diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-28 03:01:45 -0500 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-01-31 21:23:23 -0500 |
commit | 0daccd4dc1f1ac62181738a91714f35472e50f3c (patch) | |
tree | 5b7c2b6c5db0c2caf223ea978db03559b5eb90f8 /doc | |
parent | 1b4cf96f9b82ec3b06e7902bb21620a09cadd94e (diff) |
Check chain extensions also for trusted certificates
This includes basic constraints, key usages, issuer EKUs and auxiliary
trust OIDs (given a trust suitably related to the intended purpose).
Added tests and updated documentation.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/apps/verify.pod | 26 | ||||
-rw-r--r-- | doc/apps/x509.pod | 9 | ||||
-rw-r--r-- | doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 17 |
3 files changed, 35 insertions, 17 deletions
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index e15a5de968..6d54592687 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -198,14 +198,16 @@ When constructing the certificate chain, use the trusted certificates specified via B<-CAfile>, B<-CApath> or B<-trusted> before any certificates specified via B<-untrusted>. This can be useful in environments with Bridge or Cross-Certified CAs. +As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. =item B<-no_alt_chains> -When building a certificate chain, if the first certificate chain found is not -trusted, then OpenSSL will continue to check to see if an alternative chain can -be found that is trusted. With this option that behaviour is suppressed so that -only the first chain found is ever used. Using this option will force the -behaviour to match that of OpenSSL versions prior to 1.1.0. +By default, unless B<-trusted_first> is specified, when building a certificate +chain, if the first certificate chain found is not trusted, then OpenSSL will +attempt to replace untrusted issuer certificates with certificates from the +trust store to see if an alternative chain can be found that is trusted. +As of OpenSSL 1.1.0, with B<-trusted_first> always on, this option has no +effect. =item B<-untrusted file> @@ -264,13 +266,17 @@ the subject certificate. Use default verification policies like trust model and required certificate policies identified by B<name>. +The trust model determines which auxiliary trust or reject OIDs are applicable +to verifying the given certificate chain. +See the B<-addtrust> and B<-addreject> options of the L<x509(1)> command-line +utility. Supported policy names include: B<default>, B<pkcs7>, B<smime_sign>, B<ssl_client>, B<ssl_server>. -This checks not only the purpose of the leaf certificate, but also the -trust settings of the trusted CAs. -When in doubt, use this option rather than B<-purpose>. -The B<-verify_name> option more closely matches how certificates are checked in -e.g. SSL and S/MIME. +These mimics the combinations of purpose and trust settings used in SSL, CMS +and S/MIME. +As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not +specified, so the B<-verify_name> options are functionally equivalent to the +corresponding B<-purpose> settings. =item B<-x509_strict> diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index 1c98e9decf..637eedc947 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -289,9 +289,12 @@ clears all the prohibited or rejected uses of the certificate. =item B<-addtrust arg> -adds a trusted certificate use. Any object name can be used here -but currently only B<clientAuth> (SSL client use), B<serverAuth> -(SSL server use) and B<emailProtection> (S/MIME email) are used. +adds a trusted certificate use. +Any object name can be used here but currently only B<clientAuth> (SSL client +use), B<serverAuth> (SSL server use), B<emailProtection> (S/MIME email) and +B<anyExtendedKeyUsage> are used. +As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or +enables all purposes when trusted. Other OpenSSL applications may define additional uses. =item B<-addreject arg> diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index a2219d2aae..53a063a48c 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -197,11 +197,20 @@ verification. If this flag is set then additional status codes will be sent to the verification callback and it B<must> be prepared to handle such cases without assuming they are hard errors. +If B<X509_V_FLAG_TRUSTED_FIRST> is set, when constructing the certificate chain, +L<X509_verify_cert(3)> will search the trust store for issuer certificates before +searching the provided untrusted certificates. +As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. + The B<X509_V_FLAG_NO_ALT_CHAINS> flag suppresses checking for alternative -chains. By default, when building a certificate chain, if the first certificate -chain found is not trusted, then OpenSSL will continue to check to see if an -alternative chain can be found that is trusted. With this flag set the behaviour -will match that of OpenSSL versions prior to 1.1.0. +chains. +By default, unless B<X509_V_FLAG_TRUSTED_FIRST> is set, when building a +certificate chain, if the first certificate chain found is not trusted, then +OpenSSL will attempt to replace untrusted certificates supplied by the peer +with certificates from the trust store to see if an alternative chain can be +found that is trusted. +As of OpenSSL 1.1.0, with B<X509_V_FLAG_TRUSTED_FIRST> always set, this option +has no effect. The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time() |