[Help-gnutls] Re: Authentication during Handshake

Simon Josefsson simon at josefsson.org
Mon May 19 22:53:16 CEST 2008 

"Rainer Gerhards" <rgerhards at gmail.com> writes:

> Hi Simon,

Hi Rainer!

> I am working on both the client and server sides.

Ok.

> What gives me most problems is the fingerprint authentication. In
> essence, each peer has a list of valid (remote peer's) certificate
> fingerprints. If the actual cert's fingerprint is in this list, the
> remote peer is succesfully authenticated. this is an alternate auth
> mode that does not require pki.
>
> I do not find samples of such and i have gotten the impression that
> something like this is not supported.

Ah, I thought you wanted to implement the normal client PKI mutual auth
approach.  This is the normal way you do authentication using TLS
libraries, and it should be relatively straightforward.

> In essence, I am looking for something like a callback that is called
> during handshake with the remote cert and that can reply with auth
> success/failure - all while in the handshaking porcess.
>
> Does that make any sense?

Yes, although I'm not sure it is a good idea to do it as part of the
handshake: until the handshake is over, you don't know whether there is
a man in the middle attacker present.  I suggest completing the
handshake as normal, and then compare fingerprints.  If fingerprint
comparisons fails, shut down the TLS session.

Ideally, I think the IETF draft should discuss some of these details.
It is easy to implement ssh-style leap-of-faith authentication
incorrectly.

/Simon

>
> Rainer
>
> On 5/19/08, Simon Josefsson <simon at josefsson.org> wrote:
>> "Rainer Gerhards" <rgerhards at gmail.com> writes:
>>
>>> Hi,
>>>
>>> I am implementing an upcoming IETF standard ( syslog over TLS,
>>> http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-12.txt
>>> ). As part of that standard, clients and server need to do mutual
>>> authentication, which can either happen via subject names OR via
>>> fingerprints of the certificates.
>>>
>>> I would like to do the mutual authentication as part of the handshake,
>>> so that the handshake does not complete successfully if the server can
>>> not successfully authenticate the client or the client not
>>> successfully authenticate the server. Is this possible with GnuTLS? If
>>> so, could you give me a clue on what I need to provide to get it
>>> working.
>>>
>>> Any feedback is deeply appreciated.
>>
>> If I understand correctly, you want to implement TLS client
>> authentication, i.e. when the client also uses a key+certificate.  Are
>> you working on the client or server side, or both?  In any case, check
>> the gnutls examples, there should be examples for this.
>>
>> /Simon
>>

More information about the Gnutls-help mailing list