> From: owner-openssl-us...@openssl.org On Behalf Of Ashok C
> Sent: Thursday, 22 December, 2011 10:55
> Another doubt I have is about the SSL_CTX_set_client_ca_list
> and the SSL_get_client_ca_list.
> I understand that the set method is called by the server to
> set the list of CA names that it actually expects from the client.
> And the client calls ssl_get_client_ca_list to get these names and
> send the appropriate CA certificates in its chain for verification
> to the server.
Nit: case is important in C identifiers. Skipping that:
Not quite. Server can call _set_client_CA_list to set the CA names it
*asks for* from the client; server still uses _load_verify_locations
to verify the cert received if any. OpenSSL allows you to make these
different: e.g. ask the client for CA1 and CA2, but verify only CA2,
or CA2 and CA3, or only CA3. I've never seen a good use for this.
OpenSSL client calls the client_cert callback or engine only if
you did *not* set a cert-and-private-key before the handshake.
Callback or engine can look at the CAlist specified by the server
if any (see next) to choose what cert-and-private-key to use.
For callback it apparently needs to call SSL_get_client_CA_list,
for engine this value is passed separately.
> I assume that both these methods are actually optional even when
SSL_VERIFY_PEER
> flag is set to true, i.e., client verifies server and server
verifies client.
If OpenSSL server sets VERIFY_PEER but doesn't _set_client_CA_list,
it sends CertReq with an empty CA list. According to the RFCs
in this case "the client MAY send any certificate of the appropriate
ClientCertificateType, unless there is some external arrangement to
the contrary." If the client is configured or operated to send a cert
that the server accepts (using _load_verify_locations) it's okay.
If OpenSSL client has cert-and-pkey configured and receives CertReq,
it sends that cert regardless of any CAlist the server asked for;
that cert may be accepted or not depending on the server. And if
callback or engine is used it appears (but I haven't tested) that
can similarly select any cert regardless of what the server asked.
> I set up my server and client without these two methods and things
> still go fine. What would be the exact purpose of this family of methods?
See above. As long as the client is configured with or selects a cert
acceptable to the server it's okay, regardless of what if anything
the server asked for in CertReq.
> What I understand from my reading is that the SSL_CTX_set_client_CA_list
> function is only needed by server applications that verify the identity
> of remote client applications when SSL sessions are started and that if
> the SSL_CTX_set_client_CA_list function is not used and you request a
> client certificate, the list of CA names that get passed to the client
> application are the CAs from the SSL_CTX_load_verify_locations function.
No. By default the server asks for an empty CAlist; see above.
If you want to ask the client for the same CAs you will use to verify,
which for many clients is usually a good idea, you must explicitly call
_set_client_CA_list (or _add_client_CA) with the same CA certs as are
in your truststore. That is easier to do with CAfile format, which
could be a factor in your decision there at least for server.
You may be confused by the fact (I was once) that commandline s_server
uses -CAfile *also* for _set_client_CA_list. But that's specific code
in that program, not a feature of OpenSSL in general.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
