path: root/manual/html_node/Certificate-verification.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- This manual is last updated 4 March 2015 for version
3.5.4 of GnuTLS.

Copyright (C) 2001-2015 Free Software Foundation, Inc.\\
Copyright (C) 2001-2015 Nikos Mavrogiannopoulos

Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; with no
Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.  A
copy of the license is included in the section entitled "GNU Free
Documentation License". -->
<!-- Created by GNU Texinfo 6.1, http://www.gnu.org/software/texinfo/ -->
<head>
<title>GnuTLS 3.5.4: Certificate verification</title>

<meta name="description" content="GnuTLS 3.5.4: Certificate verification">
<meta name="keywords" content="GnuTLS 3.5.4: Certificate verification">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="index.html#Top" rel="start" title="Top">
<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index">
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="Advanced-topics.html#Advanced-topics" rel="up" title="Advanced topics">
<link href="Re_002dauthentication.html#Re_002dauthentication" rel="next" title="Re-authentication">
<link href="Session-resumption.html#Session-resumption" rel="prev" title="Session resumption">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: initial; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
body { 
	margin: 2%;
	padding: 0 5%;
	background: #ffffff;
}
h1,h2,h3,h4,h5 {
    font-weight: bold;
    padding: 5px 5px 5px 5px;
    background-color: #c2e0ff;
    color: #336699;
}
h1 {
    padding: 2em 2em 2em 5%;
    color: white;
    background: #336699;
    text-align: center;
    letter-spacing: 3px;
}
h2 { text-decoration: underline; }
pre {
  margin: 0 5%;
  padding: 0.5em;
}
pre.example,pre.verbatim {
  padding-bottom: 1em;

  border: solid #c2e0ff;
  background: #f0faff;
  border-width: 1px 1px 1px 5px;
  margin: 1em auto;
  width: 90%;
}

div.node {
  margin: 0 -5% 0 -2%;
  padding: 0.5em 0.5em;
  margin-top: 0.5em;
  margin-bottom: 0.5em;
  font-weight: bold;
}
dd, li {
  padding-top: 0.1em;
  padding-bottom: 0.1em;
}
div.float {

  margin-bottom: 0.5em;
  text-align: center;
}

table {
  text-align: left;
  margin-left:auto;
  margin-right:auto;
  border-spacing: 7px;
  width: 50%;
}

th {
  padding: 0;
  color: #336699;
  background-color: #c2e0ff;
  border: solid #000000;
  border-width: 0px;
  margin: 1em auto;
  text-align: center;
  margin-left:auto;
  margin-right:auto;
}

td {
  padding: 0;
  border: solid #000000;
  background-color: #f0faff;
  border-width: 0px;
  margin: 1em auto;
  text-align: left;
  margin-left:auto;
  margin-right:auto;
  padding-left: 1em;
}

dl {
  text-align: left;
  margin-left:auto;
  margin-right:auto;
  width: 50%;

  padding-left: 1em;
  border: solid #c2e0ff;
  background: #f0faff;
  border-width: 5px 1px 1px 1px;
  margin: 1em auto;
}

-->
</style>


</head>

<body lang="en">
<a name="Certificate-verification"></a>
<div class="header">
<p>
Next: <a href="Re_002dauthentication.html#Re_002dauthentication" accesskey="n" rel="next">Re-authentication</a>, Previous: <a href="Session-resumption.html#Session-resumption" accesskey="p" rel="prev">Session resumption</a>, Up: <a href="Advanced-topics.html#Advanced-topics" accesskey="u" rel="up">Advanced topics</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
</div>
<hr>
<a name="Certificate-verification-1"></a>
<h4 class="subsection">6.12.2 Certificate verification</h4>
<a name="index-DANE-1"></a>
<a name="index-DNSSEC-1"></a>
<a name="index-SSH_002dstyle-authentication-1"></a>
<a name="index-Trust-on-first-use-1"></a>
<a name="index-Key-pinning-1"></a>
<a name="index-gnutls_005fcertificate_005fverify_005fflags-1"></a>

<p>In this section the functionality for additional certificate verification methods is listed. 
These methods are intended to be used in addition to normal PKI verification, in order to reduce 
the risk of a compromised CA being undetected.
</p>
<a name="Trust-on-first-use"></a>
<h4 class="subsubsection">6.12.2.1 Trust on first use</h4>

<p>The GnuTLS library includes functionality to use an SSH-like trust on first use authentication.
The available functions to store and verify public keys are listed below.
</p>




<dl>
<dt><a name="index-gnutls_005fverify_005fstored_005fpubkey"></a>Function: <em>int</em> <strong>gnutls_verify_stored_pubkey</strong> <em>(const char * <var>db_name</var>, gnutls_tdb_t <var>tdb</var>, const char * <var>host</var>, const char * <var>service</var>, gnutls_certificate_type_t <var>cert_type</var>, const gnutls_datum_t * <var>cert</var>, unsigned int <var>flags</var>)</em></dt>
<dd><p><var>db_name</var>: A file specifying the stored keys (use NULL for the default)
</p>
<p><var>tdb</var>: A storage structure or NULL to use the default
</p>
<p><var>host</var>: The peer&rsquo;s name
</p>
<p><var>service</var>: non-NULL if this key is specific to a service (e.g. http)
</p>
<p><var>cert_type</var>: The type of the certificate
</p>
<p><var>cert</var>: The raw (der) data of the certificate
</p>
<p><var>flags</var>: should be 0.
</p>
<p>This function will try to verify the provided (raw or DER-encoded) certificate 
using a list of stored public keys.  The  <code>service</code> field if non-NULL should
be a port number.
</p>
<p>The  <code>retrieve</code> variable if non-null specifies a custom backend for
the retrieval of entries. If it is NULL then the
default file backend will be used. In POSIX-like systems the
file backend uses the $HOME/.gnutls/known_hosts file.
</p>
<p>Note that if the custom storage backend is provided the
retrieval function should return <code>GNUTLS_E_CERTIFICATE_KEY_MISMATCH</code> 
if the host/service pair is found but key doesn&rsquo;t match,
<code>GNUTLS_E_NO_CERTIFICATE_FOUND</code>  if no such host/service with
the given key is found, and 0 if it was found. The storage
function should return 0 on success.
</p>
<p><strong>Returns:</strong> If no associated public key is found
then <code>GNUTLS_E_NO_CERTIFICATE_FOUND</code>  will be returned. If a key
is found but does not match <code>GNUTLS_E_CERTIFICATE_KEY_MISMATCH</code> 
is returned. On success, <code>GNUTLS_E_SUCCESS</code>  (0) is returned, 
or a negative error value on other errors.
</p>
<p><strong>Since:</strong> 3.0.13
</p></dd></dl>




<dl>
<dt><a name="index-gnutls_005fstore_005fpubkey"></a>Function: <em>int</em> <strong>gnutls_store_pubkey</strong> <em>(const char * <var>db_name</var>, gnutls_tdb_t <var>tdb</var>, const char * <var>host</var>, const char * <var>service</var>, gnutls_certificate_type_t <var>cert_type</var>, const gnutls_datum_t * <var>cert</var>, time_t <var>expiration</var>, unsigned int <var>flags</var>)</em></dt>
<dd><p><var>db_name</var>: A file specifying the stored keys (use NULL for the default)
</p>
<p><var>tdb</var>: A storage structure or NULL to use the default
</p>
<p><var>host</var>: The peer&rsquo;s name
</p>
<p><var>service</var>: non-NULL if this key is specific to a service (e.g. http)
</p>
<p><var>cert_type</var>: The type of the certificate
</p>
<p><var>cert</var>: The data of the certificate
</p>
<p><var>expiration</var>: The expiration time (use 0 to disable expiration)
</p>
<p><var>flags</var>: should be 0.
</p>
<p>This function will store the provided (raw or DER-encoded) certificate to 
the list of stored public keys. The key will be considered valid until 
the provided expiration time.
</p>
<p>The  <code>store</code> variable if non-null specifies a custom backend for
the storage of entries. If it is NULL then the
default file backend will be used.
</p>
<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code>  (0) is returned, otherwise a
negative error value.
</p>
<p><strong>Since:</strong> 3.0.13
</p></dd></dl>

<p>In addition to the above the <a href="Core-TLS-API.html#gnutls_005fstore_005fcommitment">gnutls_store_commitment</a> can be 
used to implement a key-pinning architecture as in [<em>KEYPIN</em>]. 
This provides a way for web server to commit on a public key that is
not yet active.
</p>




<dl>
<dt><a name="index-gnutls_005fstore_005fcommitment"></a>Function: <em>int</em> <strong>gnutls_store_commitment</strong> <em>(const char * <var>db_name</var>, gnutls_tdb_t <var>tdb</var>, const char * <var>host</var>, const char * <var>service</var>, gnutls_digest_algorithm_t <var>hash_algo</var>, const gnutls_datum_t * <var>hash</var>, time_t <var>expiration</var>, unsigned int <var>flags</var>)</em></dt>
<dd><p><var>db_name</var>: A file specifying the stored keys (use NULL for the default)
</p>
<p><var>tdb</var>: A storage structure or NULL to use the default
</p>
<p><var>host</var>: The peer&rsquo;s name
</p>
<p><var>service</var>: non-NULL if this key is specific to a service (e.g. http)
</p>
<p><var>hash_algo</var>: The hash algorithm type
</p>
<p><var>hash</var>: The raw hash
</p>
<p><var>expiration</var>: The expiration time (use 0 to disable expiration)
</p>
<p><var>flags</var>: should be 0.
</p>
<p>This function will store the provided hash commitment to 
the list of stored public keys. The key with the given
hash will be considered valid until the provided expiration time.
</p>
<p>The  <code>store</code> variable if non-null specifies a custom backend for
the storage of entries. If it is NULL then the
default file backend will be used.
</p>
<p>Note that this function is not thread safe with the default backend.
</p>
<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code>  (0) is returned, otherwise a
negative error value.
</p>
<p><strong>Since:</strong> 3.0
</p></dd></dl>

<p>The storage and verification functions may be used with the default
text file based back-end, or another back-end may be specified. That
should contain storage and retrieval functions and specified as below.
</p>
<dl compact="compact">
<dt><code><var>int</var> <a href="Core-TLS-API.html#gnutls_005ftdb_005finit">gnutls_tdb_init</a> (gnutls_tdb_t * <var>tdb</var>)</code></dt>
<dt><code><var>void</var> <a href="Core-TLS-API.html#gnutls_005ftdb_005fdeinit">gnutls_tdb_deinit</a> (gnutls_tdb_t <var>tdb</var>)</code></dt>
<dt><code><var>void</var> <a href="Core-TLS-API.html#gnutls_005ftdb_005fset_005fverify_005ffunc">gnutls_tdb_set_verify_func</a> (gnutls_tdb_t <var>tdb</var>, gnutls_tdb_verify_func <var>verify</var>)</code></dt>
<dt><code><var>void</var> <a href="Core-TLS-API.html#gnutls_005ftdb_005fset_005fstore_005ffunc">gnutls_tdb_set_store_func</a> (gnutls_tdb_t <var>tdb</var>, gnutls_tdb_store_func <var>store</var>)</code></dt>
<dt><code><var>void</var> <a href="Core-TLS-API.html#gnutls_005ftdb_005fset_005fstore_005fcommitment_005ffunc">gnutls_tdb_set_store_commitment_func</a> (gnutls_tdb_t <var>tdb</var>, gnutls_tdb_store_commitment_func        <var>cstore</var>)</code></dt>
</dl>

<a name="DANE-verification"></a>
<h4 class="subsubsection">6.12.2.2 DANE verification</h4>
<p>Since the DANE library is not included in GnuTLS it requires programs
to be linked against it. This can be achieved with the following commands.
</p>
<div class="example">
<pre class="example">gcc -o foo foo.c `pkg-config gnutls-dane --cflags --libs`
</pre></div>

<p>When a program uses the GNU autoconf system, then the following
line or similar can be used to detect the presence of the library.
</p>
<div class="example">
<pre class="example">PKG_CHECK_MODULES([LIBDANE], [gnutls-dane &gt;= 3.0.0])

AC_SUBST([LIBDANE_CFLAGS])
AC_SUBST([LIBDANE_LIBS])
</pre></div>

<p>The high level functionality provided by the DANE library is shown below.
</p>




<dl>
<dt><a name="index-dane_005fverify_005fcrt"></a>Function: <em>int</em> <strong>dane_verify_crt</strong> <em>(dane_state_t <var>s</var>, const gnutls_datum_t * <var>chain</var>, unsigned <var>chain_size</var>, gnutls_certificate_type_t <var>chain_type</var>, const char * <var>hostname</var>, const char * <var>proto</var>, unsigned int <var>port</var>, unsigned int <var>sflags</var>, unsigned int <var>vflags</var>, unsigned int * <var>verify</var>)</em></dt>
<dd><p><var>s</var>: A DANE state structure (may be NULL)
</p>
<p><var>chain</var>: A certificate chain
</p>
<p><var>chain_size</var>: The size of the chain
</p>
<p><var>chain_type</var>: The type of the certificate chain
</p>
<p><var>hostname</var>: The hostname associated with the chain
</p>
<p><var>proto</var>: The protocol of the service connecting (e.g. tcp)
</p>
<p><var>port</var>: The port of the service connecting (e.g. 443)
</p>
<p><var>sflags</var>: Flags for the the initialization of  <code>s</code> (if NULL)
</p>
<p><var>vflags</var>: Verification flags; an OR&rsquo;ed list of <code>dane_verify_flags_t</code> .
</p>
<p><var>verify</var>: An OR&rsquo;ed list of <code>dane_verify_status_t</code> .
</p>
<p>This function will verify the given certificate chain against the
CA constrains and/or the certificate available via DANE.
If no information via DANE can be obtained the flag <code>DANE_VERIFY_NO_DANE_INFO</code> 
is set. If a DNSSEC signature is not available for the DANE
record then the verify flag <code>DANE_VERIFY_NO_DNSSEC_DATA</code>  is set.
</p>
<p>Due to the many possible options of DANE, there is no single threat
model countered. When notifying the user about DANE verification results
it may be better to mention: DANE verification did not reject the certificate,
rather than mentioning a successful DANE verication.
</p>
<p>Note that this function is designed to be run in addition to
PKIX - certificate chain - verification. To be run independently
the <code>DANE_VFLAG_ONLY_CHECK_EE_USAGE</code>  flag should be specified; 
then the function will check whether the key of the peer matches the
key advertized in the DANE entry.
</p>
<p><strong>Returns:</strong> a negative error code on error and <code>DANE_E_SUCCESS</code>  (0)
when the DANE entries were successfully parsed, irrespective of
whether they were verified (see  <code>verify</code> for that information). If
no usable entries were encountered <code>DANE_E_REQUESTED_DATA_NOT_AVAILABLE</code> 
will be returned.
</p></dd></dl>

<dl compact="compact">
<dt><code><var>int</var> <a href="DANE-API.html#dane_005fverify_005fsession_005fcrt">dane_verify_session_crt</a> (dane_state_t <var>s</var>, gnutls_session_t <var>session</var>, const char * <var>hostname</var>, const char * <var>proto</var>, unsigned int <var>port</var>, unsigned int <var>sflags</var>, unsigned int <var>vflags</var>, unsigned int * <var>verify</var>)</code></dt>
<dt><code><var>const char *</var> <a href="DANE-API.html#dane_005fstrerror">dane_strerror</a> (int <var>error</var>)</code></dt>
</dl>

<p>Note that the <code>dane_state_t</code> structure that is accepted by both
verification functions is optional. It is required when many queries
are performed to optimize against multiple re-initializations of the
resolving back-end and loading of DNSSEC keys.
</p>
<p>The following flags are returned by the verify functions to
indicate the status of the verification.
</p>
<div class="float"><a name="dane_005fverify_005fstatus_005ft"></a>


<dl compact="compact">
<dt><code>DANE_VERIFY_CA_CONSTRAINTS_VIOLATED</code></dt>
<dd><p>The CA constraints were violated.
</p></dd>
<dt><code>DANE_VERIFY_CERT_DIFFERS</code></dt>
<dd><p>The certificate obtained via DNS differs.
</p></dd>
<dt><code>DANE_VERIFY_UNKNOWN_DANE_INFO</code></dt>
<dd><p>No known DANE data was found in the DNS record.
</p></dd>
</dl>

<div class="float-caption"><p><strong>Figure 6.2: </strong>The DANE verification status flags.</p></div></div>
<p>In order to generate a DANE TLSA entry to use in a DNS server 
you may use danetool (see <a href="danetool-Invocation.html#danetool-Invocation">danetool Invocation</a>).
</p>


<hr>
<div class="header">
<p>
Next: <a href="Re_002dauthentication.html#Re_002dauthentication" accesskey="n" rel="next">Re-authentication</a>, Previous: <a href="Session-resumption.html#Session-resumption" accesskey="p" rel="prev">Session resumption</a>, Up: <a href="Advanced-topics.html#Advanced-topics" accesskey="u" rel="up">Advanced topics</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
</div>



</body>
</html>