Provide tls_peer_cert_common_name()

There is currently no sane way of getting your hands on the common name or
subject alternative name of the peer certificate from libtls. It is possible
to extract

Provide tls_peer_cert_common_name()

There is currently no sane way of getting your hands on the common name or
subject alternative name of the peer certificate from libtls. It is possible
to extract it from the peer cert's PEM by hand, but that way lies madness.
While the common name is close to being deprecated in the webpki, it is
still the de facto standard to identify client certs. It would be nice to
have a way to access the subject alternative names as well, but this is a
lot more difficult to expose in a clean and sane C interface due to its
multivaluedness.

Initial diff from henning, with input from beck, jsing and myself
henning and bluhm have plans of using this in syslogd.

ok beck

show more ...

The subject of a certificate is not optional

A certificate must have a subject, so X509_get_subject_name() cannot
return NULL on a correctly parsed certificate, even if the subject is
empty (which i

The subject of a certificate is not optional

A certificate must have a subject, so X509_get_subject_name() cannot
return NULL on a correctly parsed certificate, even if the subject is
empty (which is allowed). So if X509_get_subject_name() returns NULL,
error instead of silently ignoring it in tls_check_common_name().

This is currently no issue. Where it matters, the match against the
common name will fail later, so we fail closed anyway.

ok jsing

show more ...

Add error code support to libtls

This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.

Additional error codes will be added in follow-up commits.

ok

Add error code support to libtls

This adds tls_config_error_code() and tls_error_code(), which will become
public API at a later date.

Additional error codes will be added in follow-up commits.

ok jsing@ beck@

show more ...

typo: mutiple -> multiple

from Ryan Kavanagh (rak [at] debian [dot] org), ok tb@

Rework tls_check_subject_altname() error handling

Default to having rv = -1 and explicitly goto done to set rv = 0.
This matches other code better.

ok jsing

Check for X509_get_ext_d2i() failure

X509_get_ext_d2i() (or rather X509V3_get_d2i()) can return NULL for
various reasons. If it fails because the extension wasn't found, it
sets *crit = -1. In any o

Check for X509_get_ext_d2i() failure

X509_get_ext_d2i() (or rather X509V3_get_d2i()) can return NULL for
various reasons. If it fails because the extension wasn't found, it
sets *crit = -1. In any other case, e.g., the cert is bad or we ran
out of memory in X509V3_EXT_d2i(), crit is set to something else, so
we should actually error.

ok jsing

show more ...

Correctly catch all return values from X509_NAME_get_index_by_NID

And some comment requests, from jsing@

ok jsing@

correct comment, spotted by tb@

Refactor tls_check_common_name to use lower level API.

X509_NAME_get_text_by_NID is kind of a bad interface that
we wish to make safer, and does not give us the visibility
we really want here to det

Refactor tls_check_common_name to use lower level API.

X509_NAME_get_text_by_NID is kind of a bad interface that
we wish to make safer, and does not give us the visibility
we really want here to detect hostile things.

Instead call the lower level functions to do some better
checking that should be done by X509_NAME_get_text_by_NID,
but is not in the OpenSSL version. Specifically we will treat
the input as hostile and fail if:

1) The certificate contains more than one CN in the subject.
2) The CN does not decode as UTF-8
3) The CN is of invalid length (must be between 1 and 64 bytes)
4) The CN contains a 0 byte

4) matches the existing logic, 1 and 2, and 3 are new checks.

ok tb@

show more ...

tls_verify.c: give up on variable alignment in this file

The previous commit resulted in misalignment, which impacts my OCD worse
than no alignment at all. Alignment wasn't consistently done in this

tls_verify.c: give up on variable alignment in this file

The previous commit resulted in misalignment, which impacts my OCD worse
than no alignment at all. Alignment wasn't consistently done in this file
anyway. op tells me it won't affect current efforts in reducing the diff.

show more ...

switch two ASN1_STRING_data() to ASN1_STRING_get0_data()

and while here mark as const data.

This diff is actually from gilles@, in OpenSMTPD-portable bundled
libtls.

ok tb@, jsing@

Fix error handling in tls_check_common_name()

A calloc failure should be a fatal error, so make it return -1.
Also switch the default rv to -1 and distinguish error cases with
acceptable situations

Fix error handling in tls_check_common_name()

A calloc failure should be a fatal error, so make it return -1.
Also switch the default rv to -1 and distinguish error cases with
acceptable situations with goto err/goto done.

ok jsing

show more ...

Be consistent with the goto label names used in libtls code.

No change to generated assembly.

Rework name verification code so that a match is indicated via an argument,
rather than return codes. More strictly follow RFC 6125, in particular only
check the CN if there are no SAN identifiers pr

Rework name verification code so that a match is indicated via an argument,
rather than return codes. More strictly follow RFC 6125, in particular only
check the CN if there are no SAN identifiers present in the certificate
(per section 6.4.4).

Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>.

ok beck@ jca@

show more ...

Avoid signed vs unsigned comparisons.

ok miod@

Add callback-based interface to libtls.

This allows working with buffers and callback functions instead of directly on
sockets or file descriptors.
Original patch from Tobias Pape <tobias_at_netshed

Add callback-based interface to libtls.

This allows working with buffers and callback functions instead of directly on
sockets or file descriptors.
Original patch from Tobias Pape <tobias_at_netshed.de>.
ok beck@

show more ...

Revert previous since it adds new symbols.

Requested by deraadt@

Instead of declaring a union in multiple places, move it to tls_internal.h.

ok deraadt@

clean some ugly intendation warts

Do not match a wildcard against a name with no host part.
ok jsing@

add tls_peer functions for checking names and issuers of peer certificates.
ok jsing@

Indent labels with a space so that diff -p is more friendly.

Requested by bluhm@

Improve libtls error messages.

The tls_set_error() function previously stored the errno but did nothing
with it. Change tls_set_error() to append the strerror(3) of the stored
errno so that we inclu

Improve libtls error messages.

The tls_set_error() function previously stored the errno but did nothing
with it. Change tls_set_error() to append the strerror(3) of the stored
errno so that we include useful information regarding failures.

Provide a tls_set_errorx() function that does not store the errno or
include strerror(3) in the error message. Call this function instead of
tls_set_error() for errors where the errno value has no useful meaning.

With feedback from and ok doug@

show more ...

Make functions that are internal to tls verify static.

Spotted by Marko Kreen.

Rides libtls major bump.

Reject dNSName of " " for subjectAltName extension.

RFC 5280 says " " must not be used as a dNSName.

ok jsing@ jca@