[gnutls-devel] gnutls_certificate_verify_peers* question

[Nikos Mavrogiannopoulos]

On Tue, Feb 19, 2013 at 10:10 AM, Jaak Ristioja <jaak.ristioja at cyber.ee> wrote:
> Hello!
> If I use the gnutls_certificate_verify_peers2() or
> gnutls_certificate_verify_peers3() functions in the callback set using
> gnutls_certificate_set_verify_function(), do those functions also verify
> that the peer has the private key corresponding to the public key in the
> certificate, or is it done elsewhere outside of the callback?

Hello,
 For simplicity I'll focus on the signing ciphersuites. In that case,
during the handshake you receive a message from the peer that contains
handshake parameters (it is the random nonces and DH params in server
side) that are signed. This message is verified in gnutls_handshake()
directly (i.e. you have no say on that). If that succeeds the callback
takes control and verifies whether the parameters (i.e. the
certificate) used in the previous signature verification are
acceptable.

> The goal is to setup a connection, where both endpoints authenticate
> only using their key pairs (i.e. give access iff peer has public key A;
> ignoring any certification chain) and I'm wondering whether calling a
> gnutls_certificate_verify_peers* function is needed at all.

If you need authentication of the peers and/or verify the name of the
peer, then they are needed. If you use fixed public keys, that would
be the place to verify that they correspond to the expected ones.

regards,
Nikos