Re: [TLS] Verifying X.509 Certificate Chains out of order

To: stefans at microsoft.com (Stefan Santesson)
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
From: Martin Rex <Martin.Rex at sap.com>
Date: Tue, 7 Oct 2008 23:30:25 +0200 (MEST)
Cc: simon at josefsson.org, tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <9F11911AED01D24BAA1C2355723C3D3218DDA55CF6 at EA-EXMSG-C332.europe.corp.microsoft.com> from "Stefan Santesson" at Oct 7, 8 06:01:12 pm
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: martin.rex at sap.com
Sender: tls-bounces at ietf.org

Stefan Santesson wrote:
> 
> On the original question:
> 
> > It is claimed that OpenSSL, IE and Firefox does not enforce the second
> > MUST in the paragraph above, and succeeds in verifying an
> > out-of-sequence chain.  I haven't verified the claim.
> 
> A Microsoft based SSL server will insert the certificates in order.
> A Microsoft based SSL client doesn't require the certificates to be
> in order. The client simply passes these certificates to the
> CertGetCertificateChain API in the hAdditionalStore parameter.
> This will validate the subject certificate regardless of order.

I would appreciate if we could discuss the issue with terms of simple
facts instead of in terms of a proprietary API.

My familiarity with Microsoft CryptoAPI is close to zero,
but a first glance suggests that you MUST explicitly provide
an End Entity cert to CertGetCertificateChain(), parameter pCertContext.

Either you have a hen-and-egg problem, or the certificate_list
is not as unsorted as you claim it is.  How do you know which one
is the End Entity cert without either relying that it is the first
cert (as required by all existings TLS specs) or by first doing
a manual search and applying heuristics (something that I seriously
frown upon).

-Martin
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Stefan Santesson

References:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Stefan Santesson

Prev by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Previous by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Index(es):
- Date
- Thread

Re: [TLS] Verifying X.509 Certificate Chains out of order

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.