The attached patches (generated against OpenSSL 0.9.8n and OpenSSL-1.0.0-
beta5) cause "openssl ocsp" to implicitly trust the Issuing CA Certificate (as
denoted by the "-issuer" parameter) as a candidate OCSP Response signer. This
"non-delegated" model is allowed by RFC 2560.
With this patch, it's possible to do an OCSP check like this:
$ ~/local/openssl-0.9.8n-modified/bin/openssl ocsp -issuer ComodoEVSGCCA.crt -
cert secure.comodo.com.crt -no_nonce -url http://ocsp.comodoca.com
Response verify OK
secure.comodo.com.crt: good
This Update: Mar 25 19:03:00 2010 GMT
Next Update: Mar 29 19:03:00 2010 GMT
But without this patch, you have to also specify "-VAfile ComodoEVSGCCA.crt"
to achieve the same result.
Here are an example End-entity Certificate and Issuing CA Certificate whose
OCSP Responder uses the "non-delegated" model.
secure.comodo.com.crt:
-----BEGIN CERTIFICATE-----
MIIGUjCCBTqgAwIBAgIRAJQkYZmHGtbUyY0tko7rIB4wDQYJKoZIhvcNAQEFBQAw
czELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxGTAXBgNV
BAMTEENPTU9ETyBFViBTR0MgQ0EwHhcNMDkwMTA4MDAwMDAwWhcNMTEwNDA3MjM1
OTU5WjCCAX8xETAPBgNVBAUTCDA0MDU4NjkwMRMwEQYLKwYBBAGCNzwCAQMTAkdC
MSMwIQYLKwYBBAGCNzwCAQITEkdyZWF0ZXIgTWFuY2hlc3RlcjEbMBkGCysGAQQB
gjc8AgEBEwpNYW5jaGVzdGVyMRswGQYDVQQPExJWMS4wLCBDbGF1c2UgNS4oYikx
CzAJBgNVBAYTAkdCMQ8wDQYDVQQREwZNNSAzRVExGzAZBgNVBAgTEkdyZWF0ZXIg
TWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEWMBQGA1UECRMNVHJhZmZvcmQg
Um9hZDEWMBQGA1UECRMNRXhjaGFuZ2UgUXVheTElMCMGA1UECRMcM3JkIEZsb29y
LCAyNiBPZmZpY2UgVmlsbGFnZTEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQx
GjAYBgNVBAsTEUNvbW9kbyBFViBTR0MgU1NMMRowGAYDVQQDExFzZWN1cmUuY29t
b2RvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMWgPqeYQTL9
IdKWF/FxZ/y32XyGgU3gi2n6cd4ewDlSPkadoaYCeR8nTQBsssuFHaYA2T15+Iky
TZ/O63fFB5ZjWCaN6Ryjsk5PWDTYiYRieswQOREEvWr9N3Rpn9/l7vOd9L3Kngbz
QGTDzPxjba1Kz+5jx436y3s/0830c8bd002qPbSwvnrqdfSA2x6pHfY6mKvJI7Bj
p1FfYHk3Tt6P03j5l4rLu51dxf0u5J66sxQBJBjTWrc3YJzuRZ5BYs6GzKeUv0lz
X1RzkAUA0gq2PFUarCEVSd392rD9gXfVS+VEnssqpyjlScsbPD9EIopW+sXylHb4
CJx+kh/wFskCAwEAAaOCAdEwggHNMB8GA1UdIwQYMBaAFH/2TDYoFK7NHjev3lry
W8OgrCv+MB0GA1UdDgQWBBR3BpKJiE8F31jgH6F+yyU9mwXksDAOBgNVHQ8BAf8E
BAMCBaAwDAYDVR0TAQH/BAIwADA0BgNVHSUELTArBggrBgEFBQcDAQYIKwYBBQUH
AwIGCisGAQQBgjcKAwMGCWCGSAGG+EIEATARBglghkgBhvhCAQEEBAMCBsAwRgYD
VR0gBD8wPTA7BgwrBgEEAbIxAQIBBQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9z
ZWN1cmUuY29tb2RvLm5ldC9DUFMwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2Ny
bC5jb21vZG9jYS5jb20vQ29tb2RvRVZTR0NDQS5jcmwwawYIKwYBBQUHAQEEXzBd
MDUGCCsGAQUFBzAChilodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9Db21vZG9FVlNH
Q0NBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMDMG
A1UdEQQsMCqCEXNlY3VyZS5jb21vZG8uY29tghV3d3cuc2VjdXJlLmNvbW9kby5j
b20wDQYJKoZIhvcNAQEFBQADggEBAH/IFXTOFOEuxm38/yN1ssElb4hRS349eK8o
72Sn1HDdmvDnZaEDjZsHAH7Dtm6N6Wd67rkt2fLczTi+BJWX2qttw4ttwsnRJoIV
Rucu+QrqgX4Duce+smo3qXbTTWgrUNgHVmuOpyWtafIcKJ/CqPz3rkp+u8NSlXKj
/dvm/3P8i4RcRsE63+pR/o0sFrGzQaC6UdQtCUFcQXFQzrkWUAsxwnN3V7wXq+YH
h2OEDNsojuogH6zBkcknmd5cpoFu4BANx4lbbWDUr+rqJmXvZWa4jlsiI+k8wRhz
m83TXZpbVZI7VpZT7hnQyEeNxeu7jv9ygME84X6UPJp3004m2nw=
-----END CERTIFICATE-----
ComodoEVSGCCA.crt:
-----BEGIN CERTIFICATE-----
MIIEljCCA36gAwIBAgIQE2Lo61QaEIy4qA7ln7HUUTANBgkqhkiG9w0BAQUFADCB
gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw
MDBaFw0xOTEyMzEyMzU5NTlaMHMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVh
dGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9E
TyBDQSBMaW1pdGVkMRkwFwYDVQQDExBDT01PRE8gRVYgU0dDIENBMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6M6qqSWvLo7ReZVepIgkT/2zXK4qnkp7
QODMUOmBWBXSh/ethXppUqCVbo9nCY7x81wX40lCyBJnpgX4N6APFmEPjzFSxuGH
4U+528n+aRvUyfctrEjXc0oEleOhN4dSWoiz1gEs8QNwLCZwK0c7Cq4xetflFE6s
LzDhfG022qD1g2JdiCYNBUVezveL65W04OsQetS5WXVGUt2GdITLX9McQerwmtqR
ZITf3p/y3dD6pmiWtz6XLX+x+4xsp/5ygtDjitO7484Bt51n6akTmjsh7fdzE+Mz
XXoBqcpJ0E5jh1eBOhdUMPYCXpS2YNIp+U7nKaCgnSpb6z+JLkWi/QIDAQABo4IB
FTCCAREwHwYDVR0jBBgwFoAUC1jli8ZMFTekQKkwqSG+RzZaVv8wHQYDVR0OBBYE
FH/2TDYoFK7NHjev3lryW8OgrCv+MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E
CDAGAQH/AgEAMCAGA1UdJQQZMBcGCisGAQQBgjcKAwMGCWCGSAGG+EIEATA+BgNV
HSAENzA1MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29t
b2RvLm5ldC9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9j
YS5jb20vQ09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwDQYJKoZIhvcN
AQEFBQADggEBAIzZ2VIz7gf24eyrFeCfFdiZJdsZlSWbQ75ZK4EpyPjxX45JAjZG
HOvyof7RCkW60NtQRAxQozxuX4TUTxqoaY8kZgHSC7QIGbq9NAmQCWJxrTmOuHh5
sSR4tM2nSflteH9wh4KRNayxAIYhUdLNRss6gsBIGtMVJtvxD4JxZuKLd1Sjdi/X
bfgNDs46TmVXPxx3UMq7elP3+189dVaq0+MfErUdv8Pc4fk5Z4HxM5zIHsXm7iu5
2VjIxy7fSNHJ5LMaCF+aGG1h07CtJ14INTQloZ9CyHWY0wJkVZTjr9HnSrnk2QZu
cSj43azlRd/Y5ygFoWjOwSVbhfpGnf7bZPA=
-----END CERTIFICATE-----
On Wednesday 24 March 2010 12:38:07 you wrote:
> On Wednesday 24 March 2010 12:01:51 you wrote:
> <snip>
>
> > > > Well it would typically require giving a public responder access to a
> > > > CA key: increasing the risk of compromise especially if the private
> > > > key itself is placed on the server.
> > >
> > > Steve, I think it's entirely unfair to label the non-delegated model as
> > > "not recommended for security reasons" just because *some
> > > implementations* might give "a public responder access to a CA key".
>
> <snip>
>
> > Yes sorry I should've qualified that statement. I was attempting to keep
> > this simple and that always includes the risk of oversimplification.
>
> Steve, thanks for explaining.
>
> <snip>
>
> > Though of course the delegated trust model can also support pre-produced
> > OCSP responses.
>
> That's true.
>
> By the way Steve, I'd like to propose a small change to "openssl ocsp" to
> support the non-delegated model more seamlessly. I've always been
> surprised and slightly confused that you have to specify both "-issuer
> ca.pem" and "- VAfile ca.pem" to verify the signature on a non-delegated
> OCSP Response. Why doesn't "-issuer ca.pem" cause ca.pem to be treated as
> a candidate OCSP Response signer certificate?
>
> When, a couple of weeks ago, a colleague independently made the same
> observation and asked me that same question, it spurred me to write a
> patch.
>
> Would you be happy with this change in behaviour? If so, I'll submit my
> patch to the Request Tracker.
>
> > Steve.
> > --
> > Dr Stephen N. Henson. OpenSSL project core developer.
> > Commercial tech support now available see: http://www.openssl.org
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List openssl-us...@openssl.org
> > Automated List Manager majord...@openssl.org
>
> Rob Stradling
> Senior Research & Development Scientist
> C·O·M·O·D·O - Creating Trust Online
> Office Tel: +44.(0)1274.730505
> Office Fax: +44.(0)1274.730909
> www.comodo.com
>
> Comodo CA Limited, Registered in England No. 04058690
> Registered Office:
> 3rd Floor, 26 Office Village, Exchange Quay,
> Trafford Road, Salford, Manchester M5 3EQ
>
> This e-mail and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the sender by
> replying to the e-mail containing this attachment. Replies to this email
> may be monitored by Comodo for operational or business reasons. Whilst
> every endeavour is taken to ensure that e-mails are free from viruses, no
> liability can be accepted and the recipient is requested to use their own
> virus checking software.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-us...@openssl.org
> Automated List Manager majord...@openssl.org
Rob Stradling
Senior Research & Development Scientist
C·O·M·O·D·O - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com
Comodo CA Limited, Registered in England No. 04058690
Registered Office:
3rd Floor, 26 Office Village, Exchange Quay,
Trafford Road, Salford, Manchester M5 3EQ
This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender by replying
to the e-mail containing this attachment. Replies to this email may be
monitored by Comodo for operational or business reasons. Whilst every
endeavour is taken to ensure that e-mails are free from viruses, no liability
can be accepted and the recipient is requested to use their own virus checking
software.
--- openssl-0.9.8n/apps/ocsp.c 2008-11-05 18:36:35.000000000 +0000
+++ openssl-0.9.8n-modified/apps/ocsp.c 2010-03-26 09:22:30.000000000 +0000
@@ -118,7 +118,7 @@
long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
char *CAfile = NULL, *CApath = NULL;
X509_STORE *store = NULL;
- STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+ STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL, *issuer_st = NULL;
char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
int ret = 1;
@@ -389,6 +389,8 @@
issuer = load_cert(bio_err, *args, FORMAT_PEM,
NULL, e, "issuer certificate");
if(!issuer) goto end;
+ issuer_st = sk_X509_new_null();
+ sk_X509_push(issuer_st, issuer);
}
else badarg = 1;
}
@@ -832,6 +834,12 @@
}
i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
+
+ if (i <= 0 && issuer_st) {
+ i = OCSP_basic_verify(bs, issuer_st, store, OCSP_TRUSTOTHER);
+ if (i > 0) ERR_clear_error();
+ }
+
if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);
if(i <= 0)
@@ -855,7 +863,7 @@
X509_STORE_free(store);
EVP_PKEY_free(key);
EVP_PKEY_free(rkey);
- X509_free(issuer);
+ sk_X509_pop_free(issuer_st, X509_free);
X509_free(cert);
X509_free(rsigner);
X509_free(rca_cert);
--- openssl-1.0.0-beta5/apps/ocsp.c 2009-09-30 22:41:51.000000000 +0100
+++ openssl-1.0.0-beta5-modified/apps/ocsp.c 2010-03-26 09:17:28.000000000 +0000
@@ -148,7 +148,7 @@
long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
char *CAfile = NULL, *CApath = NULL;
X509_STORE *store = NULL;
- STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+ STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL, *issuer_st = NULL;
char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
int ret = 1;
@@ -430,6 +430,8 @@
issuer = load_cert(bio_err, *args, FORMAT_PEM,
NULL, e, "issuer certificate");
if(!issuer) goto end;
+ issuer_st = sk_X509_new_null();
+ sk_X509_push(issuer_st, issuer);
}
else badarg = 1;
}
@@ -880,6 +882,12 @@
}
i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
+
+ if (i <= 0 && issuer_st) {
+ i = OCSP_basic_verify(bs, issuer_st, store, OCSP_TRUSTOTHER);
+ if (i > 0) ERR_clear_error();
+ }
+
if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);
if(i <= 0)
@@ -903,7 +911,7 @@
X509_STORE_free(store);
EVP_PKEY_free(key);
EVP_PKEY_free(rkey);
- X509_free(issuer);
+ sk_X509_pop_free(issuer_st, X509_free);
X509_free(cert);
X509_free(rsigner);
X509_free(rca_cert);
