Re: [Libevent-users] evhttp and TLS hostname validation

[Patrick Pelletier <ppelletier@xxxxxxxxxx>]

Oscar Koeroo wrote:
> The SSL_CTX_set_verify and SSL_CTX_set_verify_callback are used to validate
> the certificate (chain) itself. Useful when OpenSSL triggers a
> false-negative on a certificate chain, you have your own extensions build-in
> the certificate (think: Microsoft PKI in their deployments or RFC3281).
>
> The original question seems to be how to implement RFC2818 with libevent's
> evhttp.
>   

Yes, you're correct about what I was asking, and my initial impression 
of SSL_CTX_set_verify is as you describe: in the examples I've seen (the 
decade-old O'Reilly book, and the iSECPartners/ssl-conservatory github 
repo), SSL_CTX_set_verify seems to be used as something which is called 
on failure of the chain verification.  The test_client.c in 
ssl-conservatory does something like this (very abbreviated from the 
actual code)...

SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
BIO_set_conn_hostname(sbio, TARGET_SERVER);
SSL_do_handshake(ssl);
server_cert =  SSL_get_peer_certificate(ssl);
if (validate_hostname(TARGET_HOST, server_cert) != MatchFound) fail();

So I had been thinking it couldn't be done with the callback.  However, 
after re-reading the manpage for SSL_CTX_set_verify, it sounds like it 
does get called on success, and is given the opportunity to fail the 
connection.  So perhaps I could call validate_hostname() from inside the 
callback after all.  I just haven't seen it done that way, but I'll give 
it a try and see if it works.

As for SSL_CTX_set_verify_callback, there doesn't seem to be a function 
with exactly that name.  There is a SSL_CTX_set_cert_verify_callback, 
but the iSECPartners document says very strongly never to use it, at the 
bottom of page 2:

https://github.com/iSECPartners/ssl-conservatory/blob/master/openssl/everything-you-wanted-to-know-about-openssl.pdf?raw=true

> The moment to do this:
> ...
> - SSL_connect() returns without a failure
> - <here and other post SSL connect checks>
> - continue handing over the (SSL *)
> ...
>   

Yeah, I'd been thinking that might be the only way to do it, before I 
went back and re-read the SSL_CTX_set_verify documentation.

But it seems like the disadvantage of doing the connect before handing 
the SSL over to libevent is that then the connect has to be synchronous, 
right?  The handshake wouldn't be event-driven.

> I don't know the answer to this question as I've used libevent's evhttp and
> libevhtp only on the server side without the need for machine to machine
> mutual auth (until now).
>   

Yeah, I looked at libevhtp but didn't find any inspiration for hostname 
validation there, either.  And the examples for both evhttp and libevhtp 
seem biased towards the server side, which I why I've been struggling a 
bit to write a client.

But I will take a look at SSL_CTX_set_verify again and see if it can do 
what I want.  Thanks for the help, and I'm sorry about asking dumb 
OpenSSL questions on the libevent list!

--Patrick

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.