Educating yourself does not mean that you were stupid in the first place; it means that you are intelligent enough to know that there is plenty left to 'learn'. -Melanie Joy

Tuesday, 23 May 2017

OpenSSL - How to verify certificate chain with CRL?

May 23, 2017 Posted by Dinesh , , ,
When any certificate is issued, it has a validity period which is defined by the Certification Authority. Usually, this is one or two years.

However, sometimes certificates should not be honored even during their validity period. For example, if the private key associated with a certificate is lost or exposed, then any authentication using that certificate should be denied.

That's where CRL comes into the picture. A CRL is a Certificate Revocation List which contains the list of certificates revoked by the authority.
These CRLs are usually stored in a centralized locations called CRL Distribution Point. This distribution point URI/URL will be made available in the certificate extensions by the authority.

Now let's say we have certificate chain like rca->ica->ee and CRL issued by rca and ica, How can we verify the certificate chain?

Command line:

openssl verify -crl_check -verbose -CAfile <(cat rca.pem ica.pem crl_rca.pem crl_ica.pem) ee.pem

C++ way:
Here is the sample class called CertificateStore which is used to verify the certificate chain with CRL.
This class creates a global store and a store context (ctx). All the required flags and the directory paths are set to the global store and certificate chain verify happens through store ctx.

This store ctx can be used only once to verify the certificate chain. If you want to verify new chain, new store ctx has to be created but this new store ctx can be initialized from the global store using which it can inherit the properties of the global store.

We can add certificates and CRLs to the store individually using X509_STORE_add_cer/X509_STORE_add_crl methods or we can use the directory lookup using the X509_LOOKUP_add_dir method.

If you are using hash directory lookup, OpenSSL computes the hash of the issuer and searches for the file with the name which matches <hash>.rN.
More details in https://www.openssl.org/docs/man1.1.0/crypto/X509_LOOKUP_file.html