Topic: [SOLVED] partial chain verification in WOLFSSL

Hello,

OPENSSL provide the flag "partial_chain" that allow non self signed certificates to be used as CA, and verify certificates signed by one of those non self signed CA certificates. also, with "partial_chain" a non self signed CA can verify itself (which I'm not sure that is a private case of the partial chain verification rule).

is there a similar behavior supported by WOLFSSL? I'm looking for partial chain verification, self-verification, or both.

I know there is possibility to overwrite the verification result with verify_cb mechanism but I want to use WOLFSSL verification schemes. maybe I can call relevant WOLFSSL function from inside my verify_cb?

Thanks!

Amir

p.s.
without the flag, OPENSSL return "unable to get local issuer certificate". WOLFSSL return -188 (ASN_NO_SIGNER_E).

Share

Re: [SOLVED] partial chain verification in WOLFSSL

amirmaim wrote:

Hello,

OPENSSL provide the flag "partial_chain" that allow non self signed certificates to be used as CA, and verify certificates signed by one of those non self signed CA certificates. also, with "partial_chain" a non self signed CA can verify itself (which I'm not sure that is a private case of the partial chain verification rule).

is there a similar behavior supported by WOLFSSL? I'm looking for partial chain verification, self-verification, or both.

I know there is possibility to overwrite the verification result with verify_cb mechanism but I want to use WOLFSSL verification schemes. maybe I can call relevant WOLFSSL function from inside my verify_cb?

Thanks!

Amir

p.s.
without the flag, OPENSSL return "unable to get local issuer certificate". WOLFSSL return -188 (ASN_NO_SIGNER_E).

Hey,Amir.
Check out this manual.
https://www.wolfssl.com/docs/wolfssl-manual/ch7/
There are several good and useful answers.
And a special thank to Bitcohen.
Regards BG!

Share

Re: [SOLVED] partial chain verification in WOLFSSL

Thanks Bitgid, but I've seen this manual and the answer to my question is not there.

to clarify: assuming we have 3 certificates A->B->C (A signed B, B signed C), where A is self-signed certificate, is there a way to load B as the my trust anchor, and allow WOLFSSL to authenticate C only with B (that is, without self-signed certificate)?

this behavior will be equivalent to OPENSSL with "partial_chain" flag.

anyway, thanks!

Amir

Share

Re: [SOLVED] partial chain verification in WOLFSSL

amirmaim wrote:

Thanks Bitgid, but I've seen this manual and the answer to my question is not there.

to clarify: assuming we have 3 certificates A->B->C (A signed B, B signed C), where A is self-signed certificate, is there a way to load B as the my trust anchor, and allow WOLFSSL to authenticate C only with B (that is, without self-signed certificate)?

this behavior will be equivalent to OPENSSL with "partial_chain" flag.

anyway, thanks!

Amir

Oh,ok.I will try search more infor for you!

Share

Re: [SOLVED] partial chain verification in WOLFSSL

Hi Bitgid and amirmaim,

Summary:

Some TLS servers may present an incomplete certificate chain. For example they may include an additional certificate for validating signed mail messgaes. By default wolfSSL validates all certificates in the provided chain. This differs from other TLS engines, such as openssl, which allow any valid chain for the server certificate.

We consider it best practice to validate all certificates in the chain and use this by default. If you are not able to load CA's for all certificates in the chain or want to allow alternate certificate chains then you can enable support for it using  `#define WOLFSSL_ALT_CERT_CHAINS` or with `./configure CFLAGS="-DWOLFSSL_ALT_CERT_CHAINS`.

Let us know if you have any other questions, concerns, comments on this topic.

Warm Regards,

Kaleb

Re: [SOLVED] partial chain verification in WOLFSSL

Kaleb and Bitgid thank you very much for the responses, since we have earlier version of WOLFSSL (WOLFSSL_ALT_CERT_CHAINS available from October 2017) we are going to override verification result with verify_cb if it will prove necessary.

Thanks again!

Amir

Share

Re: [SOLVED] partial chain verification in WOLFSSL

amirmaim wrote:

...
to clarify: assuming we have 3 certificates A->B->C (A signed B, B signed C), where A is self-signed certificate, is there a way to load B as the my trust anchor, and allow WOLFSSL to authenticate C only with B (that is, without self-signed certificate)?

this behavior will be equivalent to OPENSSL with "partial_chain" flag.
...

amirmaim wrote:

...
without the flag, OPENSSL return "unable to get local issuer certificate". WOLFSSL return -188 (ASN_NO_SIGNER_E).

I can't reproduce this error with the current (Aug 2021) wolfSSL source code from https://github.com/wolfSSL/wolfssl.

In my tests, if I only configure trust in an intermediate CA, wolfSSL validates the certification path successfully, instead of failing as described by the OP!.

Maybe in the past it was required to always chain up to self-signed root CAs to validate the certification paths (as OpenSSL does by default, unless X509_V_FLAG_PARTIAL_CHAIN is used), but not anymore?. Can anyone confirm?.

PS: From my tests, WOLFSSL_ALT_CERT_CHAINS isn't really related to this as it (apparently) only instructs the library to ignore unrelated certificates during validation and even without it enabled, trusting only in an intermediate CA currently suffices for successful validation.

Share

Re: [SOLVED] partial chain verification in WOLFSSL

I've found https://www.wolfssl.com/docs/wolfssl-manual/ch2/, which confirms the validation behavior described by the OP:

WOLFSSL_ALT_CERT_CHAIN ... allows loading intermediate CA's as trusted and ignoring no signer failures for CA's up the chain to root. The alternate certificate chain mode only requires that the peer certificate validate to a trusted CA.

But, as mentioned previously, it is not working like that currently, i.e. trust in intermediate CAs works even without WOLFSSL_ALT_CERT_CHAIN. Has something changed recently in regards to this?.

Share

Re: [SOLVED] partial chain verification in WOLFSSL

Hi @hablutzel1


Thanks for joining the forum. Would you please send an email to support@wolfssl.com referencing this post? We'd like to get some more information about the issue you are seeing.

Thanks,
Eric @ wolfSSL Support

Re: [SOLVED] partial chain verification in WOLFSSL

Hi Kaleb, I think that this practice might not be a best practice anymore (if it ever was):

Kaleb J. Himes wrote:

...
We consider it best practice to validate all certificates in the chain and use this by default.
...

Quoting from https://datatracker.ietf.org/doc/html/r … ion-4.4.2:

Note: Prior to TLS 1.3, "certificate_list" ordering required each
   certificate to certify the one immediately preceding it; however,
   some implementations allowed some flexibility.  Servers sometimes
   send both a current and deprecated intermediate for transitional
   purposes, and others are simply configured incorrectly, but these
   cases can nonetheless be validated properly.  For maximum
   compatibility, all implementations SHOULD be prepared to handle
   potentially extraneous certificates and arbitrary orderings from any
   TLS version
, with the exception of the end-entity certificate which
   MUST be first.

So you might want to enable WOLFSSL_ALT_CERT_CHAINS by default to accomodate to "be prepared to handle potentially extraneous certificates".

In addition, wolfSSL isn't supporting "arbitrary orderings" currently, i.e. for a path A (trust anchor) -> B -> C -> D (leaf), if it receives the certificates in the order D - B - C, it fails.

Share

Re: [SOLVED] partial chain verification in WOLFSSL

Hi hablutzel1

Thanks for sending your request to support@wolfssl.com.