On Tue, Dec 15, 2015 at 12:07:17AM +0000, Viktor Dukhovni wrote: > I see what happens, the fisrt callback is from OpenSSL's own chain > building code that fails to find a WebPKI trust anchor and reports > the root CA as an unknown self-signed object in the chain. > > The second callback is from my code, which finds that further more > there are no DANE trust anchors to validate the chain. Since the > first callback allowed the handshake to continue, and I don't have > any information about the earlier callback having taken place, I > signal that the certificate lacks any DANE-based trust. Otherwise, > it might pass based on WebPKI trust alone, but we're doing DANE. > > So the callback is needed for now. Once DANE support is in OpenSSL > itself, it should be possible to avoid the duplication of bad news.
Speaking of callbacks and so on, I see that it was still possible to misreport the match depth for PKIX-EE in the presence of PKIX-TA records, so just I pushed a commit for that. Since opportunistic DANE TLS for SMTP does not use either PKIX-TA or PKIX-EE, this should not affect Exim, but you may as well be current with the head commit. commit e55da2735733f2d21185ebc7e3a88fa08b403855 Author: Viktor Dukhovni <[email protected]> Date: Mon Dec 14 19:04:34 2015 -0500 When PKIX-EE matches don't clobber depth by trying PKIX-TA diff --git a/danessl.c b/danessl.c index 0271030..a8b7a22 100644 --- a/danessl.c +++ b/danessl.c @@ -874,7 +874,7 @@ static int verify_chain(X509_STORE_CTX *ctx) */ if (leaf_rrs) matched = match(leaf_rrs, xn, 0); - if (issuer_rrs) { + if (!matched && issuer_rrs) { for (n = chain_length-1; !matched && n >= 0; --n) { xn = sk_X509_value(ctx->chain, n); if (n > 0 || X509_check_issued(xn, xn) == X509_V_OK) -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
