On Friday 05 December 2014 15:18:30 you wrote: > When discussing this issue, my colleague Hubert Kario made me aware of a > flag offered by e.g. the openssl s_client utility: "-trusted_first". > When using -trusted_first, the server verification works successfully in > the above scenario. > > Given that the suggestion is to change openssl's default behaviour, > changing openssl to use the -trusted_first mode by default might > potentially be a solution. However, it's not obvious if this mode could > have other side effects that are undesirable. > > Therefore I suggest to discuss which approach is best to support the > removal of legacy CAs, either by changing the default of the > -trusted_first setting, or by implementing another solution. I think it > would be good to find a solution that could be backported to the openssl > 1.0.1 branch.
For what it's worth, I have tested the Alexa top 1 million servers with the -trusted_first option and haven't found a single server that looses its trusted status, on the other hand, good few percent of servers do gain it. That doesn't mean there aren't any (or that I haven't made a mistake in the tests), but I can't think of a CA structure that would validate correctly with old mode while not with the new mode (so at least the experiment matches theory). More specifically the test was done by setting X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST); during verification. Full code that I used for testing is available here: https://github.com/jvehent/cipherscan/blob/master/top1m/parse_CAs.c https://github.com/jvehent/cipherscan/blob/master/top1m/process-certificate-statistics.sh (the baseline was achieved by just commenting out the above mentioned line) -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic _______________________________________________ openssl-dev mailing list [email protected] https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
