[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #4549 [Tor Bridge]: Implement user-defined certificate strings through torrc (part of the proposal 179 efforts)
#4549: Implement user-defined certificate strings through torrc (part of the
proposal 179 efforts)
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Bridge | Version:
Keywords: | Parent: #3972
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by asn):
Replying to [comment:3 nickm]:
> * It looks like you apply the issuer name stuff to be the name of EVERY
issuer, and the subject name to be subject name on EVERY cert? That isn't
right, if so. This stuff only wants to apply to the initial presented-in-
cleartext cert, which now wants to be different from the cert chain
presented after in the v2 or v3 handshake. The cert chain probably wants
to stay unchanged.
Hm, what about the v1 handshake? There, the 'presented-in-cleartext
certificate' has to be passed along with the 'identity certificate'. This
means that in the v1 case, we have to customize the 'identity certificate'
with the user-defined certificate strings so that the certificate chain
remains valid with:
`cleartext_cert.issuerDNs == id_cert.issuerDNs == id_cert.subjectDNs`
I don't consider this necessarily wrong, since it seems logical from a PKI
PoV.
If we do this, the 'link certificate' is equal to the 'presented-in-
cleartext certificate', since we will also need to customize the 'link
certificate' to form a valid certificate chain with the customized
'identity certificate' during the v2 renegotiation.
This probably means that we don't need an extra 'presented-in-cleartext
certificate' and we can simply customize our 'link certificate'.
If we don't want to do this, we will have to either kill the v1 handshake
(we probably don't like this), or we will have to change the logic with
which we create our certificate chains since OpenSSL will not present a
non-valid certificate chain during the SSL handshake [0]. Both solutions
seem *much* dirtier than customizing all the certificates that need to be
customized.
I believe that if a user has provided certificate strings, we have to
customize all our SSL context certificates so that they make sense from a
PKI point of view (and so that all of our handshakes work correctly.).
What do you think?
[0]: Instead of doing X509_STORE_add_cert() we will have to do
SSL_CTX_add_extra_chain_cert(), so that the invalid cert. chain gets
presented during v1. And in the case of a v2, we will have to dive into
the guts of OpenSSL and remove the cert from the SSL context ourselves,
before re-adding it in the renegotiation stage. Sounds *very* ugly.
http://osdir.com/ml/encryption.openssl.cvs/2003-02/msg00032.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4549#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs