Obtaining openssl x509 certificate chain sent by server in custom cert_verify_callback

Question

I am considering overriding the default certificate verification procedure with one that uses the Windows system store (via SSL_CTX_set_cert_verify_callback). The application is a web client and I need to accept company-wide self-signed certificates added to the system store.

Once I have a (possibly incomplete) chain, I

• create an in-memory WinCrypt store,
• add the server-supplied chain (except the final cert) to it
• build a complete chain using WinCrypt from the temp and system stores
• validate the chain using WinCrypt (passing the servername value from the SSL object)

But X509_STORE_CTX_get1_chain() returns the trusted chain, which is only available after X509_verify_cert() runs.

What I need is X509_STORE_CTX::untrusted (which has just the certs from the handshake) but it's apparently not exported via the API.

I could just pass the final cert to WinCrypt but that would mean downloading the intermediate certs which I want to avoid.

My question is, am I doing something backwards ? Should I let openssl build the chain and do the validation, and then redo it using WinCrypt ? That seems gross. I can add a X509_STORE_CTX_get_untrusted() function and rebuild libeay32.dll but I'd rather not.

Answer 1

As far as I konow the default verification function is X509_verify_cert. This function is called if you don't set your own verification callback (with SSL_CTX_set_cert_verify_callback). It is defined in crypto/x509/x509_vfy.c. I would suggest you look at the source code of this function to figure out what exactly you should do to convince OpenSSL to collaborate (e.g. return error codes properly).

I hope that helps.

P.S. It looks like you're right: there are to accessors functions for X509_STORE_CTX::untrusted, so it may be OpenSSL's "private" stuff. In the X509_verify_cert this variable is simply accessed directly.