From: Dr. David von Oheimb Date: Wed, 27 Jan 2021 21:13:30 +0000 (+0100) Subject: tls_process_{client,server}_certificate(): allow verify_callback return > 1 X-Git-Tag: openssl-3.0.0-beta2~36 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4672e5de9e22a752870c9a05e0a92faef9e6f340;p=thirdparty%2Fopenssl.git tls_process_{client,server}_certificate(): allow verify_callback return > 1 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13937) --- diff --git a/CHANGES.md b/CHANGES.md index 8109e0ad8da..49031339d0a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -292,6 +292,15 @@ breaking changes, and mappings for the large list of deprecated functions. * Deprecated the obsolete X9.31 RSA key generation related functions. + * While a callback function set via `SSL_CTX_set_cert_verify_callback()` + is not allowed to return a value > 1, this is no more taken as failure. + + *Viktor Dukhovni and David von Oheimb* + + * Deprecated the obsolete X9.31 RSA key generation related functions + BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and + BN_X931_generate_prime_ex(). + *Tomáš Mráz* * The default key generation method for the regular 2-prime RSA keys was diff --git a/doc/man3/SSL_CTX_set_cert_verify_callback.pod b/doc/man3/SSL_CTX_set_cert_verify_callback.pod index 87ea772fb73..fdeeaee6d75 100644 --- a/doc/man3/SSL_CTX_set_cert_verify_callback.pod +++ b/doc/man3/SSL_CTX_set_cert_verify_callback.pod @@ -32,11 +32,11 @@ By setting I to NULL, the default behaviour is restored. I should return 1 to indicate verification success and 0 to indicate verification failure. -In server mode, a return value other than 1 leads to handshake failure. +In server mode, a return value of 0 leads to handshake failure. In client mode, the behaviour is as follows. -A return value greater than 1 leads to handshake failure. -Other values are ignored if the verification mode is B. -On return value 0 the handshake will fail. +All values, including 0, are ignored +if the verification mode is B. +Otherwise, when the return value is 0, the handshake will fail. In client mode I may also return -1, typically on failure verifying the server certificate. diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index d5aa8797ffc..d12d1e947e6 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1884,10 +1884,6 @@ WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst) return WORK_ERROR; } ERR_clear_error(); /* but we keep s->verify_result */ - if (i > 1) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, i); - return WORK_ERROR; - } /* * Inconsistency alert: cert_chain does include the peer's certificate, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 35e023b781d..2be50733fe6 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3524,10 +3524,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; } - if (i > 1) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, i); - goto err; - } pkey = X509_get0_pubkey(sk_X509_value(sk, 0)); if (pkey == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,