Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement verification functions #71

Merged
merged 0 commits into from
Jul 24, 2022
Merged

Implement verification functions #71

merged 0 commits into from
Jul 24, 2022

Conversation

Firgeis
Copy link
Contributor

@Firgeis Firgeis commented Apr 1, 2021
edited
Loading

Adds a pair of verification functions that accept a parsed PEM certificate.
add_extra_chain_cert to send additional chain certs to the peer.
add_cert_to_store to allow verification of the peer certificate CA. This function combines libssl SSL_CTX_get_cert_store and X509_STORE_add_cert so as not to expose the internal store unnecessarily.
Also improves use_certificate_from_string to read any type of key instead of just RSA

@Firgeis Firgeis changed the title Implement SSL_CTX_add_extra_chain_cert() Implement verification functions Apr 6, 2021
@Firgeis
Copy link
Contributor Author

Firgeis commented Apr 7, 2021
edited
Loading

@smimram Any chance I can get this reviewed?

@Firgeis Firgeis mentioned this pull request Apr 7, 2021
Merged
@anmonteiro anmonteiro mentioned this pull request Apr 10, 2021
Merged
@EduardoRFS
Copy link

This is really desirable for platforms where the certs are outdated.

@EduardoRFS
Copy link

but @Firgeis I think you need to separate the branch there is additional commits besides of the ones mentioned by the PR

@Firgeis
Copy link
Contributor Author

Firgeis commented May 24, 2021
edited
Loading

You are right @EduardoRFS, but I think it is worth including and doesn't conflict with the others.
It's a function to verify the IP address in a SAN

@anmonteiro
Copy link
Collaborator

I've been using this branch in Piaf and it's been working well. Would appreciate a review here and potentially a release.

anmonteiro added a commit to Firgeis/ocaml-ssl that referenced this pull request Jul 24, 2022
@anmonteiro
Add changelog entries for savonet#71
ebbb012
anmonteiro added a commit that referenced this pull request Jul 24, 2022
@anmonteiro
Add changelog entries for #71
fbbb8b7
@anmonteiro anmonteiro closed this Jul 24, 2022
@anmonteiro anmonteiro reopened this Jul 24, 2022
@anmonteiro anmonteiro mentioned this pull request Jul 24, 2022
Merged
@anmonteiro anmonteiro merged commit 3799dca into savonet:master Jul 24, 2022
anmonteiro added a commit to anmonteiro/opam-repository that referenced this pull request Aug 12, 2022
@anmonteiro
[new release] ssl (0.5.12)
29ec9be 
CHANGES:

- Add a few verification functions (savonet/ocaml-ssl#71):
  - `add_extra_chain_cert` to send additional chain certificates to the peer.
  - `add_cert_to_store`: to allow verification of the peer certificate CA.
  - `set_ip`: sets the expected IP address to be verified on a SSL socket.
- Improve `use_certificate_from_string` (savonet/ocaml-ssl#71) to read any type of key (rather
  than just RSA).
- Fix a segmentation fault in the ALPN selection callback under OCaml 5 (savonet/ocaml-ssl#89).
- Audit the C FFI and add `CAMLparamX` and `CAMLreturn` calls (savonet/ocaml-ssl#90).
@anmonteiro anmonteiro mentioned this pull request Aug 12, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Firgeis @EduardoRFS @anmonteiro