2 * Verify or create TLS authentication with DANE (RFC6698)
4 * (c) NLnetLabs 2012-2020
6 * See the file LICENSE for the license.
10 #include <ldns/config.h>
13 #include <ldns/ldns.h>
14 #include <ldns/dane.h>
18 #include <sys/types.h>
19 #ifdef HAVE_SYS_SOCKET_H
20 #include <sys/socket.h>
27 #include <openssl/ssl.h>
28 #include <openssl/err.h>
29 #include <openssl/x509v3.h>
32 /* OpenSSL context options. At the moment, disable SSLv2, SSLv3
33 * and Compression, if available. TLSv1.0 is allowed at the moment.
34 * TLSv1.1 is the first to provide elliptic curves, so it is usually
35 * allowed in a TLS stack. TLSv1.2 is the first to provide authentication
36 * modes of operation, like GCM. The defines below are a moving
37 * target based on OpenSSL library version. Grep is useful to find
38 * the defines: grep -IR SSL_OP_NO_ /usr/include/openssl.
41 # ifdef SSL_OP_NO_SSLv2
42 const long NoOpenSSLv2
= SSL_OP_NO_SSLv2
;
44 const long NoOpenSSLv2
= 0L;
46 # ifdef SSL_OP_NO_SSLv3
47 const long NoOpenSSLv3
= SSL_OP_NO_SSLv3
;
49 const long NoOpenSSLv3
= 0L;
51 # ifdef SSL_OP_NO_TLSv1
52 const long NoOpenTLSv1
= SSL_OP_NO_TLSv1
;
54 const long NoOpenTLSv1
= 0L;
56 # ifdef SSL_OP_NO_DTLSv1
57 const long NoOpenDTLSv1
= SSL_OP_NO_DTLSv1
;
59 const long NoOpenDTLSv1
= 0L;
61 # ifdef SSL_OP_NO_COMPRESSION
62 const long NoOpenSSLCompression
= SSL_OP_NO_COMPRESSION
;
64 const long NoOpenSSLCompression
= 0L;
68 #if defined(USE_DANE_VERIFY) && defined(USE_DANE_TA_USAGE)
70 ldns_dane_new_ssl_context(void)
74 ssl_ctx
= SSL_CTX_new(TLS_client_method());
77 /* ldns allows TLS and DTLS v1.0 at the moment. Some may disagree.
78 * Sometime in the future they may be disabled, too. Maybe
79 * --disable-tlsv1 and --disable-dtlsv1 should be configure options.
81 long flags
= NoOpenSSLv2
| NoOpenSSLv3
| NoOpenSSLCompression
;
82 SSL_CTX_set_options(ssl_ctx
, flags
);
90 ldns_dane_create_tlsa_owner(ldns_rdf
** tlsa_owner
, const ldns_rdf
* name
,
91 uint16_t port
, ldns_dane_transport transport
)
93 char buf
[LDNS_MAX_DOMAINLEN
];
96 assert(tlsa_owner
!= NULL
);
98 assert(ldns_rdf_get_type(name
) == LDNS_RDF_TYPE_DNAME
);
100 s
= (size_t)snprintf(buf
, LDNS_MAX_DOMAINLEN
, "X_%d", (int)port
);
101 buf
[0] = (char)(s
- 1);
104 case LDNS_DANE_TRANSPORT_TCP
:
105 s
+= snprintf(buf
+ s
, LDNS_MAX_DOMAINLEN
- s
, "\004_tcp");
108 case LDNS_DANE_TRANSPORT_UDP
:
109 s
+= snprintf(buf
+ s
, LDNS_MAX_DOMAINLEN
- s
, "\004_udp");
112 case LDNS_DANE_TRANSPORT_SCTP
:
113 s
+= snprintf(buf
+ s
, LDNS_MAX_DOMAINLEN
- s
, "\005_sctp");
117 return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT
;
119 if (s
+ ldns_rdf_size(name
) > LDNS_MAX_DOMAINLEN
) {
120 return LDNS_STATUS_DOMAINNAME_OVERFLOW
;
122 memcpy(buf
+ s
, ldns_rdf_data(name
), ldns_rdf_size(name
));
123 *tlsa_owner
= ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME
,
124 s
+ ldns_rdf_size(name
), buf
);
125 if (*tlsa_owner
== NULL
) {
126 return LDNS_STATUS_MEM_ERR
;
128 return LDNS_STATUS_OK
;
134 ldns_dane_cert2rdf(ldns_rdf
** rdf
, X509
* cert
,
135 ldns_tlsa_selector selector
,
136 ldns_tlsa_matching_type matching_type
)
138 unsigned char* buf
= NULL
;
141 X509_PUBKEY
* xpubkey
;
144 unsigned char* digest
;
147 assert(cert
!= NULL
);
150 case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE
:
152 len
= (size_t)i2d_X509(cert
, &buf
);
155 case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO
:
158 xpubkey
= X509_get_X509_PUBKEY(cert
);
161 return LDNS_STATUS_SSL_ERR
;
163 epubkey
= X509_PUBKEY_get(xpubkey
);
165 return LDNS_STATUS_SSL_ERR
;
167 len
= (size_t)i2d_PUBKEY(epubkey
, &buf
);
171 return LDNS_STATUS_DANE_UNKNOWN_SELECTOR
;
174 switch(matching_type
) {
175 case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED
:
177 *rdf
= ldns_rdf_new(LDNS_RDF_TYPE_HEX
, len
, buf
);
179 return *rdf
? LDNS_STATUS_OK
: LDNS_STATUS_MEM_ERR
;
182 case LDNS_TLSA_MATCHING_TYPE_SHA256
:
184 digest
= LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH
);
185 if (digest
== NULL
) {
187 return LDNS_STATUS_MEM_ERR
;
189 (void) ldns_sha256(buf
, (unsigned int)len
, digest
);
190 *rdf
= ldns_rdf_new(LDNS_RDF_TYPE_HEX
, LDNS_SHA256_DIGEST_LENGTH
,
194 return *rdf
? LDNS_STATUS_OK
: LDNS_STATUS_MEM_ERR
;
197 case LDNS_TLSA_MATCHING_TYPE_SHA512
:
199 digest
= LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH
);
200 if (digest
== NULL
) {
202 return LDNS_STATUS_MEM_ERR
;
204 (void) ldns_sha512(buf
, (unsigned int)len
, digest
);
205 *rdf
= ldns_rdf_new(LDNS_RDF_TYPE_HEX
, LDNS_SHA512_DIGEST_LENGTH
,
209 return *rdf
? LDNS_STATUS_OK
: LDNS_STATUS_MEM_ERR
;
214 return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE
;
219 /* Ordinary PKIX validation of cert (with extra_certs to help)
220 * against the CA's in store
223 ldns_dane_pkix_validate(X509
* cert
, STACK_OF(X509
)* extra_certs
,
226 X509_STORE_CTX
* vrfy_ctx
;
230 return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE
;
232 vrfy_ctx
= X509_STORE_CTX_new();
235 return LDNS_STATUS_SSL_ERR
;
237 } else if (X509_STORE_CTX_init(vrfy_ctx
, store
,
238 cert
, extra_certs
) != 1) {
239 s
= LDNS_STATUS_SSL_ERR
;
241 } else if (X509_verify_cert(vrfy_ctx
) == 1) {
246 s
= LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE
;
248 X509_STORE_CTX_free(vrfy_ctx
);
253 /* Ordinary PKIX validation of cert (with extra_certs to help)
254 * against the CA's in store, but also return the validation chain.
257 ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509
)** chain
, X509
* cert
,
258 STACK_OF(X509
)* extra_certs
, X509_STORE
* store
)
261 X509_STORE
* empty_store
= NULL
;
262 X509_STORE_CTX
* vrfy_ctx
;
264 assert(chain
!= NULL
);
267 store
= empty_store
= X509_STORE_new();
269 s
= LDNS_STATUS_SSL_ERR
;
270 vrfy_ctx
= X509_STORE_CTX_new();
273 goto exit_free_empty_store
;
275 } else if (X509_STORE_CTX_init(vrfy_ctx
, store
,
276 cert
, extra_certs
) != 1) {
277 goto exit_free_vrfy_ctx
;
279 } else if (X509_verify_cert(vrfy_ctx
) == 1) {
284 s
= LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE
;
286 *chain
= X509_STORE_CTX_get1_chain(vrfy_ctx
);
288 s
= LDNS_STATUS_SSL_ERR
;
292 X509_STORE_CTX_free(vrfy_ctx
);
294 exit_free_empty_store
:
296 X509_STORE_free(empty_store
);
302 /* Return the validation chain that can be build out of cert, with extra_certs.
305 ldns_dane_pkix_get_chain(STACK_OF(X509
)** chain
,
306 X509
* cert
, STACK_OF(X509
)* extra_certs
)
309 X509_STORE
* empty_store
= NULL
;
310 X509_STORE_CTX
* vrfy_ctx
;
312 assert(chain
!= NULL
);
314 empty_store
= X509_STORE_new();
315 s
= LDNS_STATUS_SSL_ERR
;
316 vrfy_ctx
= X509_STORE_CTX_new();
319 goto exit_free_empty_store
;
321 } else if (X509_STORE_CTX_init(vrfy_ctx
, empty_store
,
322 cert
, extra_certs
) != 1) {
323 goto exit_free_vrfy_ctx
;
325 (void) X509_verify_cert(vrfy_ctx
);
326 *chain
= X509_STORE_CTX_get1_chain(vrfy_ctx
);
328 s
= LDNS_STATUS_SSL_ERR
;
333 X509_STORE_CTX_free(vrfy_ctx
);
335 exit_free_empty_store
:
336 X509_STORE_free(empty_store
);
341 /* Pop n+1 certs and return the last popped.
344 ldns_dane_get_nth_cert_from_validation_chain(
345 X509
** cert
, STACK_OF(X509
)* chain
, int n
, bool ca
)
347 if (n
>= sk_X509_num(chain
) || n
< 0) {
348 return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE
;
350 *cert
= sk_X509_pop(chain
);
353 *cert
= sk_X509_pop(chain
);
355 if (ca
&& ! X509_check_ca(*cert
)) {
356 return LDNS_STATUS_DANE_NON_CA_CERTIFICATE
;
358 return LDNS_STATUS_OK
;
362 /* Create validation chain with cert and extra_certs and returns the last
363 * self-signed (if present).
366 ldns_dane_pkix_get_last_self_signed(X509
** out_cert
,
367 X509
* cert
, STACK_OF(X509
)* extra_certs
)
370 X509_STORE
* empty_store
= NULL
;
371 X509_STORE_CTX
* vrfy_ctx
;
373 assert(out_cert
!= NULL
);
375 empty_store
= X509_STORE_new();
376 s
= LDNS_STATUS_SSL_ERR
;
377 vrfy_ctx
= X509_STORE_CTX_new();
379 goto exit_free_empty_store
;
381 } else if (X509_STORE_CTX_init(vrfy_ctx
, empty_store
,
382 cert
, extra_certs
) != 1) {
383 goto exit_free_vrfy_ctx
;
386 (void) X509_verify_cert(vrfy_ctx
);
387 if (X509_STORE_CTX_get_error(vrfy_ctx
) == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
||
388 X509_STORE_CTX_get_error(vrfy_ctx
) == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
){
390 *out_cert
= X509_STORE_CTX_get_current_cert( vrfy_ctx
);
393 s
= LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR
;
396 X509_STORE_CTX_free(vrfy_ctx
);
398 exit_free_empty_store
:
399 X509_STORE_free(empty_store
);
405 ldns_dane_select_certificate(X509
** selected_cert
,
406 X509
* cert
, STACK_OF(X509
)* extra_certs
,
407 X509_STORE
* pkix_validation_store
,
408 ldns_tlsa_certificate_usage cert_usage
, int offset
)
411 STACK_OF(X509
)* pkix_validation_chain
= NULL
;
413 assert(selected_cert
!= NULL
);
414 assert(cert
!= NULL
);
416 /* With PKIX validation explicitly turned off (pkix_validation_store
417 * == NULL), treat the "CA constraint" and "Service certificate
418 * constraint" the same as "Trust anchor assertion" and "Domain issued
419 * certificate" respectively.
421 if (pkix_validation_store
== NULL
) {
422 switch (cert_usage
) {
424 case LDNS_TLSA_USAGE_CA_CONSTRAINT
:
426 cert_usage
= LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION
;
429 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT
:
431 cert_usage
= LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE
;
439 /* Now what to do with each Certificate usage...
441 switch (cert_usage
) {
443 case LDNS_TLSA_USAGE_CA_CONSTRAINT
:
445 s
= ldns_dane_pkix_validate_and_get_chain(
446 &pkix_validation_chain
,
448 pkix_validation_store
);
449 if (! pkix_validation_chain
) {
452 if (s
== LDNS_STATUS_OK
) {
456 s
= ldns_dane_get_nth_cert_from_validation_chain(
457 selected_cert
, pkix_validation_chain
,
460 sk_X509_pop_free(pkix_validation_chain
, X509_free
);
465 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT
:
467 *selected_cert
= cert
;
468 return ldns_dane_pkix_validate(cert
, extra_certs
,
469 pkix_validation_store
);
473 case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION
:
476 s
= ldns_dane_pkix_get_last_self_signed(
477 selected_cert
, cert
, extra_certs
);
480 s
= ldns_dane_pkix_get_chain(
481 &pkix_validation_chain
,
483 if (s
== LDNS_STATUS_OK
) {
485 ldns_dane_get_nth_cert_from_validation_chain(
486 selected_cert
, pkix_validation_chain
,
488 } else if (! pkix_validation_chain
) {
491 sk_X509_pop_free(pkix_validation_chain
, X509_free
);
497 case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE
:
499 *selected_cert
= cert
;
500 return LDNS_STATUS_OK
;
504 return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE
;
511 ldns_dane_create_tlsa_rr(ldns_rr
** tlsa
,
512 ldns_tlsa_certificate_usage certificate_usage
,
513 ldns_tlsa_selector selector
,
514 ldns_tlsa_matching_type matching_type
,
520 assert(tlsa
!= NULL
);
521 assert(cert
!= NULL
);
524 *tlsa
= ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA
);
526 return LDNS_STATUS_MEM_ERR
;
529 rdf
= ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8
,
530 (uint8_t)certificate_usage
);
534 (void) ldns_rr_set_rdf(*tlsa
, rdf
, 0);
536 rdf
= ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8
, (uint8_t)selector
);
540 (void) ldns_rr_set_rdf(*tlsa
, rdf
, 1);
542 rdf
= ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8
, (uint8_t)matching_type
);
546 (void) ldns_rr_set_rdf(*tlsa
, rdf
, 2);
548 s
= ldns_dane_cert2rdf(&rdf
, cert
, selector
, matching_type
);
549 if (s
== LDNS_STATUS_OK
) {
550 (void) ldns_rr_set_rdf(*tlsa
, rdf
, 3);
551 return LDNS_STATUS_OK
;
560 return LDNS_STATUS_MEM_ERR
;
564 #ifdef USE_DANE_VERIFY
565 /* Return tlsas that actually are TLSA resource records with known values
566 * for the Certificate usage, Selector and Matching type rdata fields.
569 ldns_dane_filter_unusable_records(const ldns_rr_list
* tlsas
)
572 ldns_rr_list
* r
= ldns_rr_list_new();
578 for (i
= 0; i
< ldns_rr_list_rr_count(tlsas
); i
++) {
579 tlsa_rr
= ldns_rr_list_rr(tlsas
, i
);
580 if (ldns_rr_get_type(tlsa_rr
) == LDNS_RR_TYPE_TLSA
&&
581 ldns_rr_rd_count(tlsa_rr
) == 4 &&
582 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr
, 0)) <= 3 &&
583 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr
, 1)) <= 1 &&
584 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr
, 2)) <= 2) {
586 if (! ldns_rr_list_push_rr(r
, tlsa_rr
)) {
587 ldns_rr_list_free(r
);
596 #if !defined(USE_DANE_TA_USAGE)
597 /* Return whether cert/selector/matching_type matches data.
600 ldns_dane_match_cert_with_data(X509
* cert
, ldns_tlsa_selector selector
,
601 ldns_tlsa_matching_type matching_type
, ldns_rdf
* data
)
604 ldns_rdf
* match_data
;
606 s
= ldns_dane_cert2rdf(&match_data
, cert
, selector
, matching_type
);
607 if (s
== LDNS_STATUS_OK
) {
608 if (ldns_rdf_compare(data
, match_data
) != 0) {
609 s
= LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH
;
611 ldns_rdf_free(match_data
);
617 /* Return whether any certificate from the chain with selector/matching_type
619 * ca should be true if the certificate has to be a CA certificate too.
622 ldns_dane_match_any_cert_with_data(STACK_OF(X509
)* chain
,
623 ldns_tlsa_selector selector
,
624 ldns_tlsa_matching_type matching_type
,
625 ldns_rdf
* data
, bool ca
)
627 ldns_status s
= LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH
;
631 n
= (size_t)sk_X509_num(chain
);
632 for (i
= 0; i
< n
; i
++) {
633 cert
= sk_X509_pop(chain
);
635 s
= LDNS_STATUS_SSL_ERR
;
638 s
= ldns_dane_match_cert_with_data(cert
,
639 selector
, matching_type
, data
);
640 if (ca
&& s
== LDNS_STATUS_OK
&& ! X509_check_ca(cert
)) {
641 s
= LDNS_STATUS_DANE_NON_CA_CERTIFICATE
;
644 if (s
!= LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH
) {
647 /* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
648 * try to match the next certificate
653 #endif /* !defined(USE_DANE_TA_USAGE) */
654 #endif /* USE_DANE_VERIFY */
656 #ifdef USE_DANE_VERIFY
658 ldns_dane_verify_rr(const ldns_rr
* tlsa_rr
,
659 X509
* cert
, STACK_OF(X509
)* extra_certs
,
660 X509_STORE
* pkix_validation_store
)
662 #if defined(USE_DANE_TA_USAGE)
663 SSL_CTX
*ssl_ctx
= NULL
;
665 X509_STORE_CTX
*store_ctx
= NULL
;
667 STACK_OF(X509
)* pkix_validation_chain
= NULL
;
669 ldns_status s
= LDNS_STATUS_OK
;
671 ldns_tlsa_certificate_usage usage
;
672 ldns_tlsa_selector selector
;
673 ldns_tlsa_matching_type mtype
;
676 if (! tlsa_rr
|| ldns_rr_get_type(tlsa_rr
) != LDNS_RR_TYPE_TLSA
||
677 ldns_rr_rd_count(tlsa_rr
) != 4 ||
678 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr
, 0)) > 3 ||
679 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr
, 1)) > 1 ||
680 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr
, 2)) > 2 ) {
681 /* No (usable) TLSA, so regular PKIX validation
683 return ldns_dane_pkix_validate(cert
, extra_certs
,
684 pkix_validation_store
);
686 usage
= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr
, 0));
687 selector
= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr
, 1));
688 mtype
= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr
, 2));
689 data
= ldns_rr_rdf(tlsa_rr
, 3) ;
691 #if defined(USE_DANE_TA_USAGE)
692 /* Rely on OpenSSL dane functions.
694 * OpenSSL does not provide offline dane verification. The dane unit
695 * tests within openssl use the undocumented SSL_get0_dane() and
696 * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
697 * SSL_CTX to a X509_STORE_CTX that can be used to do offline
698 * verification. We use these undocumented means with the ldns
699 * dane function prototypes which did only offline dane verification.
701 if (!(ssl_ctx
= ldns_dane_new_ssl_context()))
702 s
= LDNS_STATUS_MEM_ERR
;
704 else if (SSL_CTX_dane_enable(ssl_ctx
) <= 0)
705 s
= LDNS_STATUS_SSL_ERR
;
707 else if (SSL_CTX_dane_set_flags(
708 ssl_ctx
, DANE_FLAG_NO_DANE_EE_NAMECHECKS
),
709 !(ssl
= SSL_new(ssl_ctx
)))
710 s
= LDNS_STATUS_MEM_ERR
;
712 else if (SSL_set_connect_state(ssl
),
713 (SSL_dane_enable(ssl
, NULL
) <= 0))
714 s
= LDNS_STATUS_SSL_ERR
;
716 else if (SSL_dane_tlsa_add(ssl
, usage
, selector
, mtype
,
717 ldns_rdf_data(data
), ldns_rdf_size(data
)) <= 0)
718 s
= LDNS_STATUS_SSL_ERR
;
720 else if (!(store_ctx
= X509_STORE_CTX_new()))
721 s
= LDNS_STATUS_MEM_ERR
;
723 else if (!X509_STORE_CTX_init(store_ctx
, pkix_validation_store
, cert
, extra_certs
))
724 s
= LDNS_STATUS_SSL_ERR
;
729 X509_STORE_CTX_set_default(store_ctx
,
730 SSL_is_server(ssl
) ? "ssl_client" : "ssl_server");
731 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx
),
732 SSL_get0_param(ssl
));
733 X509_STORE_CTX_set0_dane(store_ctx
, SSL_get0_dane(ssl
));
734 if (SSL_get_verify_callback(ssl
))
735 X509_STORE_CTX_set_verify_cb(store_ctx
, SSL_get_verify_callback(ssl
));
737 ret
= X509_verify_cert(store_ctx
);
739 if (X509_STORE_CTX_get_error(store_ctx
) == X509_V_ERR_DANE_NO_MATCH
)
740 s
= LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH
;
742 s
= LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE
;
744 X509_STORE_CTX_cleanup(store_ctx
);
747 X509_STORE_CTX_free(store_ctx
);
751 SSL_CTX_free(ssl_ctx
);
755 case LDNS_TLSA_USAGE_CA_CONSTRAINT
:
756 s
= ldns_dane_pkix_validate_and_get_chain(
757 &pkix_validation_chain
,
759 pkix_validation_store
);
760 if (! pkix_validation_chain
) {
763 if (s
== LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE
) {
765 * NO PKIX validation. We still try to match *any*
766 * certificate from the chain, so we return
767 * TLSA errors over PKIX errors.
769 * i.e. When the TLSA matches no certificate, we return
770 * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE
772 s
= ldns_dane_match_any_cert_with_data(
773 pkix_validation_chain
,
774 selector
, mtype
, data
, true);
776 if (s
== LDNS_STATUS_OK
) {
777 /* A TLSA record did match a cert from the
778 * chain, thus the error is failed PKIX
781 s
= LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE
;
784 } else if (s
== LDNS_STATUS_OK
) {
785 /* PKIX validated, does the TLSA match too? */
787 s
= ldns_dane_match_any_cert_with_data(
788 pkix_validation_chain
,
789 selector
, mtype
, data
, true);
791 sk_X509_pop_free(pkix_validation_chain
, X509_free
);
795 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT
:
797 s
= ldns_dane_match_cert_with_data(cert
,
798 selector
, mtype
, data
);
800 if (s
== LDNS_STATUS_OK
) {
801 return ldns_dane_pkix_validate(cert
, extra_certs
,
802 pkix_validation_store
);
807 case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION
:
809 s
= ldns_dane_pkix_get_chain(&pkix_validation_chain
,
812 if (s
== LDNS_STATUS_OK
) {
813 s
= ldns_dane_match_any_cert_with_data(
814 pkix_validation_chain
,
815 selector
, mtype
, data
, false);
817 } else if (! pkix_validation_chain
) {
820 sk_X509_pop_free(pkix_validation_chain
, X509_free
);
823 return LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA
;
827 case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE
:
828 return ldns_dane_match_cert_with_data(cert
,
829 selector
, mtype
, data
);
836 return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE
;
841 ldns_dane_verify(const ldns_rr_list
* tlsas
,
842 X509
* cert
, STACK_OF(X509
)* extra_certs
,
843 X509_STORE
* pkix_validation_store
)
845 #if defined(USE_DANE_TA_USAGE)
846 SSL_CTX
*ssl_ctx
= NULL
;
847 ldns_rdf
*basename_rdf
= NULL
;
848 char *basename
= NULL
;
850 X509_STORE_CTX
*store_ctx
= NULL
;
856 ldns_rr_list
*usable_tlsas
;
857 ldns_status s
= LDNS_STATUS_OK
;
859 assert(cert
!= NULL
);
861 if (! tlsas
|| ldns_rr_list_rr_count(tlsas
) == 0)
862 /* No TLSA's, so regular PKIX validation
864 return ldns_dane_pkix_validate(cert
, extra_certs
,
865 pkix_validation_store
);
867 /* To enable name checks (which we don't) */
868 #if defined(USE_DANE_TA_USAGE) && 0
869 else if (!(basename_rdf
= ldns_dname_clone_from(
870 ldns_rr_list_owner(tlsas
), 2)))
871 /* Could nog get DANE base name */
874 else if (!(basename
= ldns_rdf2str(basename_rdf
)))
875 s
= LDNS_STATUS_MEM_ERR
;
877 else if (strlen(basename
) && (basename
[strlen(basename
)-1] = 0))
878 s
= LDNS_STATUS_ERR
; /* Intended to be unreachable */
881 else if (!(usable_tlsas
= ldns_dane_filter_unusable_records(tlsas
)))
882 return LDNS_STATUS_MEM_ERR
;
884 else if (ldns_rr_list_rr_count(usable_tlsas
) == 0) {
885 /* No TLSA's, so regular PKIX validation
887 ldns_rr_list_free(usable_tlsas
);
888 return ldns_dane_pkix_validate(cert
, extra_certs
,
889 pkix_validation_store
);
891 #if defined(USE_DANE_TA_USAGE)
892 /* Rely on OpenSSL dane functions.
894 * OpenSSL does not provide offline dane verification. The dane unit
895 * tests within openssl use the undocumented SSL_get0_dane() and
896 * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
897 * SSL_CTX to a X509_STORE_CTX that can be used to do offline
898 * verification. We use these undocumented means with the ldns
899 * dane function prototypes which did only offline dane verification.
901 if (!(ssl_ctx
= ldns_dane_new_ssl_context()))
902 s
= LDNS_STATUS_MEM_ERR
;
904 else if (SSL_CTX_dane_enable(ssl_ctx
) <= 0)
905 s
= LDNS_STATUS_SSL_ERR
;
907 else if (SSL_CTX_dane_set_flags(
908 ssl_ctx
, DANE_FLAG_NO_DANE_EE_NAMECHECKS
),
909 !(ssl
= SSL_new(ssl_ctx
)))
910 s
= LDNS_STATUS_MEM_ERR
;
912 else if (SSL_set_connect_state(ssl
),
913 (SSL_dane_enable(ssl
, basename
) <= 0))
914 s
= LDNS_STATUS_SSL_ERR
;
916 else for (i
= 0; i
< ldns_rr_list_rr_count(usable_tlsas
); i
++) {
917 ldns_tlsa_certificate_usage usage
;
918 ldns_tlsa_selector selector
;
919 ldns_tlsa_matching_type mtype
;
922 tlsa_rr
= ldns_rr_list_rr(usable_tlsas
, i
);
923 usage
= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr
,0));
924 selector
= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr
,1));
925 mtype
= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr
,2));
926 data
= ldns_rr_rdf(tlsa_rr
,3) ;
928 if (SSL_dane_tlsa_add(ssl
, usage
, selector
, mtype
,
930 ldns_rdf_size(data
)) <= 0) {
931 s
= LDNS_STATUS_SSL_ERR
;
935 if (!s
&& !(store_ctx
= X509_STORE_CTX_new()))
936 s
= LDNS_STATUS_MEM_ERR
;
938 else if (!X509_STORE_CTX_init(store_ctx
, pkix_validation_store
, cert
, extra_certs
))
939 s
= LDNS_STATUS_SSL_ERR
;
944 X509_STORE_CTX_set_default(store_ctx
,
945 SSL_is_server(ssl
) ? "ssl_client" : "ssl_server");
946 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx
),
947 SSL_get0_param(ssl
));
948 X509_STORE_CTX_set0_dane(store_ctx
, SSL_get0_dane(ssl
));
949 if (SSL_get_verify_callback(ssl
))
950 X509_STORE_CTX_set_verify_cb(store_ctx
, SSL_get_verify_callback(ssl
));
952 ret
= X509_verify_cert(store_ctx
);
954 if (X509_STORE_CTX_get_error(store_ctx
) == X509_V_ERR_DANE_NO_MATCH
)
955 s
= LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH
;
957 s
= LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE
;
959 X509_STORE_CTX_cleanup(store_ctx
);
962 X509_STORE_CTX_free(store_ctx
);
966 SSL_CTX_free(ssl_ctx
);
969 ldns_rdf_deep_free(basename_rdf
);
971 for (i
= 0; i
< ldns_rr_list_rr_count(usable_tlsas
); i
++) {
972 tlsa_rr
= ldns_rr_list_rr(usable_tlsas
, i
);
974 s
= ldns_dane_verify_rr(tlsa_rr
, cert
, extra_certs
,
975 pkix_validation_store
);
977 if (s
!= LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH
&&
978 s
!= LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE
&&
979 s
!= LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA
) {
981 /* which would be LDNS_STATUS_OK (match)
982 * or some fatal error preventing use from
983 * trying the next TLSA record.
987 s
= (s
> ps
? s
: ps
); /* pref NEED_OPENSSL_GE_1_1_FOR_DANE_TA
988 * over PKIX_DID_NOT_VALIDATE
989 * over TLSA_DID_NOT_MATCH
993 ldns_rr_list_free(usable_tlsas
);
996 #endif /* USE_DANE_VERIFY */
997 #endif /* HAVE_SSL */
998 #endif /* USE_DANE */