rfc5280 chain validation implementation?

[Simon Josefsson]

Werner Koch <wk at gnupg.org> writes:

> On Thu, 23 Apr 2009 15:31, simon at josefsson.org said:
>
>> Hi.  I think GnuTLS needs a proper RFC 5280 chain validation
>> implementation (see section 6), and it occurred to me that somewhere in
>> the X.509 code in GnuPG2 there may be one.  I couldn't find one in
>> libksba.
>
> The algorithm given there is hard to implement but other algorithms are
> allowed as well, as long as they yield the same result.  (From memory, I
> have not looked at 5280).

Right.  It is difficult to document any another algorithm and prove that
it leads to the same result though.  The RFC 5280 algorithm is well
described and seems possible to implement directly.

> Libksba has no such code.  The reason is that you need too many
> parameters and those parameters (e.g. certificates) might not be
> available right aways but computed in the course of the validation.  CRL
> or OCSP validation has also been done, policy checks and so on.  A lot
> of stuff and code to handle this all in a generic ways would be more
> complicated for the caller and and the library than a straightforward
> implementation.  At least this is my conclusion from implementing the
> chain validation two times.
>
> It would be possible to do this on another way, e.g. collect all
> certificates that might be needed for the validation before calling ten
> validation function.  That would require to build the chain before the
> validation but that is not possible, because you don't always know what
> rule to use without actually validating the chain.  Sometimes you need to
> do trial verification to decide whether a certificate can be used or
> whether to resort to another method of locating it.  Its quite close to
> a catch-22.  Right the algorithm given for PKIX work in a properly setup
> PKI - but we are far away from such an environment.

I think we must separate path validation from path construction.
Building a chain using various locally trusted certificates, and
auxilliary certificates, is difficult, but what I need is only path
validation.

>> Is there one?
>
> There is code in gnupg and a different (and newer one) in dirmngr.

Ah, I know I have seen it somewhere before, thanks for the pointer.

> "dirmngr-client --validate" shows how to validate a certificate using
> dirmngr as a validation server.  It might be worth to think about a
> validation server because such a server could cache validation results
> on some realm base (say for TLS, for X.509 mail, for OpenVPN etc.).

Indeed, I have started to think about separating the path validation
from GnuTLS into a separate server.  Protocol ideas in:

http://redmine.josefsson.org/projects/gnutls/wiki/GnuTLSExternalValidation

The best would be if GnuTLS would not have to implement path validation
or private key operations in the same process as the TLS implementation.

/Simon