On Tue, Dec 15, 2015 at 12:07:17AM +0000, Viktor Dukhovni wrote:
> I see what happens, the fisrt callback is from OpenSSL's own chain
> building code that fails to find a WebPKI trust anchor and reports
> the root CA as an unknown self-signed object in the chain.
>
> The second callback is from my code, which finds that further more
> there are no DANE trust anchors to validate the chain. Since the
> first callback allowed the handshake to continue, and I don't have
> any information about the earlier callback having taken place, I
> signal that the certificate lacks any DANE-based trust. Otherwise,
> it might pass based on WebPKI trust alone, but we're doing DANE.
>
> So the callback is needed for now. Once DANE support is in OpenSSL
> itself, it should be possible to avoid the duplication of bad news.
Speaking of callbacks and so on, I see that it was still possible
to misreport the match depth for PKIX-EE in the presence of PKIX-TA
records, so just I pushed a commit for that. Since opportunistic
DANE TLS for SMTP does not use either PKIX-TA or PKIX-EE, this
should not affect Exim, but you may as well be current with the
head commit.
commit e55da2735733f2d21185ebc7e3a88fa08b403855
Author: Viktor Dukhovni <postfix-users@???>
Date: Mon Dec 14 19:04:34 2015 -0500
When PKIX-EE matches don't clobber depth by trying PKIX-TA
diff --git a/danessl.c b/danessl.c
index 0271030..a8b7a22 100644
--- a/danessl.c
+++ b/danessl.c
@@ -874,7 +874,7 @@ static int verify_chain(X509_STORE_CTX *ctx)
*/
if (leaf_rrs)
matched = match(leaf_rrs, xn, 0);
- if (issuer_rrs) {
+ if (!matched && issuer_rrs) {
for (n = chain_length-1; !matched && n >= 0; --n) {
xn = sk_X509_value(ctx->chain, n);
if (n > 0 || X509_check_issued(xn, xn) == X509_V_OK)
--
Viktor.
