1

Let's say I have a client, not a browser, that wants to connect with https to a server. It could be a python program, an android app or a library etc. Suppose the client has a list of trusted CAs and their public keys.

What checks the client should make to verify that the certificate is valid and avoid man in the middle attacks and what attacks is possible if the client doesn't make this checks?

I know a lot of libraries do this for you but a lot of things can go wrong. The question is mostly theoretical.

As far I have understood you should check:

  1. If the issuer (CA) of the certificate is in your trusted list and the public key of the issuer is the correct one.
  2. Check CN to match the domain/IP you are connecting
  3. If the certificate is expired
  4. Something about X509v3 extension and basic constrains that I haven't understood correctly.
Laxmana
  • 113
  • 3
  • 1
    The two answers by Thomas are pretty long and detailed, you should get want you need in "Certificates and Authentication" from the first and "Certificate Woes" from the second. – M'vy Apr 15 '16 at 11:47

2 Answers2

1

And you should make a lot of checks about the cerificate genuinity, i.e. to avoid MitM or false-issued certificate by "so-called stolen" CA key. Take a look and star at Perspectives Project to have a full picture

Alexey Vesnin
  • 1,565
  • 1
  • 8
  • 11
1

Properly validating a certificate is a really complex matter. As with many things in crypto, it's best to leave this validation to a library instead of trying to implement it yourself. Typically, you'd ask your library to perform all the hard work and then check for any additional properties you are interested in afterward.

As for the details:

First, you need to check the end-entity certificate itself. You need to see if it conforms to your expectation: does the subject match what you're expecting (in the case of a web site, that means checking in the subject common name is the FQDN name of the URL you used to reach it), is the certificate validity period correct ? Does the certificate have the proper key usage and extended key usage ? Are the certificate basic constraints satisfied ?

Then you can check if the certificate has been revoked (check the CRL distribution point in the certificate property and query them to check revocation).

After this, the whole certificate path must be checked. This means performing more or less the avove validations for each certificate in the path up to the trust anchor. (see rfc5280 if you want the gory details).

Stephane
  • 18,557
  • 3
  • 61
  • 70
  • Thanks for the answer. I wouldn't implement the validation myself in a real situation even if I could which I can't :). The question is related to a project I have in computer security in my university and I want to understand better the validation process of a client. – Laxmana Apr 15 '16 at 15:04