X509 certificate verification: custom callback

Mbed TLS Generic
1

Hi,

I have added a custom callback function for x509_crt_verify() which gets called for each certificate in the chain. I am only storing the thumbprint of my root certificate instead of whole certificate. Except the root certificate rest of the intermediate certificates would be validated through their respective parents as it happens right now. However for root certificate the verification would fail with the flags set to MBEDTLS_X509_BADCERT_NOT_TRUSTED

I plan to postpone the root certificate verification in the callback. Problem is even when I am able to confirm the root certificate is the one which is in my custom ca list the MBEDTLS_X509_BADCERT_NOT_TRUSTED flag can not be modified and my ssl handshake fails

Currently I have a workaround like this in x509_crt_verify_chain() function

if( parent == NULL )
{
#ifdef CALLBACK
*flags |= MBEDTLS_X509_BADCERT_MISSING;
#else
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
#endif
return( 0 );
}

Later in the callback I do root cert verification & if it fails I set

*flags = MBEDTLS_X509_BADCERT_NOT_TRUSTED

However I am not sure if this is the proper way & it does not introduce any security loophole

Would appreciate some suggestions…

2

Hi @tls_user
Thank you for your question!
It is not recommended to modify the code, as it can introduce some security holes, and maintenance problems. However, in your specific change, I don’t see a big hole, as you are stil setting the verification flags to some error.

What is the Mbed TLS version you are using?
We have recently introduced a feature MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK which allows setting trust CA certificate callback verification. Have you considered using this? This feature is not in an official version though.

If you cannot use this feature, you should consider setting the auth mode to optional, when you set the ssl configuration for your development \ debugging purposes:

mbedtls_ssl_conf_authmode( &ssl_conf, MBEDTLS_SSL_VERIFY_OPTIONAL );

Note this configuration makes the tls handshake ignore the certificate verification result and continues the handshake!!! This is not secure, and you will need to check the verification flags after handshake is over!!!

Regards,
Mbed TLS Team member
Ron

3

Thanks Ron for your reply.