ASN.1 Handling / certificate verification

[colmmacc]

At present, s2n does not parse certificates; it's desirable to parse the certificates in order to support certificate authentication and validation.

[vlm]

I would recommend to use github.com/vlm/asn1c ASN.1 compiler to generate DER handling for RFC3280. It was designed to support OpenSSL use cases. I can help with that.

[briansmith]

I looked at the code, particularly the block marked "/* TODO: certificate validation goes here */" at [1]. FYI, certificate verification requires the stapled OCSP response (if any) and the entire list of certificates sent by the server, so that's not the right place to put it.

In NSS, I did the following: If the server did not advertise the OCSP stapling extension, then validate the certificate immediately after collecting the entire certificate chain. Otherwise, wait until we know if the server sent a stapled OCSP response (the server might advertise the OCSP stapling extension, but then skip sending the CertificateStatus message), and validate the certificate after receiving the next message (CertificateStatus or a message that would come after CertificateStatus, implying that CertificateStatus was skipped).

Also, decide if you want certificate validation to be synchronous or asynchronous, because that has a notable effect on things.

Besides having access to the stapled OCSP response and server's sent certificate chain, it is also helpful for the certificate verification logic to be given the key exchange algorithm used in the negotiated cipher suite, so that it can enforce the correct constraint for the certificate's KeyUsage extension.

[1] https://github.com/awslabs/s2n/blob/748ed608f68f6a184a062986d32d64c10dbe0df2/tls/s2n_server_cert.c#L54

[samrushing]

I am the author of https://github.com/cloudtools/tinyber (among other projects, I've been working with asn.1 for 15+ years). I'm a big believer in code generators, especially for security-sensitive code. I could make a simple code generator similar to tinyber's that would emit code directly against the stuffer API. I have worked with x509 in the past, including implementing OCSP.

[alexw91]

Our PR for initial integration with OpenSSL's x509 validation API's was just merged last night: #618

It's currently not enabled by default since we want to add more X509 integration tests (which are being tracked separately), but for now this issue for adding X509 Certificate Validation is completed.

If anyone has any comments or concerns about our current OpenSSL integration please do let us know. Commenting here, or opening a separate issue is fine.