mbedtls icon indicating copy to clipboard operation
mbedtls copied to clipboard

Published 20 hours ago verified publisher icon Mbed-TLS

Validation of a server self-signed certificate

Open irwir opened this issue 1 year ago • 6 comments

In local ("closed circuit") or test environment it might be desired to use a self-signed certificate. For example, using a local email server to test ssl_mail_client application with TLS 1.3. Connection fails because the application is an SSL client, and validation for server certificate is required https://github.com/Mbed-TLS/mbedtls/blob/4dec9ebdc2d0e49a87cfd5f0d7bc2dc9d21beae9/library/ssl_tls13_generic.c#L629 The authmode may be modified only for server application (conditional block at the line 638). This temporary fix was made: int authmode = MBEDTLS_SSL_VERIFY_OPTIONAL;

Is there an overlooked possibility to connect without library code changes?

irwir avatar Nov 09 '23 12:11 irwir

A simplified question: Should the library allow change of validation mode for SSL clients?

irwir avatar Dec 02 '23 08:12 irwir

What are you trying to do specifically?

It should be possible to configure the self-signed certificates as trusted using mbedtls_ssl_conf_ca_chain() without any changes to the library.

See an example here.

davidhorstmann-arm avatar Dec 04 '23 15:12 davidhorstmann-arm

https://github.com/Mbed-TLS/mbedtls/blob/3d12d6594649e5ce15642cdfaff78282c7d083d9/programs/ssl/ssl_mail_client.c#L176 In this example code verification could be performed after handshaking. In the current version of the library it becomes impossible.

If TLS 1.3 forbids delayed verification, the code of test mail client should be fixed. Otherwise the library code might need changes.

irwir avatar Dec 05 '23 08:12 irwir

We have some related issues I think: #7075 and #7079.

ronald-cron-arm avatar Dec 05 '23 08:12 ronald-cron-arm

Thanks, now it could be seen why an ordinary compilataion required quite a bit of extra efforts. Code examples should work "right out of the box", therefore certain changes would be expected.

irwir avatar Dec 05 '23 11:12 irwir

Here is a rough patch that allows client to use VERIFY_NONE and VERIFY_OPTIONAL.

Testing on 3.6.0.

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index d448a054a..23c708d0b 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -645,6 +645,11 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
         authmode = ssl->conf->authmode;
     }
 #endif
+#if defined(MBEDTLS_SSL_CLI_C)
+    if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
+        authmode = ssl->conf->authmode;
+    }
+#endif

     /*
      * If the peer hasn't sent a certificate ( i.e. it sent
@@ -739,9 +744,8 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
      * functions, are treated as fatal and lead to a failure of
      * mbedtls_ssl_tls13_parse_certificate even if verification was optional.
      */
-    if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL &&
-        (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ||
-         ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE)) {
+    if ((authmode == MBEDTLS_SSL_VERIFY_NONE || authmode == MBEDTLS_SSL_VERIFY_OPTIONAL) &&
+        (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE)) {
         ret = 0;
     }

mobsense avatar Apr 25 '24 10:04 mobsense

Resolved in recent commit (refactoring) which enabled optional certificate validation for TLS 1.3.

irwir avatar Sep 05 '24 11:09 irwir