The correct way to verify a server certificate?
119 views
Skip to first unread message
Ladd, Watson
May 14, 2025, 3:33:41 PM5/14/25
to openss...@openssl.org
In Go:
Tls.Dial("tcp", "www.example.com:443", nil)
In OpenSSL I know that SSL_CTX_set_verify(VERIFY_PEER) is required, but it doesn't seem from my reading the documentation that there is an easy way to verify hostnames: it seems that the expectation is doing a bunch of X509_ functions on the result of get_peer_certificate
or make a callback function, but I'm not sure that I am not just failing to find the name of what I need.
This has caused a few issues already. I'm sure we have all run into this. Does anyone have an ideomatic, easy to explain way to do this that I'm just not figuring out for some reason?
Sincerely,
Watson
Watson
Michael Wojcik
May 14, 2025, 6:04:35 PM5/14/25
to openss...@openssl.org
> From: 'Ladd, Watson' via openssl-users <openss...@openssl.org>
> Sent: Wednesday, 14 May, 2025 13:33
> In OpenSSL I know that SSL_CTX_set_verify(VERIFY_PEER) is required, but it
> doesn't seem from my reading the documentation that there is an easy way to
> verify hostname
Some OpenSSL material, including the "Client" page on the OpenSSL wiki, predate the implementation of certificate identity checking in 1.1.
With any non-ancient OpenSSL release, you use X509_VERIFY_PARAM_set1_host to specify the hostname to check the entity certificate against (and related functions to control other verification options). There's a short example at the end of the man page:
https://docs.openssl.org/3.1/man3/X509_VERIFY_PARAM_set_flags/
which is just:
X509_VERIFY_PARAM *param;
param = X509_VERIFY_PARAM_new();
X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
SSL_CTX_set1_param(ctx, param);
X509_VERIFY_PARAM_free(param);
You'd use X509_VERIFY_PARAM_set1_host rather than (or in addition to) X509_VERIFY_PARAM_set_flags there. As usual, the "set1" means OpenSSL will make a copy of the hostname. There's also an add1_host if you need to set multiple possible hostnames.
Some OpenSSL consumers still implement their own identity-checking code, but that's usually a holdover from pre-1.1 days. Sometimes it's because they need even more flexibility than what's provided by the VERIFY_PARAM functions (e.g. "bypass this check iff the certificate chains back to this particular root"), but I think that's unusual.
You should also probably call SSL_CTX_set_tlsext_host_name or SSL_set_tlsext_host_name before making the connection, to enable SNI.
(I think those are the current recommendations. It's possible there's a newer API I missed.)
--
Michael Wojcik
================================
Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ Main Office Toll Free Number: +1 855.577.4323
Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport
Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences
Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy
================================
This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you.
> Sent: Wednesday, 14 May, 2025 13:33
> In OpenSSL I know that SSL_CTX_set_verify(VERIFY_PEER) is required, but it
> doesn't seem from my reading the documentation that there is an easy way to
> verify hostname
With any non-ancient OpenSSL release, you use X509_VERIFY_PARAM_set1_host to specify the hostname to check the entity certificate against (and related functions to control other verification options). There's a short example at the end of the man page:
https://docs.openssl.org/3.1/man3/X509_VERIFY_PARAM_set_flags/
which is just:
X509_VERIFY_PARAM *param;
param = X509_VERIFY_PARAM_new();
X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
SSL_CTX_set1_param(ctx, param);
X509_VERIFY_PARAM_free(param);
You'd use X509_VERIFY_PARAM_set1_host rather than (or in addition to) X509_VERIFY_PARAM_set_flags there. As usual, the "set1" means OpenSSL will make a copy of the hostname. There's also an add1_host if you need to set multiple possible hostnames.
Some OpenSSL consumers still implement their own identity-checking code, but that's usually a holdover from pre-1.1 days. Sometimes it's because they need even more flexibility than what's provided by the VERIFY_PARAM functions (e.g. "bypass this check iff the certificate chains back to this particular root"), but I think that's unusual.
You should also probably call SSL_CTX_set_tlsext_host_name or SSL_set_tlsext_host_name before making the connection, to enable SNI.
(I think those are the current recommendations. It's possible there's a newer API I missed.)
--
Michael Wojcik
================================
Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ Main Office Toll Free Number: +1 855.577.4323
Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport
Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences
Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy
================================
This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you.
Viktor Dukhovni
May 14, 2025, 9:19:12 PM5/14/25
to openss...@openssl.org
SYNOPSIS
#include <openssl/ssl.h>
int SSL_set1_host(SSL *s, const char *host);
int SSL_add1_host(SSL *s, const char *host);
void SSL_set_hostflags(SSL *s, unsigned int flags);
const char *SSL_get0_peername(SSL *s);
...
HISTORY
These functions were added in OpenSSL 1.1.0.
See the DESCRIPTION for further details.
--
Viktor.
Ladd, Watson
May 15, 2025, 11:51:47 AM5/15/25
to openss...@openssl.org
Thank you, that seems to be the function everyone wants.
I can go open a patch that adds cross refs from the other functions I looked at to make it findable.
From: openss...@openssl.org <openss...@openssl.org> on behalf of Viktor Dukhovni <openss...@dukhovni.org>
Sent: Wednesday, May 14, 2025 6:19 PM
To: openss...@openssl.org <openss...@openssl.org>
Subject: Re: The correct way to verify a server certificate?
Sent: Wednesday, May 14, 2025 6:19 PM
To: openss...@openssl.org <openss...@openssl.org>
Subject: Re: The correct way to verify a server certificate?
!-------------------------------------------------------------------|
This Message Is From an External Sender
This message came from outside your organization.
|-------------------------------------------------------------------!
This Message Is From an External Sender
This message came from outside your organization.
|-------------------------------------------------------------------!
On Wed, May 14, 2025 at 07:33:28PM +0000, 'Ladd, Watson' via openssl-users wrote:
>
> In OpenSSL I know that SSL_CTX_set_verify(VERIFY_PEER) is required,
> but it doesn't seem from my reading the documentation that there is an
> easy way to verify hostnames: it seems that the expectation is doing a
> bunch of X509_ functions on the result of get_peer_certificate or make
> a callback function, but I'm not sure that I am not just failing to
> find the name of what I need.
>
> This has caused a few issues already. I'm sure we have all run into this. Does anyone have an ideomatic, easy to explain way to do this that I'm just not figuring out for some reason?
As of OpenSSL 1.1.0, prior, OpenSSL has: SSL_set1_host(3).
SYNOPSIS
#include <openssl/ssl.h>
int SSL_set1_host(SSL *s, const char *host);
int SSL_add1_host(SSL *s, const char *host);
void SSL_set_hostflags(SSL *s, unsigned int flags);
const char *SSL_get0_peername(SSL *s);
...
HISTORY
These functions were added in OpenSSL 1.1.0.
See the DESCRIPTION for further details.
--
Viktor.
--
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-user...@openssl.org.
To view this discussion visit https://urldefense.com/v3/__https://groups.google.com/a/openssl.org/d/msgid/openssl-users/aCVBBGNKY_tyF_KJ*40chardros.imrryr.org__;JQ!!GjvTz_vk!UQf0T1IcMw9CPoxBk__6Se7sdVmlr9vBJsJrAahqPnapDkOgVcHr8KfnWZBwOpu32_vQ8w72E5X4FdDGPRZ0BNIP$ .
You received this message because you are subscribed to the Google Groups "openssl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openssl-user...@openssl.org.
To view this discussion visit https://urldefense.com/v3/__https://groups.google.com/a/openssl.org/d/msgid/openssl-users/aCVBBGNKY_tyF_KJ*40chardros.imrryr.org__;JQ!!GjvTz_vk!UQf0T1IcMw9CPoxBk__6Se7sdVmlr9vBJsJrAahqPnapDkOgVcHr8KfnWZBwOpu32_vQ8w72E5X4FdDGPRZ0BNIP$ .
Reply all
Reply to author
Forward
0 new messages