OpenVPN
ssl_verify_openssl.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
9 * Copyright (C) 2010-2026 Sentyron B.V. <openvpn@sentyron.com>
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <https://www.gnu.org/licenses/>.
22 */
23
29#ifdef HAVE_CONFIG_H
30#include "config.h"
31#endif
32
33#include "syshead.h"
34
35#if defined(ENABLE_CRYPTO_OPENSSL)
36
37#include "ssl_verify_openssl.h"
38
39#include "error.h"
40#include "ssl_openssl.h"
41#include "ssl_verify.h"
42#include "ssl_verify_backend.h"
43#include "openssl_compat.h"
44
45#include <openssl/bn.h>
46#include <openssl/err.h>
47#include <openssl/x509v3.h>
48
49int
50verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
51{
52 int ret = 0;
53 struct tls_session *session;
54 SSL *ssl;
55 struct gc_arena gc = gc_new();
56
57 /* get the tls_session pointer */
58 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
59 ASSERT(ssl);
60 session = (struct tls_session *)SSL_get_ex_data(ssl, mydata_index);
61 ASSERT(session);
62
63 X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
64 struct buffer cert_hash = x509_get_sha256_fingerprint(current_cert, &gc);
65 cert_hash_remember(session, X509_STORE_CTX_get_error_depth(ctx), &cert_hash);
66
67 /* did peer present cert which was signed by our root cert? */
68 if (!preverify_ok && !session->opt->verify_hash_no_ca)
69 {
70 /* get the X509 name */
71 char *subject = x509_get_subject(current_cert, &gc);
72 char *serial = backend_x509_get_serial(current_cert, &gc);
73
74 if (!subject)
75 {
76 subject = "(Failed to retrieve certificate subject)";
77 }
78
79 /* Log and ignore missing CRL errors */
80 if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL)
81 {
82 msg(D_TLS_DEBUG_LOW, "VERIFY WARNING: depth=%d, %s: %s",
83 X509_STORE_CTX_get_error_depth(ctx),
84 X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx)), subject);
85 ret = 1;
86 goto cleanup;
87 }
88
89 /* Remote site specified a certificate, but it's not correct */
90 msg(D_TLS_ERRORS, "VERIFY ERROR: depth=%d, error=%s: %s, serial=%s",
91 X509_STORE_CTX_get_error_depth(ctx),
92 X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx)), subject,
93 serial ? serial : "<not available>");
94
95 ERR_clear_error();
96
97 session->verified = false;
98 goto cleanup;
99 }
100
101 if (SUCCESS != verify_cert(session, current_cert, X509_STORE_CTX_get_error_depth(ctx)))
102 {
103 goto cleanup;
104 }
105
106 ret = 1;
107
108cleanup:
109 gc_free(&gc);
110
111 return ret;
112}
113
114bool
115x509_username_field_ext_supported(const char *fieldname)
116{
117 int nid = OBJ_txt2nid(fieldname);
118 return nid == NID_subject_alt_name || nid == NID_issuer_alt_name;
119}
120
121static bool
122extract_x509_extension(X509 *cert, char *fieldname, char *out, size_t size)
123{
124 bool retval = false;
125
126 if (!x509_username_field_ext_supported(fieldname))
127 {
128 msg(D_TLS_ERRORS, "ERROR: --x509-username-field 'ext:%s' not supported", fieldname);
129 return false;
130 }
131
132 int nid = OBJ_txt2nid(fieldname);
133 GENERAL_NAMES *extensions = X509_get_ext_d2i(cert, nid, NULL, NULL);
134 if (extensions)
135 {
136 /* get amount of alternatives,
137 * RFC2459 claims there MUST be at least
138 * one, but we don't depend on it...
139 */
140
141 int numalts = sk_GENERAL_NAME_num(extensions);
142
143 /* loop through all alternatives */
144 for (int i = 0; i < numalts; i++)
145 {
146 /* get a handle to alternative name number i */
147 const GENERAL_NAME *name = sk_GENERAL_NAME_value(extensions, i);
148 char *buf = NULL;
149
150 switch (name->type)
151 {
152 case GEN_EMAIL:
153 if (ASN1_STRING_to_UTF8((unsigned char **)&buf, name->d.rfc822Name) < 0)
154 {
155 continue;
156 }
157 if ((ssize_t)strlen(buf) != ASN1_STRING_length(name->d.rfc822Name))
158 {
159 msg(D_TLS_ERRORS, "ASN1 ERROR: string contained terminating zero");
160 OPENSSL_free(buf);
161 }
162 else
163 {
164 strncpynt(out, buf, size);
165 OPENSSL_free(buf);
166 retval = true;
167 }
168 break;
169
170 default:
171 msg(D_TLS_DEBUG, "%s: ignoring general name field type %d", __func__,
172 name->type);
173 break;
174 }
175 }
176 GENERAL_NAMES_free(extensions);
177 }
178 return retval;
179}
180
181/*
182 * Extract a field from an X509 subject name.
183 *
184 * Example:
185 *
186 * /C=US/ST=CO/L=Denver/O=ORG/CN=First-CN/CN=Test-CA/Email=jim@yonan.net
187 *
188 * The common name is 'Test-CA'
189 *
190 * Return true on success, false on error (insufficient buffer size in 'out'
191 * to contain result is grounds for error).
192 */
193static result_t
194extract_x509_field_ssl(const X509_NAME *x509, const char *field_name, char *out, size_t size)
195{
196 int lastpos = -1;
197 int tmp = -1;
198 unsigned char *buf = NULL;
199
200 ASN1_OBJECT *field_name_obj = OBJ_txt2obj(field_name, 0);
201 if (field_name_obj == NULL)
202 {
203 msg(D_TLS_ERRORS, "Invalid X509 attribute name '%s'", field_name);
204 return FAILURE;
205 }
206
207 ASSERT(size > 0);
208 *out = '\0';
209 do
210 {
211 lastpos = tmp;
212#if OPENSSL_VERSION_NUMBER >= 0x30000000L
213 tmp = X509_NAME_get_index_by_OBJ(x509, field_name_obj, lastpos);
214#else
215 /* OpenSSL 1.1.x has the argument as non-const */
216 tmp = X509_NAME_get_index_by_OBJ((X509_NAME *)x509, field_name_obj, lastpos);
217#endif
218 } while (tmp > -1);
219
220 ASN1_OBJECT_free(field_name_obj);
221
222 /* Nothing found */
223 if (lastpos == -1)
224 {
225 return FAILURE;
226 }
227
228 const X509_NAME_ENTRY *x509ne = X509_NAME_get_entry(x509, lastpos);
229 if (!x509ne)
230 {
231 return FAILURE;
232 }
233
234 const ASN1_STRING *asn1 = X509_NAME_ENTRY_get_data(x509ne);
235 if (!asn1)
236 {
237 return FAILURE;
238 }
239 if (ASN1_STRING_to_UTF8(&buf, asn1) < 0)
240 {
241 return FAILURE;
242 }
243
244 strncpynt(out, (char *)buf, size);
245
246 const result_t ret = (strlen((char *)buf) < size) ? SUCCESS : FAILURE;
247 OPENSSL_free(buf);
248 return ret;
249}
250
251result_t
252backend_x509_get_username(char *common_name, size_t cn_len, char *x509_username_field, X509 *peer_cert)
253{
254 if (strncmp("ext:", x509_username_field, 4) == 0)
255 {
256 if (!extract_x509_extension(peer_cert, x509_username_field + 4, common_name, cn_len))
257 {
258 return FAILURE;
259 }
260 }
261 else if (strcmp(LN_serialNumber, x509_username_field) == 0)
262 {
263 const ASN1_INTEGER *asn1_i = X509_get_serialNumber(peer_cert);
264
265 BIGNUM *bn_serial = ASN1_INTEGER_to_BN(asn1_i, NULL);
266 char *serial = BN_bn2hex(bn_serial);
267 BN_free(bn_serial);
268
269 if (!serial || cn_len <= strlen(serial) + 2)
270 {
271 OPENSSL_free(serial);
272 return FAILURE;
273 }
274 snprintf(common_name, cn_len, "0x%s", serial);
275 OPENSSL_free(serial);
276 }
277 else
278 {
279 const X509_NAME *x509_subject_name = X509_get_subject_name(peer_cert);
280 if (x509_subject_name == NULL)
281 {
282 msg(D_TLS_ERRORS, "X509 subject name is NULL");
283 return FAILURE;
284 }
285
286 if (FAILURE
287 == extract_x509_field_ssl(x509_subject_name, x509_username_field,
288 common_name, cn_len))
289 {
290 return FAILURE;
291 }
292 }
293
294 return SUCCESS;
295}
296
297char *
315
316char *
317backend_x509_get_serial_hex(openvpn_x509_cert_t *cert, struct gc_arena *gc)
318{
319 const ASN1_INTEGER *asn1_i = X509_get_serialNumber(cert);
320 BIGNUM *bn_serial = ASN1_INTEGER_to_BN(asn1_i, NULL);
321 int len_serial = BN_num_bytes(bn_serial);
322 unsigned char *buf = malloc(len_serial);
323 BN_bn2binpad(bn_serial, buf, len_serial);
324
325 char *ret = format_hex_ex(buf, len_serial, 0, 1, ":", gc);
326 free(buf);
327 BN_free(bn_serial);
328
329 return ret;
330}
331
332result_t
333backend_x509_write_pem(openvpn_x509_cert_t *cert, const char *filename)
334{
335 BIO *out = BIO_new_file(filename, "w");
336 if (!out)
337 {
338 goto err;
339 }
340
341 if (!PEM_write_bio_X509(out, cert))
342 {
343 goto err;
344 }
345 BIO_free(out);
346
347 return SUCCESS;
348err:
349 BIO_free(out);
350 crypto_msg(D_TLS_DEBUG_LOW, "Error writing X509 certificate to file %s", filename);
351 return FAILURE;
352}
353
354struct buffer
355x509_get_sha1_fingerprint(X509 *cert, struct gc_arena *gc)
356{
357 const EVP_MD *sha1 = EVP_sha1();
358 struct buffer hash = alloc_buf_gc((size_t)EVP_MD_size(sha1), gc);
359 X509_digest(cert, EVP_sha1(), BPTR(&hash), NULL);
360 ASSERT(buf_inc_len(&hash, EVP_MD_size(sha1)));
361 return hash;
362}
363
364struct buffer
365x509_get_sha256_fingerprint(X509 *cert, struct gc_arena *gc)
366{
367 const EVP_MD *sha256 = EVP_sha256();
368 struct buffer hash = alloc_buf_gc((size_t)EVP_MD_size(sha256), gc);
369 X509_digest(cert, EVP_sha256(), BPTR(&hash), NULL);
370 ASSERT(buf_inc_len(&hash, EVP_MD_size(sha256)));
371 return hash;
372}
373
374char *
375x509_get_subject(X509 *cert, struct gc_arena *gc)
376{
377 BIO *subject_bio = NULL;
378 BUF_MEM *subject_mem;
379 char *subject = NULL;
380
381 subject_bio = BIO_new(BIO_s_mem());
382 if (subject_bio == NULL)
383 {
384 goto err;
385 }
386
387 X509_NAME_print_ex(subject_bio, X509_get_subject_name(cert), 0,
388 XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN | ASN1_STRFLGS_UTF8_CONVERT
389 | ASN1_STRFLGS_ESC_CTRL);
390
391 if (BIO_eof(subject_bio))
392 {
393 goto err;
394 }
395
396 BIO_get_mem_ptr(subject_bio, &subject_mem);
397
398 subject = gc_malloc(subject_mem->length + 1, false, gc);
399
400 memcpy(subject, subject_mem->data, subject_mem->length);
401 subject[subject_mem->length] = '\0';
402
403err:
404 BIO_free(subject_bio);
405 return subject;
406}
407
408
409/*
410 * x509-track implementation -- save X509 fields to environment,
411 * using the naming convention:
412 *
413 * X509_{cert_depth}_{name}={value}
414 *
415 * This function differs from x509_setenv below in the following ways:
416 *
417 * (1) Only explicitly named attributes in xt are saved, per usage
418 * of "x509-track" program options.
419 * (2) Only the level 0 cert info is saved unless the XT_FULL_CHAIN
420 * flag is set in xt->flags (corresponds with prepending a '+'
421 * to the name when specified by "x509-track" program option).
422 * (3) This function supports both X509 subject name fields as
423 * well as X509 V3 extensions.
424 * (4) This function can return the SHA1 fingerprint of a cert, e.g.
425 * x509-track "+SHA1"
426 * will return the SHA1 fingerprint for each certificate in the
427 * peer chain.
428 */
429
430void
431x509_track_add(const struct x509_track **ll_head, const char *name, msglvl_t msglevel,
432 struct gc_arena *gc)
433{
434 struct x509_track *xt;
435 ALLOC_OBJ_CLEAR_GC(xt, struct x509_track, gc);
436 if (*name == '+')
437 {
438 xt->flags |= XT_FULL_CHAIN;
439 ++name;
440 }
441 xt->name = name;
442 xt->nid = OBJ_txt2nid(name);
443 if (xt->nid != NID_undef)
444 {
445 xt->next = *ll_head;
446 *ll_head = xt;
447 }
448 else
449 {
450 msg(msglevel, "x509_track: no such attribute '%s'", name);
451 }
452}
453
454/* worker method for setenv_x509_track */
455static void
456do_setenv_x509(struct env_set *es, const char *name, char *value, int depth)
457{
458 char *name_expand;
459 size_t name_expand_size;
460
461 string_mod(value, CC_ANY, CC_CRLF, '?');
462 msg(D_X509_ATTR, "X509 ATTRIBUTE name='%s' value='%s' depth=%d", name, value, depth);
463 name_expand_size = 64 + strlen(name);
464 name_expand = (char *)malloc(name_expand_size);
465 check_malloc_return(name_expand);
466 snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name);
467 setenv_str(es, name_expand, value);
468 free(name_expand);
469}
470
471void
472x509_setenv_track(const struct x509_track *xt, struct env_set *es, const int depth, X509 *x509)
473{
474 struct gc_arena gc = gc_new();
475#if OPENSSL_VERSION_NUMBER < 0x30000000L
476 /* OpenSSL 1.1.x APIs all take non-const arguments */
477 X509_NAME *x509_name = X509_get_subject_name(x509);
478#else
479 const X509_NAME *x509_name = X509_get_subject_name(x509);
480#endif
481 const char nullc = '\0';
482
483 while (xt)
484 {
485 if (depth == 0 || (xt->flags & XT_FULL_CHAIN))
486 {
487 switch (xt->nid)
488 {
489 case NID_sha1:
490 case NID_sha256:
491 {
492 struct buffer fp_buf;
493 char *fp_str = NULL;
494
495 if (xt->nid == NID_sha1)
496 {
497 fp_buf = x509_get_sha1_fingerprint(x509, &gc);
498 }
499 else
500 {
501 fp_buf = x509_get_sha256_fingerprint(x509, &gc);
502 }
503
504 fp_str = format_hex_ex(BPTR(&fp_buf), BLEN(&fp_buf), 0, 1 | FHE_CAPS, ":", &gc);
505 do_setenv_x509(es, xt->name, fp_str, depth);
506 }
507 break;
508
509 default:
510 {
511 int i = X509_NAME_get_index_by_NID(x509_name, xt->nid, -1);
512 if (i >= 0)
513 {
514 const X509_NAME_ENTRY *ent = X509_NAME_get_entry(x509_name, i);
515 if (ent)
516 {
517 const ASN1_STRING *val = X509_NAME_ENTRY_get_data(ent);
518 unsigned char *buf = NULL;
519 if (ASN1_STRING_to_UTF8(&buf, val) >= 0)
520 {
521 do_setenv_x509(es, xt->name, (char *)buf, depth);
522 OPENSSL_free(buf);
523 }
524 }
525 }
526 else
527 {
528 i = X509_get_ext_by_NID(x509, xt->nid, -1);
529 if (i >= 0)
530 {
531#if OPENSSL_VERSION_NUMBER < 0x40000000L
532 X509_EXTENSION *ext = X509_get_ext(x509, i);
533#else
534 const X509_EXTENSION *ext = X509_get_ext(x509, i);
535#endif
536 if (ext)
537 {
538 BIO *bio = BIO_new(BIO_s_mem());
539 if (bio)
540 {
541 if (X509V3_EXT_print(bio, ext, 0, 0))
542 {
543 if (BIO_write(bio, &nullc, 1) == 1)
544 {
545 char *str;
546 BIO_get_mem_data(bio, &str);
547 do_setenv_x509(es, xt->name, str, depth);
548 }
549 }
550 BIO_free(bio);
551 }
552 }
553 }
554 }
555 }
556 }
557 }
558 xt = xt->next;
559 }
560 gc_free(&gc);
561}
562
563/*
564 * Save X509 fields to environment, using the naming convention:
565 *
566 * X509_{cert_depth}_{name}={value}
567 */
568void
569x509_setenv(struct env_set *es, int cert_depth, openvpn_x509_cert_t *peer_cert)
570{
571 const X509_NAME *x509 = X509_get_subject_name(peer_cert);
572
573 int n = X509_NAME_entry_count(x509);
574 for (int i = 0; i < n; ++i)
575 {
576 const X509_NAME_ENTRY *ent = X509_NAME_get_entry(x509, i);
577 if (!ent)
578 {
579 continue;
580 }
581 const ASN1_OBJECT *fn = X509_NAME_ENTRY_get_object(ent);
582 if (!fn)
583 {
584 continue;
585 }
586 const ASN1_STRING *val = X509_NAME_ENTRY_get_data(ent);
587 if (!val)
588 {
589 continue;
590 }
591 int fn_nid = OBJ_obj2nid(fn);
592 if (fn_nid == NID_undef)
593 {
594 continue;
595 }
596 const char *objbuf = OBJ_nid2sn(fn_nid);
597 if (!objbuf)
598 {
599 continue;
600 }
601 unsigned char *buf = NULL;
602 if (ASN1_STRING_to_UTF8(&buf, val) < 0)
603 {
604 continue;
605 }
606 size_t name_expand_size = 64 + strlen(objbuf);
607 char *name_expand = malloc(name_expand_size);
608 check_malloc_return(name_expand);
609 snprintf(name_expand, name_expand_size, "X509_%d_%s", cert_depth, objbuf);
610 string_mod(name_expand, CC_PRINT, CC_CRLF, '_');
611 string_mod((char *)buf, CC_PRINT, CC_CRLF, '_');
612 setenv_str_incr(es, name_expand, (char *)buf);
613 free(name_expand);
614 OPENSSL_free(buf);
615 }
616}
617
618result_t
619x509_verify_ns_cert_type(openvpn_x509_cert_t *peer_cert, const int usage)
620{
621 if (usage == NS_CERT_CHECK_NONE)
622 {
623 return SUCCESS;
624 }
625 if (usage == NS_CERT_CHECK_CLIENT)
626 {
627 /*
628 * Unfortunately, X509_check_purpose() before OpenSSL 4.0 does some weird thing that
629 * prevent it to take a const argument
630 */
631 result_t result =
632 X509_check_purpose(peer_cert, X509_PURPOSE_SSL_CLIENT, 0) ? SUCCESS : FAILURE;
633 /*
634 * Note that we did not check for netscape certificate type here but
635 * instead a general SSL/TLS client purpose. These nscert attributes
636 * might stop being accepted by TLS libraries in the future.
637 * Currently, OpenSSL 4.0 and aws-lc 1.9.0 still consider nscert client
638 * as acceptable.
639 *
640 * So in case that this check failed, we now check if this is caused
641 * by the check above no longer recognising nscert attributes.
642 */
643 if (result == FAILURE)
644 {
645 ASN1_BIT_STRING *ns;
646 ns = X509_get_ext_d2i(peer_cert, NID_netscape_cert_type, NULL, NULL);
647 // bit 0 is to check if certificate is the client certificate
648 result = ASN1_BIT_STRING_get_bit(ns, 0) ? SUCCESS : FAILURE;
649 if (result == SUCCESS)
650 {
651 msg(M_WARN, "X509: Certificate is a client certificate yet it's purpose "
652 "cannot be verified (check may fail in the future)");
653 }
654 ASN1_BIT_STRING_free(ns);
655 }
656 return result;
657 }
658 if (usage == NS_CERT_CHECK_SERVER)
659 {
660 /*
661 * Unfortunately, X509_check_purpose() before OpenSSL 4.0 does some weird thing that
662 * prevent it to take a const argument
663 */
664 result_t result =
665 X509_check_purpose(peer_cert, X509_PURPOSE_SSL_SERVER, 0) ? SUCCESS : FAILURE;
666
667 /*
668 * Note that we did not check for netscape certificate type here but
669 * instead a general SSL/TLS server purpose. These nscert attributes
670 * might stop being accepted by TLS libraries in the future.
671 * Currently, OpenSSL 4.0 and aws-lc 1.9.0 still consider nscert server
672 * as acceptable.
673 *
674 * So in case that this check failed, we now check if this is caused
675 * by the check above no longer recognising nscert attributes.
676 */
677 if (result == FAILURE)
678 {
679 ASN1_BIT_STRING *ns = X509_get_ext_d2i(peer_cert, NID_netscape_cert_type, NULL, NULL);
680 // Server bit is 1 for ASN1_BIT_STRING_get_bit
681 result = ASN1_BIT_STRING_get_bit(ns, 1) ? SUCCESS : FAILURE;
682 if (result == SUCCESS)
683 {
684 msg(M_WARN, "X509: Certificate is a server certificate yet it's purpose "
685 "cannot be verified (check may fail in the future)");
686 }
687 ASN1_BIT_STRING_free(ns);
688 }
689 return result;
690 }
691
692 return FAILURE;
693}
694
695result_t
696x509_verify_cert_ku(X509 *x509, const unsigned int *const expected_ku, size_t expected_len)
697{
698 ASN1_BIT_STRING *ku = X509_get_ext_d2i(x509, NID_key_usage, NULL, NULL);
699
700 if (ku == NULL)
701 {
702 msg(D_TLS_ERRORS, "Certificate does not have key usage extension");
703 return FAILURE;
704 }
705
706 if (expected_ku[0] == OPENVPN_KU_REQUIRED)
707 {
708 /* Extension required, value checked by TLS library */
709 ASN1_BIT_STRING_free(ku);
710 return SUCCESS;
711 }
712
713 unsigned int nku = 0;
714 for (int i = 0; i < 8; i++)
715 {
716 if (ASN1_BIT_STRING_get_bit(ku, i))
717 {
718 nku |= 1 << (7 - i);
719 }
720 }
721
722 /*
723 * Fixup if no LSB bits
724 */
725 if ((nku & 0xff) == 0)
726 {
727 nku >>= 8;
728 }
729
730 msg(D_HANDSHAKE, "Validating certificate key usage");
731 result_t fFound = FAILURE;
732 for (size_t i = 0; fFound != SUCCESS && i < expected_len; i++)
733 {
734 if (expected_ku[i] != 0 && (nku & expected_ku[i]) == expected_ku[i])
735 {
736 fFound = SUCCESS;
737 }
738 }
739
740 if (fFound != SUCCESS)
741 {
742 msg(D_TLS_ERRORS, "ERROR: Certificate has key usage %04x, expected one of:", nku);
743 for (size_t i = 0; i < expected_len && expected_ku[i]; i++)
744 {
745 msg(D_TLS_ERRORS, " * %04x", expected_ku[i]);
746 }
747 }
748
749 ASN1_BIT_STRING_free(ku);
750
751 return fFound;
752}
753
754result_t
755x509_verify_cert_eku(X509 *x509, const char *const expected_oid)
756{
757 EXTENDED_KEY_USAGE *eku = NULL;
758 result_t fFound = FAILURE;
759
760 if ((eku = (EXTENDED_KEY_USAGE *)X509_get_ext_d2i(x509, NID_ext_key_usage, NULL, NULL)) == NULL)
761 {
762 msg(D_HANDSHAKE, "Certificate does not have extended key usage extension");
763 }
764 else
765 {
766 int i;
767
768 msg(D_HANDSHAKE, "Validating certificate extended key usage");
769 for (i = 0; SUCCESS != fFound && i < sk_ASN1_OBJECT_num(eku); i++)
770 {
771 ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(eku, i);
772 char szOid[1024];
773
774 if (SUCCESS != fFound && OBJ_obj2txt(szOid, sizeof(szOid), oid, 0) != -1)
775 {
776 msg(D_HANDSHAKE, "++ Certificate has EKU (str) %s, expects %s", szOid,
777 expected_oid);
778 if (!strcmp(expected_oid, szOid))
779 {
780 fFound = SUCCESS;
781 }
782 }
783 if (SUCCESS != fFound && OBJ_obj2txt(szOid, sizeof(szOid), oid, 1) != -1)
784 {
785 msg(D_HANDSHAKE, "++ Certificate has EKU (oid) %s, expects %s", szOid,
786 expected_oid);
787 if (!strcmp(expected_oid, szOid))
788 {
789 fFound = SUCCESS;
790 }
791 }
792 }
793 }
794
795 if (eku != NULL)
796 {
797 sk_ASN1_OBJECT_pop_free(eku, ASN1_OBJECT_free);
798 }
799
800 return fFound;
801}
802
803bool
804tls_verify_crl_missing(const struct tls_options *opt)
805{
806 if (!opt->crl_file || (opt->ssl_flags & SSLF_CRL_VERIFY_DIR))
807 {
808 return false;
809 }
810
811 X509_STORE *store = SSL_CTX_get_cert_store(opt->ssl_ctx->ctx);
812 if (!store)
813 {
814 crypto_msg(M_FATAL, "Cannot get certificate store");
815 }
816
817 STACK_OF(X509_OBJECT) *objs = X509_STORE_get0_objects(store);
818 for (int i = 0; i < sk_X509_OBJECT_num(objs); i++)
819 {
820 X509_OBJECT *obj = sk_X509_OBJECT_value(objs, i);
821 ASSERT(obj);
822 if (X509_OBJECT_get_type(obj) == X509_LU_CRL)
823 {
824 return false;
825 }
826 }
827 return true;
828}
829
830#endif /* defined(ENABLE_CRYPTO_OPENSSL) */
gc_malloc
void * gc_malloc(size_t size, bool clear, struct gc_arena *a)
Definition buffer.c:336
alloc_buf_gc
struct buffer alloc_buf_gc(size_t size, struct gc_arena *gc)
Definition buffer.c:89
format_hex_ex
char * format_hex_ex(const uint8_t *data, size_t size, size_t maxoutput, unsigned int space_break_flags, const char *separator, struct gc_arena *gc)
Definition buffer.c:483
string_mod
bool string_mod(char *str, const unsigned int inclusive, const unsigned int exclusive, const char replace)
Modifies a string in place by replacing certain classes of characters of it with a specified characte...
Definition buffer.c:1054
string_alloc
char * string_alloc(const char *str, struct gc_arena *gc)
Definition buffer.c:648
CC_ANY
#define CC_ANY
any character
Definition buffer.h:878
BPTR
#define BPTR(buf)
Definition buffer.h:123
buf_inc_len
static bool buf_inc_len(struct buffer *buf, int inc)
Definition buffer.h:589
CC_CRLF
#define CC_CRLF
carriage return or newline
Definition buffer.h:915
ALLOC_OBJ_CLEAR_GC
#define ALLOC_OBJ_CLEAR_GC(dptr, type, gc)
Definition buffer.h:1125
BLEN
#define BLEN(buf)
Definition buffer.h:126
strncpynt
static void strncpynt(char *dest, const char *src, size_t maxlen)
Definition buffer.h:362
check_malloc_return
static void check_malloc_return(void *p)
Definition buffer.h:1131
gc_free
static void gc_free(struct gc_arena *a)
Definition buffer.h:1049
CC_PRINT
#define CC_PRINT
printable (>= 32, != 127)
Definition buffer.h:886
FHE_CAPS
#define FHE_CAPS
Definition buffer.h:499
gc_new
static struct gc_arena gc_new(void)
Definition buffer.h:1041
crypto_msg
#define crypto_msg(flags,...)
Retrieve any OpenSSL errors, then print the supplied error message.
Definition crypto_openssl.h:116
setenv_str
void setenv_str(struct env_set *es, const char *name, const char *value)
Definition env_set.c:307
setenv_str_incr
void setenv_str_incr(struct env_set *es, const char *name, const char *value)
Store the supplied name value pair in the env_set.
Definition env_set.c:329
D_TLS_DEBUG_LOW
#define D_TLS_DEBUG_LOW
Definition errlevel.h:76
D_X509_ATTR
#define D_X509_ATTR
Definition errlevel.h:102
D_HANDSHAKE
#define D_HANDSHAKE
Definition errlevel.h:71
D_TLS_ERRORS
#define D_TLS_ERRORS
Definition errlevel.h:58
D_TLS_DEBUG
#define D_TLS_DEBUG
Definition errlevel.h:164
verify_callback
int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
Verify that the remote OpenVPN peer's certificate allows setting up a VPN tunnel.
Definition ssl_verify_openssl.c:50
openssl_compat.h
OpenSSL compatibility stub.
M_FATAL
#define M_FATAL
Definition error.h:90
msg
#define msg(flags,...)
Definition error.h:152
msglvl_t
unsigned int msglvl_t
Definition error.h:77
ASSERT
#define ASSERT(x)
Definition error.h:219
M_WARN
#define M_WARN
Definition error.h:92
usage
void usage(void)
Definition options.c:4844
SSLF_CRL_VERIFY_DIR
#define SSLF_CRL_VERIFY_DIR
Definition ssl_common.h:429
mydata_index
int mydata_index
Allocate space in SSL objects in which to store a struct tls_session pointer back to parent.
Definition ssl_openssl.c:88
ssl_openssl.h
Control Channel OpenSSL Backend.
verify_cert
result_t verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_depth)
Definition ssl_verify.c:577
cert_hash_remember
void cert_hash_remember(struct tls_session *session, const int error_depth, const struct buffer *cert_hash)
Definition ssl_verify.c:194
ssl_verify.h
Control Channel Verification Module.
OPENVPN_KU_REQUIRED
#define OPENVPN_KU_REQUIRED
Require keyUsage to be present in cert (0xFFFF is an invalid KU value)
Definition ssl_verify.h:257
XT_FULL_CHAIN
#define XT_FULL_CHAIN
Definition ssl_verify.h:241
NS_CERT_CHECK_CLIENT
#define NS_CERT_CHECK_CLIENT
Do not perform Netscape certificate type verification.
Definition ssl_verify.h:254
NS_CERT_CHECK_NONE
#define NS_CERT_CHECK_NONE
Do not perform Netscape certificate type verification.
Definition ssl_verify.h:250
NS_CERT_CHECK_SERVER
#define NS_CERT_CHECK_SERVER
Do not perform Netscape certificate type verification.
Definition ssl_verify.h:252
ssl_verify_backend.h
Control Channel Verification Module library-specific backend interface.
result_t
result_t
Result of verification function.
Definition ssl_verify_backend.h:36
FAILURE
@ FAILURE
Definition ssl_verify_backend.h:38
SUCCESS
@ SUCCESS
Definition ssl_verify_backend.h:37
openvpn_x509_cert_t
mbedtls_x509_crt openvpn_x509_cert_t
Definition ssl_verify_mbedtls.h:37
x509_get_subject
char * x509_get_subject(X509 *cert, struct gc_arena *gc)
Definition ssl_verify_openssl.c:375
x509_get_sha1_fingerprint
struct buffer x509_get_sha1_fingerprint(X509 *cert, struct gc_arena *gc)
Definition ssl_verify_openssl.c:355
x509_verify_cert_ku
result_t x509_verify_cert_ku(X509 *x509, const unsigned int *const expected_ku, size_t expected_len)
Definition ssl_verify_openssl.c:696
tls_verify_crl_missing
bool tls_verify_crl_missing(const struct tls_options *opt)
Return true iff a CRL is configured, but is not loaded.
Definition ssl_verify_openssl.c:804
extract_x509_field_ssl
static result_t extract_x509_field_ssl(const X509_NAME *x509, const char *field_name, char *out, size_t size)
Definition ssl_verify_openssl.c:194
backend_x509_write_pem
result_t backend_x509_write_pem(openvpn_x509_cert_t *cert, const char *filename)
Definition ssl_verify_openssl.c:333
x509_get_sha256_fingerprint
struct buffer x509_get_sha256_fingerprint(X509 *cert, struct gc_arena *gc)
Definition ssl_verify_openssl.c:365
x509_verify_cert_eku
result_t x509_verify_cert_eku(X509 *x509, const char *const expected_oid)
Definition ssl_verify_openssl.c:755
do_setenv_x509
static void do_setenv_x509(struct env_set *es, const char *name, char *value, int depth)
Definition ssl_verify_openssl.c:456
extract_x509_extension
static bool extract_x509_extension(X509 *cert, char *fieldname, char *out, size_t size)
Definition ssl_verify_openssl.c:122
x509_username_field_ext_supported
bool x509_username_field_ext_supported(const char *fieldname)
Return true iff the supplied extension field is supported by the –x509-username-field option.
Definition ssl_verify_openssl.c:115
backend_x509_get_serial_hex
char * backend_x509_get_serial_hex(openvpn_x509_cert_t *cert, struct gc_arena *gc)
Definition ssl_verify_openssl.c:317
x509_verify_ns_cert_type
result_t x509_verify_ns_cert_type(openvpn_x509_cert_t *peer_cert, const int usage)
Definition ssl_verify_openssl.c:619
x509_setenv_track
void x509_setenv_track(const struct x509_track *xt, struct env_set *es, const int depth, X509 *x509)
Definition ssl_verify_openssl.c:472
backend_x509_get_serial
char * backend_x509_get_serial(openvpn_x509_cert_t *cert, struct gc_arena *gc)
Definition ssl_verify_openssl.c:298
x509_track_add
void x509_track_add(const struct x509_track **ll_head, const char *name, msglvl_t msglevel, struct gc_arena *gc)
Definition ssl_verify_openssl.c:431
x509_setenv
void x509_setenv(struct env_set *es, int cert_depth, openvpn_x509_cert_t *peer_cert)
Definition ssl_verify_openssl.c:569
backend_x509_get_username
result_t backend_x509_get_username(char *common_name, size_t cn_len, char *x509_username_field, X509 *peer_cert)
Definition ssl_verify_openssl.c:252
ssl_verify_openssl.h
Control Channel Verification Module OpenSSL backend.
buffer
Wrapper structure for dynamically allocated memory.
Definition buffer.h:60
buffer::len
int len
Length in bytes of the actual content within the allocated memory.
Definition buffer.h:65
cert_hash
Structure containing the hash for a single certificate.
Definition ssl_verify.h:58
env_set
Definition env_set.h:43
gc_arena
Garbage collection arena used to keep track of dynamically allocated memory.
Definition buffer.h:116
hash
Definition list.h:53
tls_options
Definition ssl_common.h:307
tls_options::ssl_flags
unsigned int ssl_flags
Definition ssl_common.h:435
tls_options::ssl_ctx
struct tls_root_ctx * ssl_ctx
Definition ssl_common.h:311
tls_options::crl_file
const char * crl_file
Definition ssl_common.h:356
tls_root_ctx::ctx
SSL_CTX * ctx
Definition ssl_openssl.h:41
tls_session
Security parameter state of a single session within a VPN tunnel.
Definition ssl_common.h:490
x509_track
Definition ssl_verify.h:238
x509_track::nid
int nid
Definition ssl_verify.h:243
x509_track::flags
unsigned int flags
Definition ssl_verify.h:242
x509_track::next
const struct x509_track * next
Definition ssl_verify.h:239
x509_track::name
const char * name
Definition ssl_verify.h:240
es
struct env_set * es
Definition test_pkcs11.c:138
cleanup
static int cleanup(void **state)
Definition test_pkcs11.c:289
gc
struct gc_arena gc
Definition test_ssl.c:133
Generated by doxygen 1.9.8