"Manual" certificate checking

Phil Mayers p.mayers at imperial.ac.uk
Mon Jul 9 14:38:11 CEST 2012


On 09/07/12 13:27, Sven Dreyer wrote:
> Am 09.07.2012 14:18, schrieb Phil Mayers:
>>> - The phones have the Sub CA certificate locally installed as
>>> "trustworthy" (NOT the Root CA certificate!)
>>> - The RADIUS server must only send its server certificate (not the whole
>>> chain)
>>
>> Why?
>
> Not my decision - our customer said something like "that's the way it
> works in our network". I suggested to send the whole chain, but their
> answer was like "no RFC forces anyone to send the whole chain, so it
> must work that way".

RFC 2246, section 7.4.2 says:


    certificate_list
        This is a sequence (chain) of X.509v3 certificates. The sender's
        certificate must come first in the list. Each following
        certificate must directly certify the one preceding it. Because
        certificate validation requires that root keys be distributed
        independently, the self-signed certificate which specifies the
        root certificate authority may optionally be omitted from the
        chain, under the assumption that the remote end must already
        possess it in order to validate it in any case.

This intent of this paragraph seems plain. Send the server cert, 
followed by all intermediate certs, followed optionally by the root CA cert.

Unfortunately, 2246 does not make use of RFC 2119 language to indicate 
this is mandatory in the usual way, and this text remains unchanged in 
4346 (TLS 1.1); however it was updated in 5246 (TLS 1.2), and the 
wording is far clearer.

In short, my reading of the TLS RFCs suggests that sending the server 
and all intermediate certs is mandatory.

Clearly the OpenSSL authors agree. But "the customer is always right" ;o)


More information about the Freeradius-Users mailing list