Hi,

(that other mail on OCSP on this list reminded me of this...)

I've found the answer in the mean time by using a debugger and single-stepping through the library...

On 01-12-15 14:58, Verhelst Wouter (Consultant) wrote:
Hi folks,

I'm trying to write an application that needs to verify the validity of data on 
a smartcard. That data is signed with an RSA key for which a certificate exists 
on the card; but if the card is stolen or lost, the certificate will be 
revoked, so I want to ensure that the certificate is valid. I'm doing an OCSP 
request to take care of that.

Since OpenSSL's own OCSP_sendreq_* functions don't support HTTP proxies, I'm 
currently using libcurl to send the request to the OCSP endpoint. This seems to 
work; when I get the reply and use d2i_OCSP_RESPONSE(), then with things like 
OCSP_response_status() and OCSP_resp_find_status() and friends I can manage to 
get the status of the request and a given certificate.

However, that doesn't do signature verification. I believe that I should use 
OCSP_basic_verify() for that, but I'm not entirely sure whether that is the 
case, and if so whether I would need to do some additional checks beforehand. 
Unfortunately, I can't find any documentation on OCSP_basic_verify().

I should note that due to the nature of my needs, I have a rather huge set of 
valid intermediate CAs, but a fairly limited set of root CAs that can be used 
for valid cards (that is, if the signature validates but it wasn't signed by 
any of the CAs under one of my limited set of roots, the card is a forgery and 
should be rejected as invalid).

A few questions:
- Am I right in assuming that OCSP_basic_verify will check the signature on the 
OCSP request?

Answer: yes (verified this by modifying some data in the OCSP response data, which caused signature verification to fail)

- In "OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags)", I'm not 
entirely certain of what the "st" argument is meant to contain, and can't figure out the "certs" one. Pouring 
over the code, I believe the "st" argument should allow me to limit validation to my set of root certificates, but I 
could be mistaken. As for the "certs" one, I can't understand that one at all. The only thing I can think of is that 
maybe it should contain the issuer certificate that I used for the original request, but then why is it a STACK_OF(X509)* and not 
just an X509*? What am I missing?

Answers:

- The "STACK_OF(X509) *certs" argument should just be bs->certs (i.e., the certificates which were sent along with the OCSP response, and which contain all certificates required to be able to verify the signature on the response as well as its certificate chain). I assume this is done so as to retain API compatibility with other certificate verification methods (e.g., using CRLs), even though the *certs argument really is superfluous (OCSP_basic_verify could just as easily pluck those certificates out of the *bs argument). - The "X509_STORE *st" argument indeed allows me to limit the root certificates allowed for valid signatures. By not including the default certificate store, I can reject cards that are signed by a different root.

--
Wouter Verhelst
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to