Discussion:
Confused about OpenSSL and CA Certs
Dave Meetchum
2012-02-17 19:12:43 UTC
Permalink
I am trying to use OpenSSL on iOS and Android in conjunction with libcurl
for my applications HTTP interface. From what I understand OpenSSL does not
come with a CA cert which is understandable. Also my understanding is that
if you need a CA cert on the client to verify the server is who they claim
to be. So basically I need to embed a CA cert in my app or pull it over the
network on an unsecure connection when the app starts up. Is there another
way to get a CA cert on these devices? Am I correct that I definitely need
one and need to provide it myself?

After reading the documentation the general suggestion is that a CA cert
can be obtained from Mozilla. This seems a bit odd. From what I have read,
CAs can be added and removed from the cert, and certs expire. How would you
know if you your app using OpenSSL needs to update it's cert? Would you
have to pull a cert from Mozilla everyday and diff it against the one you
are using? Also if you have an app on a mobile device that needs to update
its CA cert, how can it do it safely without worrying about a man in the
middle attack giving you a bad cert or someone on the device replacing your
copy of the CA cert once it has been downloaded?

I feel like I am missing something here and that using OpenSSL should be
easier than I am making it out to be. Any help or insight would definitely
be appreciated!

Cheers,
Dave
Michael S. Zick
2012-02-18 15:16:13 UTC
Permalink
Post by Dave Meetchum
I am trying to use OpenSSL on iOS and Android in conjunction with libcurl
for my applications HTTP interface. From what I understand OpenSSL does not
come with a CA cert which is understandable. Also my understanding is that
if you need a CA cert on the client to verify the server is who they claim
to be. So basically I need to embed a CA cert in my app or pull it over the
network on an unsecure connection when the app starts up. Is there another
way to get a CA cert on these devices? Am I correct that I definitely need
one and need to provide it myself?
I can give some general answers, others here can give you the specifics...

The system is built on the concept of a "Trusted Third Party" -
So the general answer is: Yes, you need that "Trust Anchor" from somewhere.

That "somewhere" needs to be other than the server you are trying to verify.
That would be like asking the Fox if the Chickens are safe. ;-)
Post by Dave Meetchum
After reading the documentation the general suggestion is that a CA cert
can be obtained from Mozilla. This seems a bit odd. From what I have read,
CAs can be added and removed from the cert, and certs expire. How would you
know if you your app using OpenSSL needs to update it's cert? Would you
have to pull a cert from Mozilla everyday and diff it against the one you
are using? Also if you have an app on a mobile device that needs to update
its CA cert, how can it do it safely without worrying about a man in the
middle attack giving you a bad cert or someone on the device replacing your
copy of the CA cert once it has been downloaded?
I feel like I am missing something here and that using OpenSSL should be
easier than I am making it out to be. Any help or insight would definitely
be appreciated!
There is a mechanism for handling that, "Certificate Revocation List(s)" "CRL".
Any "Trust Anchor" you get should have a field that tells where to get the
current CRL that trust anchor is using.

How often you pull that list and check for changes in status of your trust anchor
is an implementation choice.

I have noticed that common, recent, web browsers seem to check once a week.
I also know that in some systems, the CRL is pulled and checked __every time__
before a certificate (trust anchor) is used.

PS: There is a system of signatures on all of these items to keep MIM attacks
under control.

Mike
Post by Dave Meetchum
Cheers,
Dave
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
MK
2012-02-18 15:59:28 UTC
Permalink
On Fri, 17 Feb 2012 12:12:43 -0700
Post by Dave Meetchum
I am trying to use OpenSSL on iOS and Android in conjunction with
libcurl for my applications HTTP interface. From what I understand
OpenSSL does not come with a CA cert which is understandable. Also my
understanding is that if you need a CA cert on the client to verify
the server is who they claim to be.
No. The client browser checks the certificate you register with
openssl (which is public, but may have a private key); this is done as
part of the preliminary negotiation. You do not need to provide the
client with its own certificate or do anything other than:

1) create or obtain a certificate.
2) pass ssl the .crt file and the private key, eg. via
SSL_CTX_use_certificate_file() and SSL_CTX_use_PrivateKey_file() during
initialization of the server.

After that you don't need to do anything.

You can create your own "self-signed" certificate (these trigger a
warning in the client user agent and the user must accept an
"untrusted" connection), or obtain one, usually for a fee from a
trusted certificate authority. It does not have to be mozilla. There
are also people who provide them for free, eg:

http://cert.startcom.org/

MK
--
"Enthusiasm is not the enemy of the intellect." (said of Irving Howe)
"The angel of history[...]is turned toward the past." (Walter Benjamin)

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Dave Thompson
2012-02-20 04:15:05 UTC
Permalink
Sent: Saturday, 18 February, 2012 10:59
On Fri, 17 Feb 2012 12:12:43 -0700
Post by Dave Meetchum
I am trying to use OpenSSL on iOS and Android in conjunction with
libcurl for my applications HTTP interface. From what I understand
OpenSSL does not come with a CA cert which is
understandable. Also my
Post by Dave Meetchum
understanding is that if you need a CA cert on the client to verify
the server is who they claim to be.
No. The client browser checks the certificate you register with
openssl (which is public, but may have a private key); this is done as
part of the preliminary negotiation. You do not need to provide the
1) create or obtain a certificate.
2) pass ssl the .crt file and the private key, eg. via
SSL_CTX_use_certificate_file() and
SSL_CTX_use_PrivateKey_file() during
initialization of the server.
After that you don't need to do anything.
This is mostly (not always) correct for a *server*. OP asked about
libcurl, a client. An SSL client usually (not always) needs to
verify the server(s) it connects to, and to do that the client needs
the CA root(s) or selfsigned cert(s) for the server(s) obtained by
means adequately safe from tampering by an attacker. If a client app
will only use a predetermined server or set of servers, which in turn
uses predetermined CA(s) or pregenerated selfsigned, you can bundle
those with the app and be done. Otherwise you need to deal with
choosing, obtaining and possibly updating "good" roots.
You can create your own "self-signed" certificate (these trigger a
warning in the client user agent and the user must accept an
"untrusted" connection), or obtain one, usually for a fee from a
trusted certificate authority. It does not have to be mozilla. There
http://cert.startcom.org/
Mozilla is not a CA. Mozilla is a client that is distributed and
installed with a set of roots it initially trusts, decided by the
Mozilla releasers, although the user can later add or delete.
Similarly IE/Windows (by Microsoft) and other browsers, and *some*
packaged builds of OpenSSL by the packager(s). Two similar things
are often suggested for an SSL client app especially one using
public servers, and I suspect one or the other of them was here:

- trust the Mozilla install. Export the CA root(s) you want
from a local installed copy of Mozilla, trusting that Mozilla
was installed (and perhaps updated) securely and thus these
CA certs are untampered, and use it(them).

- trust the Mozilla choices. Take *all* the CA roots from a
(local) copy of Mozilla, trusting the Mozilla people have done
a good job of deciding which CAs deserve trust, plus as above
the Mozilla install/update got them safely on your machine.

If you as an app developer don't have time and/or expertise to
make these choices yourself, piggybacking on the work already
done by Mozilla is a good alternative. In fact the curl
developers more or less recommend it:
http://curl.haxx.se/docs/sslcerts.html
http://curl.haxx.se/docs/caextract.html
although curl, like any decent OpenSSL app, will use
whatever truststore you choose to give it.


______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Loading...