Hi Mourad, -----Original Message----- > From: On Behalf Of Mourad Cherfaoui > Sent: Wednesday, October 28, 2009 6:23 AM > To: openssl-users@openssl.org > Subject: TLS trust of a chain of certificates up to a root CA. Certificate > Sign extenstion not set
> I have a chain of certificates C->B->A->RootCA. The TLS client only presents C > during the TLS handshake. RootCA has the Certificate Sign extension set but > not > B and A. SSL requests the client to send all certificates necessary to verify its identity. Only when the client knows that the server has access to part of its certificate chain, it is allowed to send less. If you have control over the client, you should configure it to send its whole certificate chain. If you don't have control over the client, you need to add all certificates of the client's certificate chain that the client doesn't send to the server's truststore. This is your first requirement. Fix this first, then move on to the extension topic. > The TLS server fails the TLS handshake because of the absence of the > Certificate Sign extension in B and A. If the server can't build the client's certificate chain to a cert in its truststore, verification of the client's identity fails, and as such the handshake. > My first question: if the TLS server has the entire chain of certificates > B->A->RootCA in its truststore, is it correct to assume that the Certificate > Sign extension is not required in B and A? No, your assumption is wrong. > My second question: by default the > TLS server will fail the TLS handshake because of the absence of the > Certificate Sign extension. Is there a recommended way to disables the check > for this extension in the TLS handshake? Once the server has constructed the client's certificate chain to one of its own trusted certificates, it starts verifying the certificate chain according to some verification profile. OpenSSL uses the PKIX profile has specified in RFC 5280. PKIX requires CA certificates to have the keyUsage extension and it should be marked critical. As such the extension needs to have at least the value keyCertSign. Check the RFC for more info about the keyUsage extension. 4 options come to mind how to solve your problem: - fix your configuration & your certificates. This is the recommended way. - use X.509v1 certificates - they don't contain extensions - don't use SSL with client authentication, but then your client will probably fail to verify the server's identity as well, if the server is certified by a CA whose certificate is missing the keyUsage extension. - configure the server to move on with the handshake even in the case of a failed verification of the client's identity, i.e. request client authentication but grant access to anonymous clients as well HTH, Patrick Eisenacher ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
