Fix SSL verification

Currently SSL verification is broken as SSL_get_verify_result(3) is not
supposed to be called in the verify callback, but afterwards.  Thus
currently the wrong error code is checked.
Re-implement the callback similar to the example from SSL_set_verify(3).

Author: cgzones

src/netlog/netlog-dtls.c

@@ -202,6 +202,7 @@ int dtls_manager_init(OpenSSLCertificateAuthMode auth_mode, DTLSManager **ret) {
                                        "DTLS: Failed to allocate memory for SSL CTX: %m");
 
         SSL_CTX_set_default_verify_paths(ctx);
+        SSL_CTX_set_verify_depth(ctx, VERIFICATION_DEPTH + 1);
 
         m = new(DTLSManager, 1);
         if (!m)

src/netlog/netlog-ssl.c

@@ -6,95 +6,76 @@
 #include "openssl-util.h"
 #include "socket-util.h"
 
+#include "netlog-dtls.h"
 #include "netlog-tls.h"
 
-int ssl_verify_certificate_validity(int s, X509_STORE_CTX *store) {
-        SSL* ssl = X509_STORE_CTX_get_ex_data(store, SSL_get_ex_data_X509_STORE_CTX_idx());
+static_assert(offsetof(TLSManager, auth_mode) == offsetof(DTLSManager, auth_mode));
+
+/* inspired by SSL_set_verify(3) */
+int ssl_verify_certificate_validity(int preverify_ok, X509_STORE_CTX *store) {
+        const SSL* ssl = X509_STORE_CTX_get_ex_data(store, SSL_get_ex_data_X509_STORE_CTX_idx());
         const char *pretty = (const char *) SSL_get_ex_data(ssl, EX_DATA_PRETTYADDRESS);
-        _cleanup_(OPENSSL_freep) void *subject = NULL, *issuer = NULL;
-        TLSManager *m = (TLSManager *) SSL_get_ex_data(ssl, EX_DATA_TLSMANAGER);
-        X509 *cert = X509_STORE_CTX_get_current_cert(store);
+        const TLSManager *m = (const TLSManager *) SSL_get_ex_data(ssl, EX_DATA_TLSMANAGER);
+        const X509 *error_cert = X509_STORE_CTX_get_current_cert(store);
         int depth = X509_STORE_CTX_get_error_depth(store);
         int error = X509_STORE_CTX_get_error(store);
-        int verify_mode = SSL_get_verify_mode(ssl);
-        long rc;
+        char subject_buf[256];
+        char issuer_buf[256];
+        int log_level;
 
         assert(store);
+        assert(pretty);
+        assert(m);
 
-        log_debug("TLS: Verifying SSL certificates of server: %s", pretty);
-
-        if (cert) {
-                subject = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
-                issuer = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
-        }
+        X509_NAME_oneline(X509_get_subject_name(error_cert), subject_buf, sizeof(subject_buf));
+        X509_NAME_oneline(X509_get_issuer_name(error_cert), issuer_buf, sizeof(issuer_buf));
 
-        if (verify_mode == SSL_VERIFY_NONE) {
-                 log_debug("TLS: SSL Certificate validation DISABLED but Error at depth: %d, issuer=%s, subject=%s: server=%s %s",
-                           depth, (char *) subject, (char *) issuer, pretty, X509_verify_cert_error_string(error));
+        log_debug("TLS: Verifying SSL certificates of server %s: certificate: subject='%s' issuer='%s' depth=%d preverify_ok=%d error=%d/%s ...",
+                  pretty, subject_buf, issuer_buf, depth, preverify_ok, error, X509_verify_cert_error_string(error));
 
-                 return 1;
+        if (depth > VERIFICATION_DEPTH) {
+                /*
+                 * From man:SSL_set_verif(3):
+                 *
+                 *   Catch a too long certificate chain. The depth limit set using
+                 *   SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
+                 *   that whenever the "depth>verify_depth" condition is met, we
+                 *   have violated the limit and want to log this error condition.
+                 *   We must do it here, because the CHAIN_TOO_LONG error would not
+                 *   be found explicitly; only errors introduced by cutting off the
+                 *   additional certificates would be logged.
+                 */
+                preverify_ok = 0;
+                error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+                X509_STORE_CTX_set_error(store, error);
         }
 
-        rc = SSL_get_verify_result(ssl);
-        if (rc != X509_V_OK) {
-                switch(rc) {
-                        case X509_V_ERR_CERT_HAS_EXPIRED: {
-                                switch (m->auth_mode) {
-                                        case OPEN_SSL_CERTIFICATE_AUTH_MODE_DENY: {
-                                                log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                                                "TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(rc));
-                                                return 0;
-                                        }
-                                                break;
-                                        case OPEN_SSL_CERTIFICATE_AUTH_MODE_WARN: {
-                                                log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
-                                                                  "TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(rc));
-
-                                                return 1;
-                                        }
-                                                break;
-                                        case OPEN_SSL_CERTIFICATE_AUTH_MODE_ALLOW: {
-                                                log_debug("TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(rc));
-                                                return 1;
-                                        }
-
-                                                break;
-                                        default:
-                                                break;
-                                }}
-                                break;
-                        case X509_V_ERR_CERT_REVOKED: {
-                                switch (m->auth_mode) {
-                                        case OPEN_SSL_CERTIFICATE_AUTH_MODE_DENY: {
-                                                log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                                                "TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(rc));
-                                                return 0;
-                                        }
-                                                break;
-                                        case OPEN_SSL_CERTIFICATE_AUTH_MODE_WARN: {
-                                                log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
-                                                                  "TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(rc));
+        if (preverify_ok) {
+                log_debug("TLS: Verified SSL certificate of server=%s (certificate: subject='%s' issuer='%s' depth=%d): %s",
+                          pretty, subject_buf, issuer_buf, depth, X509_verify_cert_error_string(error));
+                return preverify_ok;
+        }
 
-                                                return 1;
-                                        }
-                                                break;
-                                        case OPEN_SSL_CERTIFICATE_AUTH_MODE_ALLOW: {
-                                                log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
-                                                                "TLS: Failed to verify certificate server=%s: %s", pretty, X509_verify_cert_error_string(rc));
-                                                return 1;
-                                        }
-                                                break;
-                                        default:
-                                                break;
-                                }}
-                                break;
-                        default:
-                                log_error("TLS: Failed to validate remote certificate server=%s: %s. Aborting connection ...", pretty, X509_verify_cert_error_string(rc));
-                                return 0;
-                }
+        switch (m->auth_mode) {
+                case OPEN_SSL_CERTIFICATE_AUTH_MODE_DENY:
+                        log_level = LOG_ERR;
+                        break;
+                case OPEN_SSL_CERTIFICATE_AUTH_MODE_WARN:
+                        log_level = LOG_WARNING;
+                        preverify_ok = 1;
+                        break;
+                case OPEN_SSL_CERTIFICATE_AUTH_MODE_ALLOW:
+                        log_level = LOG_DEBUG;
+                        preverify_ok = 1;
+                        break;
+                default:
+                        assert_not_reached("Invalid certificate authentication mode"); /* mode NO does not set this callback */
         }
 
-        log_debug("TLS: SSL certificates verified server=%s: %s", pretty, X509_verify_cert_error_string(rc));
+        log_full(log_level, "TLS: Failed to verify certificate of server=%s (certificate: subject='%s' issuer='%s' depth=%d)%s: %s",
+                            pretty, subject_buf, issuer_buf, depth,
+                            preverify_ok ? ", ignoring" : "",
+                            X509_verify_cert_error_string(error));
 
-        return 1;
+        return preverify_ok;
 }

src/netlog/netlog-ssl.h

@@ -5,9 +5,11 @@
 
 #include "macro.h"
 
+#define VERIFICATION_DEPTH 20
+
 #define EX_DATA_TLSMANAGER 0
 #define EX_DATA_PRETTYADDRESS 1
 
-int ssl_verify_certificate_validity(int status, X509_STORE_CTX *store);
+int ssl_verify_certificate_validity(int preverify_ok, X509_STORE_CTX *store);
 
 DEFINE_TRIVIAL_CLEANUP_FUNC(SSL_CTX*, SSL_CTX_free);

src/netlog/netlog-tls.c

@@ -202,6 +202,7 @@ int tls_manager_init(OpenSSLCertificateAuthMode auth, TLSManager **ret ) {
                                        "TLS: Failed to allocate memory for SSL CTX: %m");
 
         SSL_CTX_set_default_verify_paths(ctx);
+        SSL_CTX_set_verify_depth(ctx, VERIFICATION_DEPTH + 1);
 
         m = new(TLSManager, 1);
         if (!m)