[ssh_x509] Certificate Procedures and Test Program

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu May 9 19:49:13 EEST 2019


ssh_x509 at roumenpetrov.info wrote:
> Thank you,
>     In the README.x509v3 file under the "X509 store" options, what is the
> difference between *CACertificatePath* and *CACertificateFile* because
> the CACertificateFile is not under the path directory pointed by
> CACertificatePath.
So this is due to program implementation in cryptographic library. 
Lookup method are described in manual pages X509_LOOKUP_file(3) or 
X509_LOOKUP_hash_dir(3) - one and the same page.
OpenSSL command is verify.
So "...file..." and "...path..." are common options for various products 
that use certificates ( https://roumenpetrov.info/domino_CA/ ) and 
cryptographic library is OpenSSL. Page is outdated and lack programs 
like curl (--cacert/--capath) wget (--ca-certificate=/--ca-directory=).

Also please see -untrusted option of openssl verify command in more 
recent versoins (1.1+). Compare with -trusted, and -CAfile, and -CApath.

Cert/crl obtained for -CAfile and -CApath are part of trusted 
"certificate store", -untrusted simulate "intermediate" and etc.


> The definition says "certificates of certificate signers" , I believe this
> means to verify the chain of certificates. and I do have one, a Root and
> Intermediate concatenated ( bundled ), so now I am confused where to keep
> my bundle?

This depend from algorithms.

(A) In brief for "legacy" remote has to keep root and intermediate as on 
wire is send only client cert..
Remote means server (sshd) in X.509 public keys or client (ssh) for 
X.509 host-key.

(B) For "new" format (rfc6187 ) remote could contain only root as on 
wire. Local is responsible to construct "chain" with client and 
intermediate and to send on wire.
Remark: local means client(ssh) for public keys and daemon (sshd) for 
host-key.
Local construct chain using certificates for identity/host-key file and 
those from "certificate store".

Why from both? For compatibility. With setup from (A) you could use both 
algorithms formats in all cases.


Samples:
1. Server accepts only rfc6187 format.
In CA file/directory keep just root.
Clients should have intermediates from PKCS#12 file.

2. Server accepts legacy and rfc6187 format (default).
In CA file/directory keep root and intermediate.
Outdated clients like those form ssh.com could connect to this server .


> To me CACertificateFile feels like appropriate. in that case
> what is the use of CACertificatePath.
No difference - see above.


> Similar confusion between CARevocationFile and CARevocationPath.

PKIX-SSH implements revocation check before OpenSSL and my decision was 
to separate certificate from crl. OpenSSL implements later and decide to 
use same options.

This explain why exists separate "revocation" store.

"revocation" is more tricky to explain. Perhaps this 
https://github.com/openssl/openssl/pull/8442#issuecomment-482795955 
could help.

If you use OpenSSL 1.0.0+ "directory" format is recommended for crl.
For version before (up to 0.9.8zh) there is no difference.


>
> Please clarify.
>
> Regards,
> Srini.

[SNIP]
Regards,
Roumen




More information about the ssh_x509 mailing list