[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL server certificate that has an intermediary certificate in the chain

To: David Hawes <dhawes@vt.edu>
Subject: Re: SSL server certificate that has an intermediary certificate in the chain
From: Howard Chu <hyc@symas.com>
Date: Mon, 01 Aug 2011 10:07:34 -0700
Cc: openldap-technical@openldap.org
In-reply-to: <4E36D52B.2020208@vt.edu>
References: <4E330129.4030004@uvm.edu> <alpine.BSO.2.00.1107291208340.11176@morgaine.smi.sendmail.com> <4E334C30.7030004@uvm.edu> <4E33500F.1080006@symas.com> <CA+i=0E6QLNqU4a6mumFm_FtVkwT=AsL6P5RzURVjLVBtUqgsxA@mail.gmail.com> <4E344A05.1050104@symas.com> <4E36D52B.2020208@vt.edu>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0a1) Gecko/20110612 Firefox/7.0a1 SeaMonkey/2.4a1

David Hawes wrote:

On 2011-07-30 14:14, Howard Chu wrote:

Erwann ABALEA wrote:

Actual OpenLDAP configuration would be to place B (and maybe B1)
certificate in TLSCACertificateFile/Path element, to be able to verify
the Client certificate. The Server must also place A1 in this element,
so it can be sent to the Client to help it verify the Server
certificate.

So, during the TLS negotiation, B, A1, maybe B1, maybe A are sent to
the Client for it to verify the Server certificate? (remember, this
certificate is signed by A1, and A must already be known by the
Client). That's a waste of bandwidth.


The TLS library doesn't do anything so stupid, it only sends the
certificates that are part of the chain from the subject's cert up to
the root CA.


I think the real question here is if the CA chain that the server sends
and the CA chain that the server uses to verify client certificates can
be different.

In Apache, this is done with the SSLCertificateChainFile and
SSLCACertificateFile directives.  This makes it possible to have the
server send a certificate chain that differs from the CAs it uses to
verify clients.  This is useful if you want to have a server certificate
signed by one CA, but only accept client certificates signed by another CA.

This sounds like an OpenLDAP feature request to me.

Think about why you would configure such a setup, and what it actually means.When you have a certificate of your own, signed by a particular CA, thatobviously means that you must trust that CA. If you're going to accept a certfrom another party that is signed by a different CA that obviously means thatyou must also trust the other CA. There is absolutely nothing gained fromisolating these two CAs, on either side of the session.

OpenSSL (e.g.) already sends only the chain of certificates relevant to itsown subject cert. The fact that all CAs are tossed into a single file (ordirectory) together is irrelevant; in memory it's all managed as a databaseand only the certs that it needs are accessed.

If there were indeed anything to be gained by such a feature, it would alsoneed to be implemented on clients. Look around - do any web browsers allow youto isolate CAs like this?


It's utter nonsense.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: SSL server certificate that has an intermediary certificate in the chain
  - From: David Hawes <dhawes@vt.edu>
- Re: SSL server certificate that has an intermediary certificate in the chain
  - From: Erwann ABALEA <eabalea@gmail.com>
- Re: SSL server certificate that has an intermediary certificate in the chain
  - From: Erwann ABALEA <eabalea@gmail.com>

References:
- Re: SSL server certificate that has an intermediary certificate in the chain
  - From: David Hawes <dhawes@vt.edu>

Prev by Date: Re: SSL server certificate that has an intermediary certificate in the chain
Next by Date: Re: SSL server certificate that has an intermediary certificate in the chain
Index(es):
- Chronological
- Thread