer's certificate.
|
|
At each level signatures and issuer attributes are checked. Whenever
|
|
a verification error is found, the error number is stored in \fBx509_ctx\fR
|
|
and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying
|
|
X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate
|
|
in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is
|
|
found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1
|
|
before advancing to the next level.
|
|
.PP
|
|
The return value of \fBverify_callback\fR controls the strategy of the further
|
|
verification process. If \fBverify_callback\fR returns 0, the verification
|
|
process is immediately stopped with \*(L"verification failed\*(R" state. If
|
|
\&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and
|
|
the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1,
|
|
the verification process is continued. If \fBverify_callback\fR always returns
|
|
1, the \s-1TLS/SSL\s0 handshake will never be terminated because of this application
|
|
experiencing a verification failure. The calling process can however
|
|
retrieve the error code of the last verification error using
|
|
SSL_get_verify_result(3) or by maintaining its
|
|
own error storage managed by \fBverify_callback\fR.
|
|
.PP
|
|
If no \fBverify_callback\fR is specified, the default callback will be used.
|
|
Its return value is identical to \fBpreverify_ok\fR, so that any verification
|
|
failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an
|
|
alert message, if \s-1SSL_VERIFY_PEER\s0 is set.
|
|
.SH "BUGS"
|
|
.IX Header "BUGS"
|
|
In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag
|
|
is set, but whether \s-1SSL_VERIFY_NONE\s0 is not set. This can lead to
|
|
unexpected behaviour, if the \s-1SSL_VERIFY_PEER\s0 and \s-1SSL_VERIFY_NONE\s0 are not
|
|
used as required (exactly one must be set at any time).
|
|
.PP
|
|
The certificate verification depth set with SSL[_CTX]\fI_verify_depth()\fR
|
|
stops the verification at a certain depth. The error message produced
|
|
will be that of an incomplete certificate chain and not
|
|
X509_V_ERR_CERT_CHAIN_TOO_LONG as may be expected.
|
|
.SH "RETURN VALUES"
|
|
.IX Header "RETURN VALUES"
|
|
The SSL*_set_verify*() functions do not provide diagnostic information.
|
|
.SH "EXAMPLES"
|
|
.IX Header "EXAMPLES"
|
|
The following code sequence realizes an example \fBverify_callback\fR function
|
|
that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification
|
|
failure, if wished. The callback realizes a verification depth limit with
|
|
more informational output.
|
|
.PP
|
|
All verification errors are printed, informations about the certificate chain
|
|
are printed on request.
|
|
The example is realized for a server that does allow but not require client
|
|
certificates.
|
|
.PP
|
|
The example makes use of the ex_data technique to store application data
|
|
into/retrieve application data from the \s-1SSL\s0 structure
|
|
(see SSL_get_ex_new_index(3),
|
|
SSL_get_ex_data_X509_STORE_CTX_idx(3)).
|
|
.PP
|
|
.Vb 15
|
|
\& ...
|
|
\& typedef struct {
|
|
\& int verbose_mode;
|
|
\& int verify_depth;
|
|
\& int always_continue;
|
|
\& } mydata_t;
|
|
\& int mydata_index;
|
|
\& ...
|
|
\& static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
|
\& {
|
|
\& char buf[256];
|
|
\& X509 *err_cert;
|
|
\& int err, depth;
|
|
\& SSL *ssl;
|
|
\& mydata_t *mydata;
|
|
.Ve
|
|
.Vb 3
|
|
\& err_cert = X509_STORE_CTX_get_current_cert(ctx);
|
|
\& err = X509_STORE_CTX_get_error(ctx);
|
|
\& depth = X509_STORE_CTX_get_error_depth(ctx);
|
|
.Ve
|
|
.Vb 6
|
|
\& /*
|
|
\& * Retrieve the pointer to the SSL of the connection currently treated
|
|
\& * and the application specific data stored into the SSL object.
|
|
\& */
|
|
\& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
|
|
\& mydata = SSL_get_ex_data(ssl, mydata_index);
|
|
.Ve
|
|
.Vb 1
|
|
\& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
|
|
.Ve
|
|
.Vb 22
|
|
\& /*
|
|
\& * Catch a too long certificate chain. The depth limit set using
|
|
\& * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
|
|
\& * that whenever the "depth>verify_depth" condition is met, we
|
|
\& * have violated the limit and want to log this error condition.
|
|
\& * We must do it here, because the CHAIN_TOO_LONG error would not
|
|
\& * be found explicitly; only errors introduced by cutting off the
|
|
\& * additional certificates would be logged.
|
|
\& */
|
|
\& if (depth > mydata->verify_depth) {
|
|
\& preverify_ok = 0;
|
|
\& err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
|
|
\& X509_STORE_CTX_set_error(ctx, err);
|
|
\& }
|
|
\& if (!preverify_ok) {
|
|
\& printf("verify error:num=%d:%s:depth=%d:%s\en", err,
|
|
\& X509_verify_cert_error_string(err), depth, buf);
|
|
\& }
|
|
\& else if (mydata->verbose_mode)
|
|
\& {
|
|
\& printf("depth=%d:%s\en", depth, buf);
|
|
\& }
|
|
.Ve
|
|
.Vb 9
|
|
\& /*
|
|
\& * At this point, err contains the last verification error. We can use
|
|
\& * it for something special
|
|
\& */
|
|
\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
|
|
\& {
|
|
\& X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
|
|
\& printf("issuer= %s\en", buf);
|
|
\& }
|
|
.Ve
|
|
.Vb 6
|
|
\& if (mydata->always_continue)
|
|
\& return 1;
|
|
\& else
|
|
\& return preverify_ok;
|
|
\& }
|
|
\& ...
|
|
.Ve
|
|
.Vb 1
|
|
\& mydata_t mydata;
|
|
.Ve
|
|
.Vb 2
|
|
\& ...
|
|
\& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
|
|
.Ve
|
|
.Vb 3
|
|
\& ...
|
|
\& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
|
|
\& verify_callback);
|
|
.Ve
|
|
.Vb 5
|
|
\& /*
|
|
\& * Let the verify_callback catch the verify_depth error so that we get
|
|
\& * an appropriate error in the logfile.
|
|
\& */
|
|
\& SSL_CTX_set_verify_depth(verify_depth + 1);
|
|
.Ve
|
|
.Vb 6
|
|
\& /*
|
|
\& * Set up the SSL specific data into "mydata" and store it into th SSL
|
|
\& * structure.
|
|
\& */
|
|
\& mydata.verify_depth = verify_depth; ...
|
|
\& SSL_set_ex_data(ssl, mydata_index, &mydata);
|
|
.Ve
|
|
.Vb 9
|
|
\& ...
|
|
\& SSL_accept(ssl); /* check of success left out for clarity */
|
|
\& if (peer = SSL_get_peer_certificate(ssl))
|
|
\& {
|
|
\& if (SSL_get_verify_result(ssl) == X509_V_OK)
|
|
\& {
|
|
\& /* The client sent a certificate which verified OK */
|
|
\& }
|
|
\& }
|
|
.Ve
|
|
.SH "SEE ALSO"
|
|
.IX Header "SEE ALSO"
|
|
ssl(3), SSL_new(3),
|
|
SSL_CTX_get_verify_mode(3),
|
|
SSL_get_verify_result(3),
|
|
SSL_CTX_load_verify_locations(3),
|
|
SSL_get_peer_certificate(3),
|
|
SSL_get_ex_data_X509_STORE_CTX_idx(3),
|
|
SSL_get_ex_new_index(3)
|