From: Dr. Stephen Henson <steve@openssl.org>
Date: Sun, 23 Feb 2014 12:00:18 +0000 (+0000)
Subject: New chain building flags.
X-Git-Tag: master-post-reformat~938
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=13dc3ce9ab483cade378bcf3844c92bacd817316

New chain building flags.

New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.

Add verify error code when building chain.

Update docs.
---

diff --git a/apps/s_cb.c b/apps/s_cb.c
index dcc9da309c..04ebb79b93 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -259,6 +259,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
 		       STACK_OF(X509) *chain, int build_chain)
 	{
+	int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
 	if (cert == NULL)
 		return 1;
 	if (SSL_CTX_use_certificate(ctx,cert) <= 0)
@@ -288,7 +289,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
 		ERR_print_errors(bio_err);
 		return 0;
 		}
-	if (!chain && build_chain && !SSL_CTX_build_cert_chain(ctx, 0))
+	if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags))
 		{
 		BIO_printf(bio_err,"error building certificate chain\n");
 		ERR_print_errors(bio_err);
diff --git a/doc/ssl/SSL_CTX_add1_chain_cert.pod b/doc/ssl/SSL_CTX_add1_chain_cert.pod
index e294afe253..b508a342a5 100644
--- a/doc/ssl/SSL_CTX_add1_chain_cert.pod
+++ b/doc/ssl/SSL_CTX_add1_chain_cert.pod
@@ -52,11 +52,15 @@ SSL_CTX_clear_chain_certs() clears any existing chain associated with the
 current certificate of B<ctx>.  (This is implemented by calling
 SSL_CTX_set0_chain() with B<sk> set to B<NULL>).
 
-SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx> using the
-chain store. Any existing chain certificates are used as untrusted CAs.
+SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx> normally
+this uses the chain store or the verify store if the chain store is not set.
 If the function is successful the built chain will replace any existing chain.
-The B<flags> parameter can be set to B<SSL_BUILD_CHAIN_FLAG_NO_ROOT> to omit
-the root CA from the built chain.
+The B<flags> parameter can be set to B<SSL_BUILD_CHAIN_FLAG_UNTRUSTED> to use
+existing chain certificates as untrusted CAs, B<SSL_BUILD_CHAIN_FLAG_NO_ROOT>
+to omit the root CA from the built chain, B<SSL_BUILD_CHAIN_FLAG_CHECK> to
+use all existing chain certificates only to build the chain (effectively
+sanity checking and rearranging them if necessary), the flag
+B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> ignores any errors during verification.
 
 Each of these functions operates on the I<current> end entity
 (i.e. server or client) certificate. This is the last certificate loaded or
@@ -105,6 +109,10 @@ be used to check application configuration and to ensure any necessary
 subordinate CAs are sent in the correct order. Misconfigured applications
 sending incorrect certificate chains often cause problems with peers.
 
+For example an application can add any set of certificates using
+SSL_CTX_use_certificate_chain_file() then call SSL_CTX_build_cert_chain()
+with the option B<SSL_BUILD_CHAIN_FLAG_CHECK> to check and reorder them.
+
 Calling SSL_CTX_build_cert_chain() or SSL_build_cert_chain() is more
 efficient than the automatic chain building as it is only performed once.
 Automatic chain building is performed on each new session.
@@ -114,7 +122,11 @@ using SSL_CTX_add_extra_chain_cert() will be used.
 
 =head1 RETURN VALUES
 
-All these functions return 1 for success and 0 for failure.
+SSL_set_current_cert() with B<SSL_CERT_SET_SERVER> return 1 for success, 2 if
+no server certificate is used because the ciphersuites is anonymous and 0
+for failure.
+
+All other functions return 1 for success and 0 for failure.
 
 =head1 SEE ALSO
 
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 2b87710954..3ba9e5be68 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -784,9 +784,13 @@ struct ssl_session_st
 
 /* Flags for building certificate chains */
 /* Treat any existing certificates as untrusted CAs */
-#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED	0x1
+#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED		0x1
 /* Don't include root CA in chain */
-#define SSL_BUILD_CHAIN_FLAG_NO_ROOT	0x2
+#define SSL_BUILD_CHAIN_FLAG_NO_ROOT		0x2
+/* Just check certificates already there */
+#define SSL_BUILD_CHAIN_FLAG_CHECK		0x4
+/* Ignore verification errors */
+#define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR	0x8
 
 /* Flags returned by SSL_check_chain */
 /* Certificate can be used with this session */
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 47c8b8659f..ec208b507c 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1195,37 +1195,65 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
 	X509_STORE_CTX xs_ctx;
 	STACK_OF(X509) *chain = NULL, *untrusted = NULL;
 	X509 *x;
-	int i;
+	int i, rv = 0;
 
 	if (!cpk->x509)
 		{
 		SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_NO_CERTIFICATE_SET);
-		return 0;
+		goto err;
 		}
+	/* Rearranging and check the chain: add everything to a store */
+	if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
+		{
+		chain_store = X509_STORE_new();
+		if (!chain_store)
+			goto err;
+		for (i = 0; i < sk_X509_num(cpk->chain); i++)
+			{
+			x = sk_X509_value(cpk->chain, i);
+			if (!X509_STORE_add_cert(chain_store, x))
+				goto err;
+			}
+		/* Add EE cert too: it might be self signed */
+		if (!X509_STORE_add_cert(chain_store, cpk->x509))
+			goto err;
+		}
+	else
+		{
+		if (c->chain_store)
+			chain_store = c->chain_store;
 
-	if (c->chain_store)
-		chain_store = c->chain_store;
-
-	if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
-		untrusted = cpk->chain;
+		if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
+			untrusted = cpk->chain;
+		}
 
 	if (!X509_STORE_CTX_init(&xs_ctx, chain_store, cpk->x509, untrusted))
 		{
 		SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_X509_LIB);
-		return 0;
+		goto err;
 		}
 	/* Set suite B flags if needed */
 	X509_STORE_CTX_set_flags(&xs_ctx, c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
 
 	i = X509_verify_cert(&xs_ctx);
+	if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR)
+		{
+		ERR_clear_error();
+		i = 1;
+		}
 	if (i > 0)
 		chain = X509_STORE_CTX_get1_chain(&xs_ctx);
-	X509_STORE_CTX_cleanup(&xs_ctx);
 	if (i <= 0)
 		{
 		SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_CERTIFICATE_VERIFY_FAILED);
-		return 0;
+		i = X509_STORE_CTX_get_error(&xs_ctx);
+		ERR_add_error_data(2, "Verify error:",
+					X509_verify_cert_error_string(i));
+
+		X509_STORE_CTX_cleanup(&xs_ctx);
+		goto err;
 		}
+	X509_STORE_CTX_cleanup(&xs_ctx);
 	if (cpk->chain)
 		sk_X509_pop_free(cpk->chain, X509_free);
 	/* Remove EE certificate from chain */
@@ -1233,12 +1261,25 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
 	X509_free(x);
 	if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT)
 		{
-		x = sk_X509_pop(chain);
-		X509_free(x);
+		if (sk_X509_num(chain) > 0)
+			{
+			/* See if last cert is self signed */
+			x = sk_X509_value(chain, sk_X509_num(chain) - 1);
+			X509_check_purpose(x, -1, 0);
+			if (x->ex_flags & EXFLAG_SS)
+				{
+				x = sk_X509_pop(chain);
+				X509_free(x);
+				}
+			}
 		}
 	cpk->chain = chain;
+	rv = 1;
+	err:
+	if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
+		X509_STORE_free(chain_store);
 
-	return 1;
+	return rv;
 	}
 
 int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)