Hello,
I am integrating OpenSSL X.509 functionality to an embedded system (first
use will be for SSH authentication), which presents a unique set of
problems. As I stated in an earlier post, certificate revocation checking
will be performed by OCSP and not CRLs due to limited storage capacity.
My current implementation is up and running just fine. However due to
distribution (I'm in a multi-slot chassis) and redundancy reasons I would
like to move away from my flash based file system which is currently used
to store my trusted and untrusted certificates (i.e., ca-bundle.crt and
authorized_users2 files). Internally, I now store all of the certificates
in pair of STACK_OF(X509) structures, one for trusted certs and one for
untrusted.
STACK_OF(X509) * my_trusted; /* Certs which would have been in
ca-bundle.crt */
STACK_OF(X509) * my_untrusted; /* Certs which would have been in
authorized_users2 */
Because I am removing the ca-bundle.crt and authorized_users2 files, my
X509_STORE now has no way to load certificates. I get around this by
supplying my certificate stacks each time I allocate a new X509_STORE_CTX:
X509_STORE sshX509CACertStore;
X509_STORE_CTX * pStoreCtx;
...
pStoreCtx = X509_STORE_CTX_new();
X509_STORE_CTX_init (pStoreCtx, sshX509CACertStore, pX509,
my_untrusted);
X509_STORE_CTX_trusted_stack(pStoreCtx, my_trusted);
....
This works fine and dandy until it comes time to verify the OCSP signing
certificate. I pass my X509_STORE (which contains no cert lookup methods)
and stack of trusted certs to OCSP_basic_verify() as follows:
unsigned long flags = 0;
i = OCSP_basic_verify(bs, my_trusted, sshX509CACertStore, flags);
OCSP_basic_verify() correctly uses my "certs" to find the OCSP signing
certificate's issuer, but then goes off and creates a brand new
X509_STORE_CTX which can't access any of my certificates, trusted or
untrusted. This causes the OCSP_basic_verify()'s subsequent call to
X509_verify_cert() to fail.
I have found 2 ways to "solve" this problem.
First, I can bypass certificate verification altogether by setting the
OCSP_TRUSTOTHER flag (and OCSP_NOINTERN as well for good measure).
However, I am unsure if this is a "safe" thing to be doing. Do I lose any
security by not verifying a trusted OCSP signing certificate?
Second, I can remove the call to X509_STORE_CTX_trusted_stack() and instead
manually feed my trusted certificates into the X509_STORE by calling
X509_STORE_add_cert() each time a new certificate is added (via a command
line interface - again, I am not using files for certificate storage).
This adds the certificate to X509_STORE's trusted certificate cache,
making them available to all X509_STORE_CTXs (including the one allocated
by OCSP_basic_verify()). This raises a couple of questions: First, do I
need to worry about certificates on the X509_STORE's certificate cache ever
being "flushed"? Second, is there a way to remove an individual
certificate from this cache, short of deleting the entire X509_STORE,
allocating a new one, and then re-populating the cache?
I have both the first and second implementations working, but don't know
which is better or if I need to consider another option, such as defining a
new X509_LOOKUP_METHOD for my memory based certificate storage. BTW, I'll
be dealing with a relatively small set of trusted certificates and no CRLs,
so blindly pushing all of my trusted certs onto the X509_STORE's cache
shouldn't be an issue.
Any guidance would be greatly appreciated.
Sincerely,
- Mike Siedzik
Michael Siedzik | Firmware Engineer
Enterasys Networks | A Siemens Enterprise Communications Company
Email: msied...@enterasys.com
*There is nothing more important than our customers.*
