mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-07-02 02:33:39 +08:00
update
This commit is contained in:
@@ -3,22 +3,22 @@
|
||||
|
||||
1. Introduction
|
||||
|
||||
How you handle certificates depend a great deal on what your role is.
|
||||
How you handle certificates depends a great deal on what your role is.
|
||||
Your role can be one or several of:
|
||||
|
||||
- User of some client software
|
||||
- User of some server software
|
||||
- User of some client application
|
||||
- User of some server application
|
||||
- Certificate authority
|
||||
|
||||
This file is for users who wish to get a certificate of their own.
|
||||
Certificate authorities should read ca.txt.
|
||||
Certificate authorities should read https://www.openssl.org/docs/apps/ca.html.
|
||||
|
||||
In all the cases shown below, the standard configuration file, as
|
||||
compiled into openssl, will be used. You may find it in /etc/,
|
||||
/usr/local/ssl/ or somewhere else. The name is openssl.cnf, and
|
||||
is better described in another HOWTO <config.txt?>. If you want to
|
||||
use a different configuration file, use the argument '-config {file}'
|
||||
with the command shown below.
|
||||
/usr/local/ssl/ or somewhere else. By default the file is named
|
||||
openssl.cnf and is described at https://www.openssl.org/docs/apps/config.html.
|
||||
You can specify a different configuration file using the
|
||||
'-config {file}' argument with the commands shown below.
|
||||
|
||||
|
||||
2. Relationship with keys
|
||||
@@ -29,24 +29,26 @@ somewhere. With OpenSSL, public keys are easily derived from private
|
||||
keys, so before you create a certificate or a certificate request, you
|
||||
need to create a private key.
|
||||
|
||||
Private keys are generated with 'openssl genrsa' if you want a RSA
|
||||
private key, or 'openssl gendsa' if you want a DSA private key.
|
||||
Further information on how to create private keys can be found in
|
||||
another HOWTO <keys.txt?>. The rest of this text assumes you have
|
||||
a private key in the file privkey.pem.
|
||||
Private keys are generated with 'openssl genrsa -out privkey.pem' if
|
||||
you want a RSA private key, or if you want a DSA private key:
|
||||
'openssl dsaparam -out dsaparam.pem 2048; openssl gendsa -out privkey.pem dsaparam.pem'.
|
||||
|
||||
The private keys created by these commands are not passphrase protected;
|
||||
it might or might not be the desirable thing. Further information on how to
|
||||
create private keys can be found at https://www.openssl.org/docs/HOWTO/keys.txt.
|
||||
The rest of this text assumes you have a private key in the file privkey.pem.
|
||||
|
||||
|
||||
3. Creating a certificate request
|
||||
|
||||
To create a certificate, you need to start with a certificate
|
||||
request (or, as some certificate authorities like to put
|
||||
it, "certificate signing request", since that's exactly what they do,
|
||||
they sign it and give you the result back, thus making it authentic
|
||||
according to their policies). A certificate request can then be sent
|
||||
to a certificate authority to get it signed into a certificate, or if
|
||||
you have your own certificate authority, you may sign it yourself, or
|
||||
if you need a self-signed certificate (because you just want a test
|
||||
certificate or because you are setting up your own CA).
|
||||
To create a certificate, you need to start with a certificate request
|
||||
(or, as some certificate authorities like to put it, "certificate
|
||||
signing request", since that's exactly what they do, they sign it and
|
||||
give you the result back, thus making it authentic according to their
|
||||
policies). A certificate request is sent to a certificate authority
|
||||
to get it signed into a certificate. You can also sign the certificate
|
||||
yourself if you have your own certificate authority or create a
|
||||
self-signed certificate (typically for testing purpose).
|
||||
|
||||
The certificate request is created like this:
|
||||
|
||||
@@ -55,12 +57,14 @@ The certificate request is created like this:
|
||||
Now, cert.csr can be sent to the certificate authority, if they can
|
||||
handle files in PEM format. If not, use the extra argument '-outform'
|
||||
followed by the keyword for the format to use (see another HOWTO
|
||||
<formats.txt?>). In some cases, that isn't sufficient and you will
|
||||
have to be more creative.
|
||||
<formats.txt?>). In some cases, -outform does not let you output the
|
||||
certificate request in the right format and you will have to use one
|
||||
of the various other commands that are exposed by openssl (or get
|
||||
creative and use a combination of tools).
|
||||
|
||||
When the certificate authority has then done the checks the need to
|
||||
do (and probably gotten payment from you), they will hand over your
|
||||
new certificate to you.
|
||||
The certificate authority performs various checks (according to their
|
||||
policies) and usually waits for payment from you. Once that is
|
||||
complete, they send you your new certificate.
|
||||
|
||||
Section 5 will tell you more on how to handle the certificate you
|
||||
received.
|
||||
@@ -68,11 +72,12 @@ received.
|
||||
|
||||
4. Creating a self-signed test certificate
|
||||
|
||||
If you don't want to deal with another certificate authority, or just
|
||||
want to create a test certificate for yourself. This is similar to
|
||||
creating a certificate request, but creates a certificate instead of
|
||||
a certificate request. This is NOT the recommended way to create a
|
||||
CA certificate, see ca.txt.
|
||||
You can create a self-signed certificate if you don't want to deal
|
||||
with a certificate authority, or if you just want to create a test
|
||||
certificate for yourself. This is similar to creating a certificate
|
||||
request, but creates a certificate instead of a certificate request.
|
||||
This is NOT the recommended way to create a CA certificate, see
|
||||
https://www.openssl.org/docs/apps/ca.html.
|
||||
|
||||
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
|
||||
|
||||
@@ -93,13 +98,13 @@ certificate and your key to various formats, most often also putting
|
||||
them together into one file. The ways to do this is described in
|
||||
another HOWTO <formats.txt?>, I will just mention the simplest case.
|
||||
In the case of a raw DER thing in PEM format, and assuming that's all
|
||||
right for yor applications, simply concatenating the certificate and
|
||||
right for your applications, simply concatenating the certificate and
|
||||
the key into a new file and using that one should be enough. With
|
||||
some applications, you don't even have to do that.
|
||||
|
||||
|
||||
By now, you have your cetificate and your private key and can start
|
||||
using the software that depend on it.
|
||||
By now, you have your certificate and your private key and can start
|
||||
using applications that depend on it.
|
||||
|
||||
--
|
||||
Richard Levitte
|
||||
|
||||
@@ -1,74 +1,69 @@
|
||||
<DRAFT!>
|
||||
HOWTO proxy certificates
|
||||
|
||||
0. WARNING
|
||||
|
||||
NONE OF THE CODE PRESENTED HERE HAVE BEEN CHECKED! They are just an
|
||||
example to show you how things can be done. There may be typos or
|
||||
type conflicts, and you will have to resolve them.
|
||||
NONE OF THE CODE PRESENTED HERE HAS BEEN CHECKED! The code is just examples to
|
||||
show you how things could be done. There might be typos or type conflicts, and
|
||||
you will have to resolve them.
|
||||
|
||||
1. Introduction
|
||||
|
||||
Proxy certificates are defined in RFC 3820. They are really usual
|
||||
certificates with the mandatory extension proxyCertInfo.
|
||||
Proxy certificates are defined in RFC 3820. They are really usual certificates
|
||||
with the mandatory extension proxyCertInfo.
|
||||
|
||||
Proxy certificates are issued by an End Entity (typically a user),
|
||||
either directly with the EE certificate as issuing certificate, or by
|
||||
extension through an already issued proxy certificate.. They are used
|
||||
to extend rights to some other entity (a computer process, typically,
|
||||
or sometimes to the user itself), so it can perform operations in the
|
||||
name of the owner of the EE certificate.
|
||||
Proxy certificates are issued by an End Entity (typically a user), either
|
||||
directly with the EE certificate as issuing certificate, or by extension through
|
||||
an already issued proxy certificate. Proxy certificates are used to extend
|
||||
rights to some other entity (a computer process, typically, or sometimes to the
|
||||
user itself). This allows the entity to perform operations on behalf of the
|
||||
owner of the EE certificate.
|
||||
|
||||
See http://www.ietf.org/rfc/rfc3820.txt for more information.
|
||||
|
||||
|
||||
2. A warning about proxy certificates
|
||||
|
||||
Noone seems to have tested proxy certificates with security in mind.
|
||||
Basically, to this date, it seems that proxy certificates have only
|
||||
been used in a world that's highly aware of them. What would happen
|
||||
if an unsuspecting application is to validate a chain of certificates
|
||||
that contains proxy certificates? It would usually consider the leaf
|
||||
to be the certificate to check for authorisation data, and since proxy
|
||||
certificates are controlled by the EE certificate owner alone, it's
|
||||
would be normal to consider what the EE certificate owner could do
|
||||
with them.
|
||||
No one seems to have tested proxy certificates with security in mind. To this
|
||||
date, it seems that proxy certificates have only been used in a context highly
|
||||
aware of them.
|
||||
|
||||
subjectAltName and issuerAltName are forbidden in proxy certificates,
|
||||
and this is enforced in OpenSSL. The subject must be the same as the
|
||||
issuer, with one commonName added on.
|
||||
Existing applications might misbehave when trying to validate a chain of
|
||||
certificates which use a proxy certificate. They might incorrectly consider the
|
||||
leaf to be the certificate to check for authorisation data, which is controlled
|
||||
by the EE certificate owner.
|
||||
|
||||
Possible threats are, as far as has been imagined so far:
|
||||
subjectAltName and issuerAltName are forbidden in proxy certificates, and this
|
||||
is enforced in OpenSSL. The subject must be the same as the issuer, with one
|
||||
commonName added on.
|
||||
|
||||
Possible threats we can think of at this time include:
|
||||
|
||||
- impersonation through commonName (think server certificates).
|
||||
- use of additional extensions, possibly non-standard ones used in
|
||||
certain environments, that would grant extra or different
|
||||
authorisation rights.
|
||||
- use of additional extensions, possibly non-standard ones used in certain
|
||||
environments, that would grant extra or different authorisation rights.
|
||||
|
||||
For this reason, OpenSSL requires that the use of proxy certificates
|
||||
be explicitely allowed. Currently, this can be done using the
|
||||
following methods:
|
||||
For these reasons, OpenSSL requires that the use of proxy certificates be
|
||||
explicitly allowed. Currently, this can be done using the following methods:
|
||||
|
||||
- if the application calls X509_verify_cert() itself, it can do the
|
||||
following prior to that call (ctx is the pointer passed in the call
|
||||
to X509_verify_cert()):
|
||||
- if the application directly calls X509_verify_cert(), it can first call:
|
||||
|
||||
X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
|
||||
X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
|
||||
|
||||
- in all other cases, proxy certificate validation can be enabled
|
||||
before starting the application by setting the envirnoment variable
|
||||
OPENSSL_ALLOW_PROXY with some non-empty value.
|
||||
Where ctx is the pointer which then gets passed to X509_verify_cert().
|
||||
|
||||
There are thoughts to allow proxy certificates with a line in the
|
||||
default openssl.cnf, but that's still in the future.
|
||||
- proxy certificate validation can be enabled before starting the application
|
||||
by setting the environment variable OPENSSL_ALLOW_PROXY_CERTS.
|
||||
|
||||
In the future, it might be possible to enable proxy certificates by editing
|
||||
openssl.cnf.
|
||||
|
||||
|
||||
3. How to create proxy cerificates
|
||||
3. How to create proxy certificates
|
||||
|
||||
It's quite easy to create proxy certificates, by taking advantage of
|
||||
the lack of checks of the 'openssl x509' application (*ahem*). But
|
||||
first, you need to create a configuration section that contains a
|
||||
definition of the proxyCertInfo extension, a little like this:
|
||||
Creating proxy certificates is quite easy, by taking advantage of a lack of
|
||||
checks in the 'openssl x509' application (*ahem*). You must first create a
|
||||
configuration section that contains a definition of the proxyCertInfo extension,
|
||||
for example:
|
||||
|
||||
[ v3_proxy ]
|
||||
# A proxy certificate MUST NEVER be a CA certificate.
|
||||
@@ -77,10 +72,10 @@ definition of the proxyCertInfo extension, a little like this:
|
||||
# Usual authority key ID
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
|
||||
# Now, for the extension that marks this certificate as a proxy one
|
||||
# The extension which marks this certificate as a proxy
|
||||
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
|
||||
|
||||
It's also possible to give the proxy extension in a separate section:
|
||||
It's also possible to specify the proxy extension in a separate section:
|
||||
|
||||
proxyCertInfo=critical,@proxy_ext
|
||||
|
||||
@@ -89,96 +84,85 @@ It's also possible to give the proxy extension in a separate section:
|
||||
pathlen=0
|
||||
policy=text:BC
|
||||
|
||||
The policy value has a specific syntax, {syntag}:{string}, where the
|
||||
syntag determines what will be done with the string. The recognised
|
||||
syntags are as follows:
|
||||
The policy value has a specific syntax, {syntag}:{string}, where the syntag
|
||||
determines what will be done with the string. The following syntags are
|
||||
recognised:
|
||||
|
||||
text indicates that the string is simply the bytes, not
|
||||
encoded in any kind of way:
|
||||
text indicates that the string is simply bytes, without any encoding:
|
||||
|
||||
policy=text:räksmörgås
|
||||
policy=text:räksmörgås
|
||||
|
||||
Previous versions of this design had a specific tag
|
||||
for UTF-8 text. However, since the bytes are copied
|
||||
as-is anyway, there's no need for it. Instead, use
|
||||
the text: tag, like this:
|
||||
Previous versions of this design had a specific tag for UTF-8 text.
|
||||
However, since the bytes are copied as-is anyway, there is no need for
|
||||
such a specific tag.
|
||||
|
||||
policy=text:räksmörgås
|
||||
hex indicates the string is encoded in hex, with colons between each byte
|
||||
(every second hex digit):
|
||||
|
||||
hex indicates the string is encoded in hex, with colons
|
||||
between each byte (every second hex digit):
|
||||
policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73
|
||||
|
||||
policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73
|
||||
Previous versions of this design had a tag to insert a complete DER
|
||||
blob. However, the only legal use for this would be to surround the
|
||||
bytes that would go with the hex: tag with whatever is needed to
|
||||
construct a correct OCTET STRING. The DER tag therefore felt
|
||||
superfluous, and was removed.
|
||||
|
||||
Previous versions of this design had a tag to insert a
|
||||
complete DER blob. However, the only legal use for
|
||||
this would be to surround the bytes that would go with
|
||||
the hex: tag with what's needed to construct a correct
|
||||
OCTET STRING. Since hex: does that, the DER tag felt
|
||||
superfluous, and was therefore removed.
|
||||
|
||||
file indicates that the text of the policy should really be
|
||||
taken from a file. The string is then really a file
|
||||
name. This is useful for policies that are large
|
||||
(more than a few of lines) XML documents, for example.
|
||||
file indicates that the text of the policy should really be taken from a
|
||||
file. The string is then really a file name. This is useful for
|
||||
policies that are large (more than a few lines, e.g. XML documents).
|
||||
|
||||
The 'policy' setting can be split up in multiple lines like this:
|
||||
|
||||
0.policy=This is
|
||||
1.polisy= a multi-
|
||||
1.policy= a multi-
|
||||
2.policy=line policy.
|
||||
|
||||
NOTE: the proxy policy value is the part that determines the rights
|
||||
granted to the process using the proxy certificate. The value is
|
||||
completely dependent on the application reading and interpretting it!
|
||||
NOTE: the proxy policy value is the part which determines the rights granted to
|
||||
the process using the proxy certificate. The value is completely dependent on
|
||||
the application reading and interpreting it!
|
||||
|
||||
Now that you have created an extension section for your proxy
|
||||
certificate, you can now easily create a proxy certificate like this:
|
||||
Now that you have created an extension section for your proxy certificate, you
|
||||
can easily create a proxy certificate by doing:
|
||||
|
||||
openssl req -new -config openssl.cnf \
|
||||
-out proxy.req -keyout proxy.key
|
||||
openssl x509 -req -CAcreateserial -in proxy.req -days 7 \
|
||||
-out proxy.crt -CA user.crt -CAkey user.key \
|
||||
-extfile openssl.cnf -extensions v3_proxy
|
||||
openssl req -new -config openssl.cnf -out proxy.req -keyout proxy.key
|
||||
openssl x509 -req -CAcreateserial -in proxy.req -days 7 -out proxy.crt \
|
||||
-CA user.crt -CAkey user.key -extfile openssl.cnf -extensions v3_proxy
|
||||
|
||||
It's just as easy to create a proxy certificate using another proxy
|
||||
certificate as issuer (note that I'm using a different configuration
|
||||
section for it):
|
||||
You can also create a proxy certificate using another proxy certificate as
|
||||
issuer (note: I'm using a different configuration section for it):
|
||||
|
||||
openssl req -new -config openssl.cnf \
|
||||
-out proxy2.req -keyout proxy2.key
|
||||
openssl x509 -req -CAcreateserial -in proxy2.req -days 7 \
|
||||
-out proxy2.crt -CA proxy.crt -CAkey proxy.key \
|
||||
-extfile openssl.cnf -extensions v3_proxy2
|
||||
openssl req -new -config openssl.cnf -out proxy2.req -keyout proxy2.key
|
||||
openssl x509 -req -CAcreateserial -in proxy2.req -days 7 -out proxy2.crt \
|
||||
-CA proxy.crt -CAkey proxy.key -extfile openssl.cnf -extensions v3_proxy2
|
||||
|
||||
|
||||
4. How to have your application interpret the policy?
|
||||
|
||||
The basic way to interpret proxy policies is to prepare some default
|
||||
rights, then do a check of the proxy certificate against the a chain
|
||||
of proxy certificates, user certificate and CA certificates, and see
|
||||
what rights came out by the end. Sounds easy, huh? It almost is.
|
||||
The basic way to interpret proxy policies is to start with some default rights,
|
||||
then compute the resulting rights by checking the proxy certificate against
|
||||
the chain of proxy certificates, user certificate and CA certificates. You then
|
||||
use the final computed rights. Sounds easy, huh? It almost is.
|
||||
|
||||
The slightly complicated part is how to pass data between your
|
||||
The slightly complicated part is figuring out how to pass data between your
|
||||
application and the certificate validation procedure.
|
||||
|
||||
You need the following ingredients:
|
||||
|
||||
- a callback routing that will be called for every certificate that's
|
||||
validated. It will be called several times for each certificates,
|
||||
so you must be attentive to when it's a good time to do the proxy
|
||||
policy interpretation and check, as well as to fill in the defaults
|
||||
when the EE certificate is checked.
|
||||
- a callback function that will be called for every certificate being
|
||||
validated. The callback be called several times for each certificate,
|
||||
so you must be careful to do the proxy policy interpretation at the right
|
||||
time. You also need to fill in the defaults when the EE certificate is
|
||||
checked.
|
||||
|
||||
- a structure of data that's shared between your application code and
|
||||
the callback.
|
||||
- a data structure that is shared between your application code and the
|
||||
callback.
|
||||
|
||||
- a wrapper function that sets it all up.
|
||||
|
||||
- an ex_data index function that creates an index into the generic
|
||||
ex_data store that's attached to an X509 validation context.
|
||||
- an ex_data index function that creates an index into the generic ex_data
|
||||
store that is attached to an X509 validation context.
|
||||
|
||||
This is some cookbook code for you to fill in:
|
||||
Here is some skeleton code you can fill in:
|
||||
|
||||
/* In this example, I will use a view of granted rights as a bit
|
||||
array, one bit for each possible right. */
|
||||
@@ -210,7 +194,7 @@ This is some cookbook code for you to fill in:
|
||||
static int verify_callback(int ok, X509_STORE_CTX *ctx)
|
||||
{
|
||||
if (ok == 1) /* It's REALLY important you keep the proxy policy
|
||||
check within this secion. It's important to know
|
||||
check within this section. It's important to know
|
||||
that when ok is 1, the certificates are checked
|
||||
from top to bottom. You get the CA root first,
|
||||
followed by the possible chain of intermediate
|
||||
@@ -221,7 +205,7 @@ This is some cookbook code for you to fill in:
|
||||
|
||||
if (xs->ex_flags & EXFLAG_PROXY)
|
||||
{
|
||||
YOUR_RIGHTS *rights =
|
||||
YOUR_RIGHTS *rights =
|
||||
(YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
|
||||
get_proxy_auth_ex_data_idx());
|
||||
PROXY_CERT_INFO_EXTENSION *pci =
|
||||
@@ -250,12 +234,12 @@ This is some cookbook code for you to fill in:
|
||||
bit array and fill it with the rights granted by
|
||||
the current proxy certificate, then use it as a
|
||||
mask on the accumulated rights bit array, and
|
||||
voilà, you now have a new accumulated rights bit
|
||||
voilà, you now have a new accumulated rights bit
|
||||
array. */
|
||||
{
|
||||
int i;
|
||||
YOUR_RIGHTS tmp_rights;
|
||||
memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights));
|
||||
memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights));
|
||||
|
||||
/* process_rights() is supposed to be a procedure
|
||||
that takes a string and it's length, interprets
|
||||
@@ -276,7 +260,7 @@ This is some cookbook code for you to fill in:
|
||||
{
|
||||
/* We have a EE certificate, let's use it to set default!
|
||||
*/
|
||||
YOUR_RIGHTS *rights =
|
||||
YOUR_RIGHTS *rights =
|
||||
(YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
|
||||
get_proxy_auth_ex_data_idx());
|
||||
|
||||
|
||||
Reference in New Issue
Block a user