Request for improved SSL server certificate verification

[sodabrew]

From @SpComb on faye/faye-websocket-ruby#101 (comment)

I'm not entirely sure if this is the right PR/issue to discuss this on, but I can briefly summarize what EM support I think would be required for implementing SSL clients with server certificate verification,

Listed in terms of the exposed libssl APIs:

• SSL_CTX_load_verify_locations Supported in Enhance ssl verification to make hostname matching possible #378 by extending EventMachine::set_tls_parms

• SSL_CTX_set_verify with SSL_VERIFY_PEER: already supported in EM:

  eventmachine/ext/ssl.cpp

  Lines 341 to 346 in bc9e2fa

  	if (bVerifyPeer) {
  	int mode = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
  	if (bFailIfNoPeerCert)
  	mode = mode | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
  	SSL_set_verify(pSSL, mode, ssl_verify_wrapper);
  	}

• The SSL_set_verify(..., ssl_verify_wrapper) callback MUST return false by default if called with !preverify_ok.

The ssl_verify_wrapper ignoring the preverify_ok parameter is the most blatantly broken part of the implementation, because this effectively bypasses all of the libssl certificate validation logic 👿

Based on my reading of the docs and issues like #275, I suspect this even includes very fundamental things like "the private key used to sign the session key matches the public key in the certificate".

• SSL_get_peer_certificate: already supported in

  eventmachine/ext/ssl.cpp

  Lines 532 to 540 in bc9e2fa

  	X509 *SslBox_t::GetPeerCert()
  	{
  	X509 *cert = NULL;
  	if (pSSL)
  	cert = SSL_get_peer_certificate(pSSL);
  	return cert;
  	}

  ?

I think the SSL_CTX_load_verify_locations + preverify_ok changes would be the bare minimum that would be required. These also match the changes dicussed/implemented in #378

Additional bonus points for:

SSL_get_verify_result + X509_verify_cert_error_string to allow the application to report more useful error messages than just "certificate verification failed"

Some convenience wrapper for the cert subject/hostname validation - ideally there should be some kind of secure: true/false boolean that doesn't require each client developer to research and write their own certificate verification wrappers for the vast majority of usecases

I think Ruby's OpenSSL::SSL.verify_certificate_identity can probably be used by applications together with the SSL_get_peer_certificate API, so it doesn't necessarily need to be part of EM itself.

[sodabrew]

No, sorry. The current versions do not offer complete cert verification.