Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

obtaining peer's root CA certificate

179 views
Skip to first unread message

Igor Slepchin

unread,
Jun 9, 2004, 12:43:38 PM6/9/04
to
Hi!

What would be the best (i.e., least convoluted) way to get peer's root
certificate? I am aware of SSL_get_peer_cert_chain but from what I
understood after googling for it, it only returns the cert chain as sent by
the peer and that may not include the peer root CA's cert. Is there another
way to get to it? If not, are there any plans to add such an API?

As an aside, the requirement to get access to the peer's root CA cert sounds
fairly reasonable to me: the application I am working on needs to make
different authorization decisions based on the identity of the peer's root
CA...

Thank you,
Igor Slepchin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Olaf Gellert

unread,
Jun 10, 2004, 5:20:47 AM6/10/04
to
Igor Slepchin wrote:
> Hi!
>
> What would be the best (i.e., least convoluted) way to get peer's root
> certificate? I am aware of SSL_get_peer_cert_chain but from what I
> understood after googling for it, it only returns the cert chain as sent by
> the peer and that may not include the peer root CA's cert. Is there another
> way to get to it? If not, are there any plans to add such an API?
Hmmm.... Could be difficult. What you would need is an
information "where to find the root certificate" in the
certificate you want to validate. If you are lucky, you
can browse an LDAP directory from the according CA and
search for the distinguished name of the issuer recursively
to get the complete chain (including the root certificate).
But I guess this only works for 10% of the actual CAs
around (and you still have to know, which LDAP servers
exist for which CAs).

Because until now there is no global infrastructure
where X.509 certificates are published the usual
way is to provide the certificate chain on connection
establishment (SSL/TLS) or in the signed email (PKCS7
in S/MIME). In both cases this is only optional so
you don't have a guarantee to get the complete
chain...

> As an aside, the requirement to get access to the peer's root CA cert sounds
> fairly reasonable to me: the application I am working on needs to make
> different authorization decisions based on the identity of the peer's root
> CA...

If you have a look at the recent WWW browsers you will
find that these come with a preinstalled set of (commercial)
root certificates and these are trusted by default.
That way websites do not even need to provide the
whole certificate chain, they can leave out the
root certificate (which must already be installed
in the browser anyways, otherwise it would not be
trusted).

IE usually shows you the whole provided certificate chain
on connection establishment if it is untrusted, so if the
chain provided by the server contains the root certificate
you can choose to install this (instead of only installing
the server certificate provided).

But alltogether, I would say there is no global way
to get the necessary root certificate for all certificates
you may come across...

Olaf


--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Consultant, Consulting GmbH
Phone: (+49) 0700 / PRESECURE o...@pre-secure.de

A daily view on Internet Attacks
https://www.ecsirt.net/sensornet

Igor Slepchin

unread,
Jun 11, 2004, 4:10:48 PM6/11/04
to
Thanks for the response. A few comments/further questions inline...

> -----Original Message-----
> From: Olaf Gellert [mailto:o...@pre-secure.de]
>
> Igor Slepchin wrote:
> > Hi!
> >
> > What would be the best (i.e., least convoluted) way to get
> peer's root
> > certificate?
>

> Hmmm.... Could be difficult. What you would need is an
> information "where to find the root certificate" in the
> certificate you want to validate.

I actually think that right now I'm facing a less generic problem than this
so it hopefully has an easier solution;) I wondered about the problem you
described as well though...

I probably was not clear enough in my first email but I am not currently
looking for a way to find root CA certs for arbitrary cert chains. My
problem is really as follows: say, I have a server configured with a set of
root CA certs (e.g., through SSL_CTX_load_verify_locations). Now, once an
SSL connection is established and peer's certificate is verified, I'd like
to get the certificate of the root CA that signed the top of the peer's cert
chain. In all cases this would be one of the certificates my server already
knows about through configuration.

openSSL certainly has this information since it needs it during the
handshake. So the real question is about how _I_ can get this certificate
out of openSSL innards. If I understand correctly, I can get the SSL object
out of X509_STORE_CTX within the verify_callback (by using
X509_STORE_CTX_get_ex_data() with SSL_get_ex_data_X509_STORE_CTX_idx()),
then store the root CA cert passed to the verify callback in some sort of a
map to access it later based on SSL object I am dealing with. However, this
sounds pretty convoluted. Is there an easier way to get to the root CA cert
given an established SSL connection? If X509_STORE_CTX lives past the
handshake, is it possible to get to it based on the SSL object (I assume
that X509_STORE_CTX knows the root CA cert it used to verify the chain)?

I don't think this is relevant, but mutual authentication is used in my
scenario.

Thank you,
Igor Slepchin

Igor Slepchin

unread,
Jun 11, 2004, 6:16:13 PM6/11/04
to
> -----Original Message-----
> From: Goetz Babin-Ebell [mailto:babin...@trustcenter.de]
>
> From the top of my head:
> set an own verify callback function (see apps/s_cb.c).
> In this you get the depth.
> If the gepth reaches 0, you got the root.
> Store this cert some place...

Yes, I understand I can get to this from within verify callback (though I
believe depth 0 corresponds to the peer's cert, not the root); however, the
real question is how to get to this certificate after the handshake is
complete, i.e., how to map an SSL object corresponding to an established
connection to the peer's root CA certificate. I can certainly establish and
maintain the map myself but that sounds like an overkill (e.g., I'll need to
make sure to remove the elements from that map once the connections are
terminated etc.) so I'm wondering if there is a more direct way...

For that matter, is using X509_check_issued(cert, cert) the proper way to
check that a certificate is self-signed (i.e., is indeed a root
certificate)? It seems to work fine but given that this call is undocumented
(i.e., not in man pages) I am wondering if it's really The Better Way (TM).
The comments in the openSSL code for this are pretty self-explanatory but
it'd be nice to know this API will still be available in the future openSSL
versions...

0 new messages