Topic: Certificate Chain Verification

Hi,

while integrating and testing cyassl 1.6.5 into a non OS environment, a problem with chain verification was found: it simply does not work. Searching the net shows the following old thread
 
http://sourceforge.net/projects/yassl/f … ic/3752835

which describes exactly the same problem (wrong implementation for RFC3280). My implementation needs this chain verification by default. Is there any news or already a implementation for this feature in the embedded SSL library?

Regards;
Frank

Share

Re: Certificate Chain Verification

Are you loading a trusted cert?  What is the depth of the chain?

I'm not positive CyaSSL's implementation is wrong.  The beginning of page 64 says "A particular certification path may not, however, be appropriate for all applications.  Therefore, an application MAY augment this algorithm to further limit the set of valid paths."

Though you're the 2nd person to request a less constrained augmented policy.  It's now on our list of repeated requests but nothing has been changed at the moment.  We'll probably add this feature as an option to CyaSSL 1.9.0.

Share

Re: Certificate Chain Verification

As an example, a connection to mail.google.com receives a chain with 3 certificates:
(1) server cert from the google server (www.google.com) This is signed from
(2) Thawte SGC CA, which is signed from
(3) Verisign PCA3 G1 SHA1 (root ca)

The last cert (Verisign) is loaded with CyaSSL_CTX_load_verify_buffer(). It is not possible  (on my evaluation environment) with cyassl to verify this chain. Google uses a very common cert handling, cyassl should support at least such a chain, too. Means, cyassl should check the root ca against the cert in the local ca list, verify and accept the thawte cert with the verisign cert, finally verify and accept the google cert with the thawte cert.
In DoCertificate(), the certs are decoded and checked in received order (first google,  thawte, last verisign). Check on google fails (thawte not yet accepted), therefore, verification also fails. I had a look to 1.8.0, cannot find a better solution there.

Regards,
Frank

Share

Re: Certificate Chain Verification

You can verify this chain with CyaSSL.  Simply load (2) and (3) instead of just (3), like Firefox does.  Currently, CyaSSL only trusts CAs to sign certificates that have been explicitly trusted to sign certificates.

Share

Re: Certificate Chain Verification

Hi Todd,

Have you decided about adding this less constrained certificate chain verification policy to a future release of CyaSSL?

I took a quick peak at version 1.9 and it did not look like it had been added -- but maybe I am wrong?

Thanks

Share

Re: Certificate Chain Verification

You're correct.  It didn't make it into 1.9.0.  Though it has made it into our source on github and will make it into the next release, more testing is needed at this point.  You can try it out with:

git clone git@github.com:cyassl/cyassl.git
cd cyassl
./autogen.sh
./configure  (whichever options you use)
make

Share