1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk KimSSL_check_chain - check certificate chain suitability 6e71b7053SJung-uk Kim 7e71b7053SJung-uk Kim=head1 SYNOPSIS 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim #include <openssl/ssl.h> 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); 12e71b7053SJung-uk Kim 13e71b7053SJung-uk Kim=head1 DESCRIPTION 14e71b7053SJung-uk Kim 15e71b7053SJung-uk KimSSL_check_chain() checks whether certificate B<x>, private key B<pk> and 16e71b7053SJung-uk Kimcertificate chain B<chain> is suitable for use with the current session 17e71b7053SJung-uk KimB<s>. 18e71b7053SJung-uk Kim 19e71b7053SJung-uk Kim=head1 RETURN VALUES 20e71b7053SJung-uk Kim 21e71b7053SJung-uk KimSSL_check_chain() returns a bitmap of flags indicating the validity of the 22e71b7053SJung-uk Kimchain. 23e71b7053SJung-uk Kim 24e71b7053SJung-uk KimB<CERT_PKEY_VALID>: the chain can be used with the current session. 25e71b7053SJung-uk KimIf this flag is B<not> set then the certificate will never be used even 26e71b7053SJung-uk Kimif the application tries to set it because it is inconsistent with the 27e71b7053SJung-uk Kimpeer preferences. 28e71b7053SJung-uk Kim 29e71b7053SJung-uk KimB<CERT_PKEY_SIGN>: the EE key can be used for signing. 30e71b7053SJung-uk Kim 31e71b7053SJung-uk KimB<CERT_PKEY_EE_SIGNATURE>: the signature algorithm of the EE certificate is 32e71b7053SJung-uk Kimacceptable. 33e71b7053SJung-uk Kim 34e71b7053SJung-uk KimB<CERT_PKEY_CA_SIGNATURE>: the signature algorithms of all CA certificates 35e71b7053SJung-uk Kimare acceptable. 36e71b7053SJung-uk Kim 37e71b7053SJung-uk KimB<CERT_PKEY_EE_PARAM>: the parameters of the end entity certificate are 38e71b7053SJung-uk Kimacceptable (e.g. it is a supported curve). 39e71b7053SJung-uk Kim 40e71b7053SJung-uk KimB<CERT_PKEY_CA_PARAM>: the parameters of all CA certificates are acceptable. 41e71b7053SJung-uk Kim 42e71b7053SJung-uk KimB<CERT_PKEY_EXPLICIT_SIGN>: the end entity certificate algorithm 43e71b7053SJung-uk Kimcan be used explicitly for signing (i.e. it is mentioned in the signature 44e71b7053SJung-uk Kimalgorithms extension). 45e71b7053SJung-uk Kim 46e71b7053SJung-uk KimB<CERT_PKEY_ISSUER_NAME>: the issuer name is acceptable. This is only 47e71b7053SJung-uk Kimmeaningful for client authentication. 48e71b7053SJung-uk Kim 49e71b7053SJung-uk KimB<CERT_PKEY_CERT_TYPE>: the certificate type is acceptable. Only meaningful 50e71b7053SJung-uk Kimfor client authentication. 51e71b7053SJung-uk Kim 52e71b7053SJung-uk KimB<CERT_PKEY_SUITEB>: chain is suitable for Suite B use. 53e71b7053SJung-uk Kim 54e71b7053SJung-uk Kim=head1 NOTES 55e71b7053SJung-uk Kim 56e71b7053SJung-uk KimSSL_check_chain() must be called in servers after a client hello message or in 57e71b7053SJung-uk Kimclients after a certificate request message. It will typically be called 58e71b7053SJung-uk Kimin the certificate callback. 59e71b7053SJung-uk Kim 60e71b7053SJung-uk KimAn application wishing to support multiple certificate chains may call this 61e71b7053SJung-uk Kimfunction on each chain in turn: starting with the one it considers the 62e71b7053SJung-uk Kimmost secure. It could then use the chain of the first set which returns 63e71b7053SJung-uk Kimsuitable flags. 64e71b7053SJung-uk Kim 65e71b7053SJung-uk KimAs a minimum the flag B<CERT_PKEY_VALID> must be set for a chain to be 66e71b7053SJung-uk Kimusable. An application supporting multiple chains with different CA signature 67e71b7053SJung-uk Kimalgorithms may also wish to check B<CERT_PKEY_CA_SIGNATURE> too. If no 68e71b7053SJung-uk Kimchain is suitable a server should fall back to the most secure chain which 69e71b7053SJung-uk Kimsets B<CERT_PKEY_VALID>. 70e71b7053SJung-uk Kim 71e71b7053SJung-uk KimThe validity of a chain is determined by checking if it matches a supported 72e71b7053SJung-uk Kimsignature algorithm, supported curves and in the case of client authentication 73e71b7053SJung-uk Kimcertificate types and issuer names. 74e71b7053SJung-uk Kim 75e71b7053SJung-uk KimSince the supported signature algorithms extension is only used in TLS 1.2, 76e71b7053SJung-uk KimTLS 1.3 and DTLS 1.2 the results for earlier versions of TLS and DTLS may not 77e71b7053SJung-uk Kimbe very useful. Applications may wish to specify a different "legacy" chain 78e71b7053SJung-uk Kimfor earlier versions of TLS or DTLS. 79e71b7053SJung-uk Kim 80e71b7053SJung-uk Kim=head1 SEE ALSO 81e71b7053SJung-uk Kim 82e71b7053SJung-uk KimL<SSL_CTX_set_cert_cb(3)>, 83e71b7053SJung-uk KimL<ssl(7)> 84e71b7053SJung-uk Kim 85e71b7053SJung-uk Kim=head1 COPYRIGHT 86e71b7053SJung-uk Kim 87e71b7053SJung-uk KimCopyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. 88e71b7053SJung-uk Kim 89*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 90e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 91e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 92e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 93e71b7053SJung-uk Kim 94e71b7053SJung-uk Kim=cut 95