2 * Verify or create TLS authentication with DANE (RFC6698)
6 * See the file LICENSE for the license.
10 #include <ldns/config.h>
13 #include <ldns/ldns.h>
14 #include <ldns/dane.h>
18 #include <sys/types.h>
19 #ifdef HAVE_SYS_SOCKET_H
20 #include <sys/socket.h>
27 #include <openssl/ssl.h>
28 #include <openssl/err.h>
29 #include <openssl/x509v3.h>
33 ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
34 uint16_t port, ldns_dane_transport transport)
36 char buf[LDNS_MAX_DOMAINLEN];
39 assert(tlsa_owner != NULL);
41 assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME);
43 s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port);
44 buf[0] = (char)(s - 1);
47 case LDNS_DANE_TRANSPORT_TCP:
48 s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp");
51 case LDNS_DANE_TRANSPORT_UDP:
52 s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp");
55 case LDNS_DANE_TRANSPORT_SCTP:
56 s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp");
60 return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT;
62 if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) {
63 return LDNS_STATUS_DOMAINNAME_OVERFLOW;
65 memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name));
66 *tlsa_owner = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME,
67 s + ldns_rdf_size(name), buf);
68 if (*tlsa_owner == NULL) {
69 return LDNS_STATUS_MEM_ERR;
71 return LDNS_STATUS_OK;
77 ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
78 ldns_tlsa_selector selector,
79 ldns_tlsa_matching_type matching_type)
81 unsigned char* buf = NULL;
87 unsigned char* digest;
93 case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE:
95 len = (size_t)i2d_X509(cert, &buf);
98 case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO:
101 xpubkey = X509_get_X509_PUBKEY(cert);
104 return LDNS_STATUS_SSL_ERR;
106 epubkey = X509_PUBKEY_get(xpubkey);
108 return LDNS_STATUS_SSL_ERR;
110 len = (size_t)i2d_PUBKEY(epubkey, &buf);
114 return LDNS_STATUS_DANE_UNKNOWN_SELECTOR;
117 switch(matching_type) {
118 case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED:
120 *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf);
122 return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
125 case LDNS_TLSA_MATCHING_TYPE_SHA256:
127 digest = LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH);
128 if (digest == NULL) {
130 return LDNS_STATUS_MEM_ERR;
132 (void) ldns_sha256(buf, (unsigned int)len, digest);
133 *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA256_DIGEST_LENGTH,
137 return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
140 case LDNS_TLSA_MATCHING_TYPE_SHA512:
142 digest = LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH);
143 if (digest == NULL) {
145 return LDNS_STATUS_MEM_ERR;
147 (void) ldns_sha512(buf, (unsigned int)len, digest);
148 *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA512_DIGEST_LENGTH,
152 return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
157 return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE;
162 /* Ordinary PKIX validation of cert (with extra_certs to help)
163 * against the CA's in store
166 ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs,
169 X509_STORE_CTX* vrfy_ctx;
173 return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
175 vrfy_ctx = X509_STORE_CTX_new();
178 return LDNS_STATUS_SSL_ERR;
180 } else if (X509_STORE_CTX_init(vrfy_ctx, store,
181 cert, extra_certs) != 1) {
182 s = LDNS_STATUS_SSL_ERR;
184 } else if (X509_verify_cert(vrfy_ctx) == 1) {
189 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
191 X509_STORE_CTX_free(vrfy_ctx);
196 /* Orinary PKIX validation of cert (with extra_certs to help)
197 * against the CA's in store, but also return the validation chain.
200 ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert,
201 STACK_OF(X509)* extra_certs, X509_STORE* store)
204 X509_STORE* empty_store = NULL;
205 X509_STORE_CTX* vrfy_ctx;
207 assert(chain != NULL);
210 store = empty_store = X509_STORE_new();
212 s = LDNS_STATUS_SSL_ERR;
213 vrfy_ctx = X509_STORE_CTX_new();
216 goto exit_free_empty_store;
218 } else if (X509_STORE_CTX_init(vrfy_ctx, store,
219 cert, extra_certs) != 1) {
220 goto exit_free_vrfy_ctx;
222 } else if (X509_verify_cert(vrfy_ctx) == 1) {
227 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
229 *chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
231 s = LDNS_STATUS_SSL_ERR;
235 X509_STORE_CTX_free(vrfy_ctx);
237 exit_free_empty_store:
239 X509_STORE_free(empty_store);
245 /* Return the validation chain that can be build out of cert, with extra_certs.
248 ldns_dane_pkix_get_chain(STACK_OF(X509)** chain,
249 X509* cert, STACK_OF(X509)* extra_certs)
252 X509_STORE* empty_store = NULL;
253 X509_STORE_CTX* vrfy_ctx;
255 assert(chain != NULL);
257 empty_store = X509_STORE_new();
258 s = LDNS_STATUS_SSL_ERR;
259 vrfy_ctx = X509_STORE_CTX_new();
262 goto exit_free_empty_store;
264 } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
265 cert, extra_certs) != 1) {
266 goto exit_free_vrfy_ctx;
268 (void) X509_verify_cert(vrfy_ctx);
269 *chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
271 s = LDNS_STATUS_SSL_ERR;
276 X509_STORE_CTX_free(vrfy_ctx);
278 exit_free_empty_store:
279 X509_STORE_free(empty_store);
284 /* Pop n+1 certs and return the last popped.
287 ldns_dane_get_nth_cert_from_validation_chain(
288 X509** cert, STACK_OF(X509)* chain, int n, bool ca)
290 if (n >= sk_X509_num(chain) || n < 0) {
291 return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE;
293 *cert = sk_X509_pop(chain);
296 *cert = sk_X509_pop(chain);
298 if (ca && ! X509_check_ca(*cert)) {
299 return LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
301 return LDNS_STATUS_OK;
305 /* Create validation chain with cert and extra_certs and returns the last
306 * self-signed (if present).
309 ldns_dane_pkix_get_last_self_signed(X509** out_cert,
310 X509* cert, STACK_OF(X509)* extra_certs)
313 X509_STORE* empty_store = NULL;
314 X509_STORE_CTX* vrfy_ctx;
316 assert(out_cert != NULL);
318 empty_store = X509_STORE_new();
319 s = LDNS_STATUS_SSL_ERR;
320 vrfy_ctx = X509_STORE_CTX_new();
322 goto exit_free_empty_store;
324 } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
325 cert, extra_certs) != 1) {
326 goto exit_free_vrfy_ctx;
329 (void) X509_verify_cert(vrfy_ctx);
330 if (X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
331 X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){
333 *out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx);
336 s = LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR;
339 X509_STORE_CTX_free(vrfy_ctx);
341 exit_free_empty_store:
342 X509_STORE_free(empty_store);
348 ldns_dane_select_certificate(X509** selected_cert,
349 X509* cert, STACK_OF(X509)* extra_certs,
350 X509_STORE* pkix_validation_store,
351 ldns_tlsa_certificate_usage cert_usage, int offset)
354 STACK_OF(X509)* pkix_validation_chain = NULL;
356 assert(selected_cert != NULL);
357 assert(cert != NULL);
359 /* With PKIX validation explicitly turned off (pkix_validation_store
360 * == NULL), treat the "CA constraint" and "Service certificate
361 * constraint" the same as "Trust anchor assertion" and "Domain issued
362 * certificate" respectively.
364 if (pkix_validation_store == NULL) {
365 switch (cert_usage) {
367 case LDNS_TLSA_USAGE_CA_CONSTRAINT:
369 cert_usage = LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION;
372 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
374 cert_usage = LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE;
382 /* Now what to do with each Certificate usage...
384 switch (cert_usage) {
386 case LDNS_TLSA_USAGE_CA_CONSTRAINT:
388 s = ldns_dane_pkix_validate_and_get_chain(
389 &pkix_validation_chain,
391 pkix_validation_store);
392 if (! pkix_validation_chain) {
395 if (s == LDNS_STATUS_OK) {
399 s = ldns_dane_get_nth_cert_from_validation_chain(
400 selected_cert, pkix_validation_chain,
403 sk_X509_pop_free(pkix_validation_chain, X509_free);
408 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
410 *selected_cert = cert;
411 return ldns_dane_pkix_validate(cert, extra_certs,
412 pkix_validation_store);
416 case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
419 s = ldns_dane_pkix_get_last_self_signed(
420 selected_cert, cert, extra_certs);
423 s = ldns_dane_pkix_get_chain(
424 &pkix_validation_chain,
426 if (s == LDNS_STATUS_OK) {
428 ldns_dane_get_nth_cert_from_validation_chain(
429 selected_cert, pkix_validation_chain,
431 } else if (! pkix_validation_chain) {
434 sk_X509_pop_free(pkix_validation_chain, X509_free);
440 case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
442 *selected_cert = cert;
443 return LDNS_STATUS_OK;
447 return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
454 ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
455 ldns_tlsa_certificate_usage certificate_usage,
456 ldns_tlsa_selector selector,
457 ldns_tlsa_matching_type matching_type,
463 assert(tlsa != NULL);
464 assert(cert != NULL);
467 *tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA);
469 return LDNS_STATUS_MEM_ERR;
472 rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8,
473 (uint8_t)certificate_usage);
477 (void) ldns_rr_set_rdf(*tlsa, rdf, 0);
479 rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector);
483 (void) ldns_rr_set_rdf(*tlsa, rdf, 1);
485 rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type);
489 (void) ldns_rr_set_rdf(*tlsa, rdf, 2);
491 s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type);
492 if (s == LDNS_STATUS_OK) {
493 (void) ldns_rr_set_rdf(*tlsa, rdf, 3);
494 return LDNS_STATUS_OK;
503 return LDNS_STATUS_MEM_ERR;
507 #ifdef USE_DANE_VERIFY
508 /* Return tlsas that actually are TLSA resource records with known values
509 * for the Certificate usage, Selector and Matching type rdata fields.
512 ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas)
515 ldns_rr_list* r = ldns_rr_list_new();
521 for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) {
522 tlsa_rr = ldns_rr_list_rr(tlsas, i);
523 if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA &&
524 ldns_rr_rd_count(tlsa_rr) == 4 &&
525 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 &&
526 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 &&
527 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) {
529 if (! ldns_rr_list_push_rr(r, tlsa_rr)) {
530 ldns_rr_list_free(r);
539 #if !defined(USE_DANE_TA_USAGE)
540 /* Return whether cert/selector/matching_type matches data.
543 ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector,
544 ldns_tlsa_matching_type matching_type, ldns_rdf* data)
547 ldns_rdf* match_data;
549 s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type);
550 if (s == LDNS_STATUS_OK) {
551 if (ldns_rdf_compare(data, match_data) != 0) {
552 s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
554 ldns_rdf_free(match_data);
560 /* Return whether any certificate from the chain with selector/matching_type
562 * ca should be true if the certificate has to be a CA certificate too.
565 ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
566 ldns_tlsa_selector selector,
567 ldns_tlsa_matching_type matching_type,
568 ldns_rdf* data, bool ca)
570 ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
574 n = (size_t)sk_X509_num(chain);
575 for (i = 0; i < n; i++) {
576 cert = sk_X509_pop(chain);
578 s = LDNS_STATUS_SSL_ERR;
581 s = ldns_dane_match_cert_with_data(cert,
582 selector, matching_type, data);
583 if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) {
584 s = LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
587 if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) {
590 /* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
591 * try to match the next certificate
596 #endif /* !defined(USE_DANE_TA_USAGE) */
597 #endif /* USE_DANE_VERIFY */
599 #ifdef USE_DANE_VERIFY
601 ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
602 X509* cert, STACK_OF(X509)* extra_certs,
603 X509_STORE* pkix_validation_store)
605 #if defined(USE_DANE_TA_USAGE)
606 SSL_CTX *ssl_ctx = NULL;
608 X509_STORE_CTX *store_ctx = NULL;
610 STACK_OF(X509)* pkix_validation_chain = NULL;
612 ldns_status s = LDNS_STATUS_OK;
614 ldns_tlsa_certificate_usage usage;
615 ldns_tlsa_selector selector;
616 ldns_tlsa_matching_type mtype;
619 if (! tlsa_rr || ldns_rr_get_type(tlsa_rr) != LDNS_RR_TYPE_TLSA ||
620 ldns_rr_rd_count(tlsa_rr) != 4 ||
621 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) > 3 ||
622 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) > 1 ||
623 ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) > 2 ) {
624 /* No (usable) TLSA, so regular PKIX validation
626 return ldns_dane_pkix_validate(cert, extra_certs,
627 pkix_validation_store);
629 usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0));
630 selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1));
631 mtype = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2));
632 data = ldns_rr_rdf(tlsa_rr, 3) ;
634 #if defined(USE_DANE_TA_USAGE)
635 /* Rely on OpenSSL dane functions.
637 * OpenSSL does not provide offline dane verification. The dane unit
638 * tests within openssl use the undocumented SSL_get0_dane() and
639 * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
640 * SSL_CTX to a X509_STORE_CTX that can be used to do offline
641 * verification. We use these undocumented means with the ldns
642 * dane function prototypes which did only offline dane verification.
644 if (!(ssl_ctx = SSL_CTX_new(TLS_client_method())))
645 s = LDNS_STATUS_MEM_ERR;
647 else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
648 s = LDNS_STATUS_SSL_ERR;
650 else if (SSL_CTX_dane_set_flags(
651 ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS),
652 !(ssl = SSL_new(ssl_ctx)))
653 s = LDNS_STATUS_MEM_ERR;
655 else if (SSL_set_connect_state(ssl),
656 (SSL_dane_enable(ssl, NULL) <= 0))
657 s = LDNS_STATUS_SSL_ERR;
659 else if (SSL_dane_tlsa_add(ssl, usage, selector, mtype,
660 ldns_rdf_data(data), ldns_rdf_size(data)) <= 0)
661 s = LDNS_STATUS_SSL_ERR;
663 else if (!(store_ctx = X509_STORE_CTX_new()))
664 s = LDNS_STATUS_MEM_ERR;
666 else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs))
667 s = LDNS_STATUS_SSL_ERR;
672 X509_STORE_CTX_set_default(store_ctx,
673 SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
674 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
675 SSL_get0_param(ssl));
676 X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
677 if (SSL_get_verify_callback(ssl))
678 X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
680 ret = X509_verify_cert(store_ctx);
682 if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH)
683 s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
685 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
687 X509_STORE_CTX_cleanup(store_ctx);
690 X509_STORE_CTX_free(store_ctx);
694 SSL_CTX_free(ssl_ctx);
698 case LDNS_TLSA_USAGE_CA_CONSTRAINT:
699 s = ldns_dane_pkix_validate_and_get_chain(
700 &pkix_validation_chain,
702 pkix_validation_store);
703 if (! pkix_validation_chain) {
706 if (s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) {
708 * NO PKIX validation. We still try to match *any*
709 * certificate from the chain, so we return
710 * TLSA errors over PKIX errors.
712 * i.e. When the TLSA matches no certificate, we return
713 * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE
715 s = ldns_dane_match_any_cert_with_data(
716 pkix_validation_chain,
717 selector, mtype, data, true);
719 if (s == LDNS_STATUS_OK) {
720 /* A TLSA record did match a cert from the
721 * chain, thus the error is failed PKIX
724 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
727 } else if (s == LDNS_STATUS_OK) {
728 /* PKIX validated, does the TLSA match too? */
730 s = ldns_dane_match_any_cert_with_data(
731 pkix_validation_chain,
732 selector, mtype, data, true);
734 sk_X509_pop_free(pkix_validation_chain, X509_free);
738 case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
740 s = ldns_dane_match_cert_with_data(cert,
741 selector, mtype, data);
743 if (s == LDNS_STATUS_OK) {
744 return ldns_dane_pkix_validate(cert, extra_certs,
745 pkix_validation_store);
750 case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
752 s = ldns_dane_pkix_get_chain(&pkix_validation_chain,
755 if (s == LDNS_STATUS_OK) {
756 s = ldns_dane_match_any_cert_with_data(
757 pkix_validation_chain,
758 selector, mtype, data, false);
760 } else if (! pkix_validation_chain) {
763 sk_X509_pop_free(pkix_validation_chain, X509_free);
766 return LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA;
770 case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
771 return ldns_dane_match_cert_with_data(cert,
772 selector, mtype, data);
779 return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
784 ldns_dane_verify(const ldns_rr_list* tlsas,
785 X509* cert, STACK_OF(X509)* extra_certs,
786 X509_STORE* pkix_validation_store)
788 #if defined(USE_DANE_TA_USAGE)
789 SSL_CTX *ssl_ctx = NULL;
790 ldns_rdf *basename_rdf = NULL;
791 char *basename = NULL;
793 X509_STORE_CTX *store_ctx = NULL;
799 ldns_rr_list *usable_tlsas;
800 ldns_status s = LDNS_STATUS_OK;
802 assert(cert != NULL);
804 if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0)
805 /* No TLSA's, so regular PKIX validation
807 return ldns_dane_pkix_validate(cert, extra_certs,
808 pkix_validation_store);
810 /* To enable name checks (which we don't) */
811 #if defined(USE_DANE_TA_USAGE) && 0
812 else if (!(basename_rdf = ldns_dname_clone_from(
813 ldns_rr_list_owner(tlsas), 2)))
814 /* Could nog get DANE base name */
817 else if (!(basename = ldns_rdf2str(basename_rdf)))
818 s = LDNS_STATUS_MEM_ERR;
820 else if (strlen(basename) && (basename[strlen(basename)-1] = 0))
821 s = LDNS_STATUS_ERR; /* Intended to be unreachable */
824 else if (!(usable_tlsas = ldns_dane_filter_unusable_records(tlsas)))
825 return LDNS_STATUS_MEM_ERR;
827 else if (ldns_rr_list_rr_count(usable_tlsas) == 0) {
828 /* No TLSA's, so regular PKIX validation
830 ldns_rr_list_free(usable_tlsas);
831 return ldns_dane_pkix_validate(cert, extra_certs,
832 pkix_validation_store);
834 #if defined(USE_DANE_TA_USAGE)
835 /* Rely on OpenSSL dane functions.
837 * OpenSSL does not provide offline dane verification. The dane unit
838 * tests within openssl use the undocumented SSL_get0_dane() and
839 * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and
840 * SSL_CTX to a X509_STORE_CTX that can be used to do offline
841 * verification. We use these undocumented means with the ldns
842 * dane function prototypes which did only offline dane verification.
844 if (!(ssl_ctx = SSL_CTX_new(TLS_client_method())))
845 s = LDNS_STATUS_MEM_ERR;
847 else if (SSL_CTX_dane_enable(ssl_ctx) <= 0)
848 s = LDNS_STATUS_SSL_ERR;
850 else if (SSL_CTX_dane_set_flags(
851 ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS),
852 !(ssl = SSL_new(ssl_ctx)))
853 s = LDNS_STATUS_MEM_ERR;
855 else if (SSL_set_connect_state(ssl),
856 (SSL_dane_enable(ssl, basename) <= 0))
857 s = LDNS_STATUS_SSL_ERR;
859 else for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) {
860 ldns_tlsa_certificate_usage usage;
861 ldns_tlsa_selector selector;
862 ldns_tlsa_matching_type mtype;
865 tlsa_rr = ldns_rr_list_rr(usable_tlsas, i);
866 usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,0));
867 selector= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,1));
868 mtype = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,2));
869 data = ldns_rr_rdf(tlsa_rr,3) ;
871 if (SSL_dane_tlsa_add(ssl, usage, selector, mtype,
873 ldns_rdf_size(data)) <= 0) {
874 s = LDNS_STATUS_SSL_ERR;
878 if (!s && !(store_ctx = X509_STORE_CTX_new()))
879 s = LDNS_STATUS_MEM_ERR;
881 else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs))
882 s = LDNS_STATUS_SSL_ERR;
887 X509_STORE_CTX_set_default(store_ctx,
888 SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
889 X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
890 SSL_get0_param(ssl));
891 X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
892 if (SSL_get_verify_callback(ssl))
893 X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
895 ret = X509_verify_cert(store_ctx);
897 if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH)
898 s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
900 s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
902 X509_STORE_CTX_cleanup(store_ctx);
905 X509_STORE_CTX_free(store_ctx);
909 SSL_CTX_free(ssl_ctx);
912 ldns_rdf_deep_free(basename_rdf);
914 for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) {
915 tlsa_rr = ldns_rr_list_rr(usable_tlsas, i);
917 s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs,
918 pkix_validation_store);
920 if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH &&
921 s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE &&
922 s != LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA) {
924 /* which would be LDNS_STATUS_OK (match)
925 * or some fatal error preventing use from
926 * trying the next TLSA record.
930 s = (s > ps ? s : ps); /* pref NEED_OPENSSL_GE_1_1_FOR_DANE_TA
931 * over PKIX_DID_NOT_VALIDATE
932 * over TLSA_DID_NOT_MATCH
936 ldns_rr_list_free(usable_tlsas);
939 #endif /* USE_DANE_VERIFY */
940 #endif /* HAVE_SSL */
941 #endif /* USE_DANE */