1 前言
在近期的工作项目中涉及到了证书吊销列表(CRL)相关的一些知识,打算记录一下自己写的一个通过CRL验证自签名证书有效性的测试程序,并分享遇到的一些坑。
下面几小节会介绍一些基础知识,熟悉的话可直接跳过。最后的代码方面,主要是一个生成证书和CRL的shell脚本,以及测试openssl C api的C程序。
源码已上传github,可点击该link跳转。
2 基础知识
讨论测试程序前先简单说明一下SSL、CA、CRL的概念。
SSL(Secure Sockets Layer)是一种安全协议,用于在因特网上的两个系统(比如,一个web浏览器和一个web服务器)之间建立一个加密的连接。这种连接可以确保在这两个系统之间传输的信息的保密性和完整性,防止被未经授权的第三方窃取或篡改。
在SSL连接的建立过程中,一个关键的步骤是数字证书的验证。数字证书是一种数字文件,它绑定了一个实体(例如,一个web服务器或者一个组织)和一个公钥。数字证书由一个受信任的第三方机构,称为证书颁发机构(CA)签发。当一个系统(例如,一个web浏览器)试图与另一个系统(例如,一个web服务器)建立SSL连接时,它会检查服务器的数字证书以确认服务器的身份。
这就是CRL(证书撤销列表)发挥作用的地方。CRL是由CA发布的,包含了所有被撤销的,即不再被信任的数字证书的列表。一个证书可能会被撤销,原因包括但不限于私钥被泄露,证书被误发,或者证书所有者不再需要该证书。
当一个系统在验证一个数字证书的有效性时,它会检查CRL以确保证书没有被撤销。如果证书在CRL中,那么该系统会拒绝与提供该证书的系统建立SSL连接,因为这可能意味着连接的安全性无法得到保证。
因此,SSL和CRL是密切相关的。通过CRL,SSL可以确保在建立的每一个安全连接中,都只使用仍然有效和可信的数字证书。
这里补充几个坑点:
- 证书的验证发生在SSL握手时,证书验证失败的原因可以有很多,其中,证书被吊销与证书过期是两个不同的概念,需要注意区分;
- 当提供了多个CRL时,需要注意CRL的issuer(颁发者)和last update time(颁发日期),若有多个颁发者相同的CRL,若颁发日期不同,则会只生效最新颁发的那个CRL,若颁发者与颁发日期全都一致,则会只生效CRL链中最靠前的那个CRL。
3 Openssl C api
这里挑几个重要的api函数说明一下。
X509_STORE_add_crl
原型声明:int X509_STORE_add_crl(X509_STORE *store, X509_CRL *x);
作用:将CRL加入到store中。
X509_STORE_set_flags
原型声明:void X509_STORE_set_flags(X509_STORE *store, unsigned long flags);
作用:设置模式,只有开启了CRL校验模式,才会在校验证书时对照CRL进行检查。
[注1] 本测试中使用的是X509_STORE_CTX_set_flags函数,X509_STORE存储的是证书和CRL等实体,而X509_STORE_CTX存储的是包括这些实体在内的上下文,本篇不会详细说明关于X509_STORE与X509_STORE_CTX的具体区别。
[注2] 关于这里的flag参数还有个坑点,若要开启CRL校验,涉及的参数有X509_V_FLAG_CRL_CHECK
与X509_V_FLAG_CRL_CHECK_ALL
,前者表示开启CRL校验但只校验"叶子节点证书",后者表示校验整个证书链,如果只传入后者,则CRL校验并不会生效。这是由于源码中在检查完X509_V_FLAG_CRL_CHECK
标志后发现标志未设置就直接返回了,所以,若要校验整个证书链,传入的参数需要是X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL
。
X509_verify_cert
原型声明:int X509_verify_cert(X509_STORE_CTX *ctx);
作用:校验证书。
[注] 该函数只是用于本测试程序使用,实际客户端-服务端场景的SSL连接中,不需要专门调用该api进行CRL检查,当执行到ssl_do_handshake
函数时,如果CRL已正确加载到store中且标志设置正确,ssl会自动对照CRL进行检查。
4 测试代码
测试前请先确保环境中已安装openssl与openssl-dev(CentOS装这个)或libssl-dev(Debian系装这个),本测试实验环境:
~# dpkg -l |grep libssl
ii libssl-dev:amd64 1.1.1f-1ubuntu2.18 amd64 Secure Sockets Layer toolkit - development files
ii libssl1.1:amd64 1.1.1f-1ubuntu2.18 amd64 Secure Sockets Layer toolkit - shared libraries
~# openssl version
OpenSSL 1.1.1f 31 Mar 2020
~# cat /proc/version
Linux version 5.4.0-47-generic (buildd@lcy01-amd64-014) (gcc version 9.3.0 (Ubuntu 9.3.0-10ubuntu2)) #51-Ubuntu SMP Fri Sep 4 19:50:52 UTC 2020
4.1 测试脚本
以下是证书与CRL文件的生成脚本。脚本运行完成后,在同级目录中可见到一个新生成的certsDir
目录,里面会存放我们后续将使用到的文件。
#!/bin/bash
echo "<<<<<<<<<<< Start generating certificates and CRL ... >>>>>>>>>>>>>>>>"
outpath="certsDir"
configFile="openssl.cnf"
cert1="cert"
cert2="cert-revoked"
# Initialize
rm -rf ${outpath}
mkdir ${outpath}
cd ${outpath}
# Prepare configuratoin files
touch index.txt
echo 01 > serial
echo 1000 > crlnumber
chmod 600 index.txt serial crlnumber
cat <<EOF > ${configFile}
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = ./ # Where everything is kept
certs = ./ # Where the issued certs are kept
crl_dir = ./ # Where the issued crl are kept
database = ./index.txt # database index file.
new_certs_dir = ./newcerts # default place for new certs.
certificate = ./ca-cert.pem # The CA certificate
serial = ./serial # The current serial number
crlnumber = ./crlnumber # the current crl number
crl = ./crl.pem # The current CRL
private_key = ./ca-key.pem # The private key
x509_extensions = cert # The extensions to add to the cert
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # use SHA-256 by default
preserve = no # keep passed DN ordering
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = IN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Karnataka
localityName = Locality Name (eg, city)
localityName_default = Bengaluru
0.organizationName = Organization Name (eg, company)
0.organizationName_default = GoLinuxCloud
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Admin
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:true
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
authorityKeyIdentifier=keyid:always
EOF
echo "<<<<<<<<<<<<<< Generating CA certificate... >>>>>>>>>>>>"
# Generate a self-signed CA certificate
openssl genrsa -out ca-key.pem 2048
openssl req -x509 -new -key ca-key.pem -out ca-cert.pem -days 365 -nodes -subj "/CN=My Root CA"
echo "<<<<<<<<<<<<<< Generating certificate... >>>>>>>>>>>>"
# Generate a certificate signing request (CSR) for a new certificate
openssl genrsa -out cert-key.pem 2048
openssl req -new -key cert-key.pem -out cert.csr -nodes -subj "/CN=example.com"
# Sign the certificate with the CA certificate to create the new certificate
openssl x509 -req -in cert.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -days 365
echo "<<<<<<<<<<<<<< Generating revoked certificate... >>>>>>>>>>>>>>>>"
# Same way to create a new certificate which ready to be revoked
openssl genrsa -out ${cert2}-key.pem 2048
openssl req -new -key ${cert2}-key.pem -out ${cert2}.csr -nodes -subj "/CN=example.com"
openssl x509 -req -in ${cert2}.csr -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out ${cert2}.pem -days 365
echo "<<<<<<<<<<<<<< Generating CRL... >>>>>>>>>>>>>>>>"
# Generate a CRL (Certificate Revocation List) that revokes the new certificate
openssl ca --config ${configFile} -revoke ${cert2}.pem
openssl ca --config ${configFile} -gencrl -out crl.pem
openssl crl -in crl.pem -noout -text
echo "Finished."
4.2 测试程序
该程序将会读取之前脚本生成目录下的CA证书、CRL文件以及一个未被吊销证书与一个被吊销证书,之后,分别对两个证书对照CRL进行校验,并打印校验的结果。注意,这里只涉及到单个CRL的校验场景,对于多个CRL的场景,请注意考虑我在第2小节中添加的说明。
/**
* Copyright(C) TappaT 2023. All rights reserved.
*
* @author TappaT
* @date 4/22/2023
*
*/
#include <stdio.h>
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>
#include <openssl/pem.h>
#define CA_FILE "certsDir/ca-cert.pem"
#define CRL_FILE "certsDir/crl.pem"
#define CERT_FILE "certsDir/cert.pem"
#define REVOKED_CERT_FILE "certsDir/cert-revoked.pem"
static int verify_cert(X509 *ca, X509 *cert, X509_CRL *crl, const char* filePath)
{
X509_STORE *store;
X509_STORE_CTX *ctx;
int ret;
/* Initialize the X509 store */
store = X509_STORE_new();
if (!store) {
printf("Error: Unable to create X509 store\n");
return -1;
}
/* Add the CA certificate to the X509 store */
ret = X509_STORE_add_cert(store, ca);
if (!ret) {
printf("Error: Unable to add CA certificate to X509 store\n");
return -1;
}
/* Add the CRL to the X509 store */
ret = X509_STORE_add_crl(store, crl);
if (!ret) {
printf("Error: Unable to add CRL to X509 store\n");
return -1;
}
/* Initialize the X509 store context */
ctx = X509_STORE_CTX_new();
if (!ctx) {
printf("Error: Unable to create X509 store context\n");
return -1;
}
/* Set the certificate to be verified in the X509 store context */
ret = X509_STORE_CTX_init(ctx, store, cert, NULL);
if (!ret) {
printf("Error: Unable to set certificate to be verified in X509 store context\n");
return -1;
}
/* Enable CRL checking in the X509 store context */
X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
/* Verify the certificate */
ret = X509_verify_cert(ctx);
if (ret == 1) {
printf("Certificate %s verified\n", filePath);
} else if (ret == 0) {
printf("Certificate %s revoked\n", filePath);
} else {
printf("Certificate %s verification failed\n", filePath);
}
/* Cleanup */
X509_STORE_CTX_free(ctx);
X509_STORE_free(store);
return 0;
}
int main()
{
X509 *cert, *revoked_cert, *ca;
X509_CRL *crl;
FILE *ca_file;
FILE *crl_file;
FILE *cert_file;
FILE *revoked_cert_file;
/* Load the CA certificate into memory */
ca_file = fopen(CA_FILE, "r");
if (!ca_file) {
printf("Error: Unable to open CA file\n");
return -1;
}
ca = PEM_read_X509(ca_file, NULL, NULL, NULL);
fclose(ca_file);
/* Load the CRL into memory */
crl_file = fopen(CRL_FILE, "r");
if (!crl_file) {
printf("Error: Unable to open CRL file\n");
return -1;
}
crl = PEM_read_X509_CRL(crl_file, NULL, NULL, NULL);
fclose(crl_file);
/* Load the certificate to be verified into memory */
cert_file = fopen(CERT_FILE, "r");
if (!cert_file) {
printf("Error: Unable to open certificate file\n");
return -1;
}
cert = PEM_read_X509(cert_file, NULL, NULL, NULL);
fclose(cert_file);
if (verify_cert(ca, cert, crl, CERT_FILE) != 0) {
printf("Failed to verify certificate.\n");
return -1;
}
/* Load the revoked certificate into memory */
revoked_cert_file = fopen(REVOKED_CERT_FILE, "r");
if (!revoked_cert_file) {
printf("Error: Unable to open certificate file\n");
return -1;
}
revoked_cert = PEM_read_X509(revoked_cert_file, NULL, NULL, NULL);
fclose(revoked_cert_file);
if (verify_cert(ca, revoked_cert, crl, REVOKED_CERT_FILE) != 0) {
printf("Failed to verify certificate.\n");
return -1;
}
/* Cleanup */
X509_CRL_free(crl);
X509_free(ca);
X509_free(cert);
X509_free(revoked_cert);
return 0;
}
[注] gcc编译时注意带上参数-lcrypto -lssl
这里再贴一下代码链接。