[gnutls-devel] Hashing CA certs 'subject' to avoid cert preloading

Tim Ruehsen tim.ruehsen at gmx.de
Wed Oct 7 16:28:47 CEST 2015

Hi Nikos,

On Tuesday 06 October 2015 09:40:13 Nikos Mavrogiannopoulos wrote:
> On Mon, Oct 5, 2015 at 10:14 AM, Tim Ruehsen <tim.ruehsen at gmx.de> wrote:
> > Hi Nikos, hi list members,
> > I asked for this a while ago but have to come back to this.
> > The following is a description based on my observations and assumptions:
> > OpenSSL provides 'c_rehash' to create hashes for the system CA certs.
> > These
> > hashes are based on 'subject' (what else ?) and are used as symbolic links
> > to the CA certs (e.g. on Debian in /etc/ssl/certs).
> > To check a server cert on TLS connect, one just have to hash the 'issuer'
> > and load the CA cert via the symbolic 'hash' link.
> > This allows for a very fast TLS application startup (leaving away the
> > preloading of ~180 CA certs).
> > If possible, the hash/symlink utility should be compatible with OpenSSL's
> > r_rehash. They use SHA1 hashing over 'canonicalized' data structures
> > (ASN.1, DER, CER ? - I have not enough knowledge in that area).
> Stef Walter has reimplemented the rehash algorithm for p11-kit trust
> module, you may want to take a look there.

Thanks for pointing me to p11-kit. It reads interesting and I will have a 
closer look at the API and source code soon.
Maybe I can drop in working on the proposed OCSP / CRL daemon, something I 
also already thought of.

> > I am willing to write such a hashing tool (using C) and to implement this
> > 'CACert load on demand' feature into Wget (just working on wget2 /
> > libwget).
> The problem with that format is that it is undocumented and changes
> with different versions of openssl (Stef has two versions in p11-kit).

FYI, there is the old (legacy) hash and the current (based on SHA1).

> For gnutls, I am already encouraging the usage of the p11-kit trust
> module for verification (Fedora already ships with that and my
> understanding from debconf15 is that Debian plans to switch to that
> too), so any improvements with cert loading outside p11-kit will
> disappear at some point. I'm not really sure which format p11-kit uses
> for certificate loading, but my take would be to improve that one as
> it affects equally gnutls and nss applications.
> Said that, for a quick fix I think we can get away with ...

I am not in a hurry. p11-kit sounds like the right place to work on.

Thanks for putting me on the right way.

Regards, Tim

More information about the Gnutls-devel mailing list