[gnutls-devel] gnutls_certificate_verify_peers* question

Peter Williams home_pw at msn.com
Tue Feb 19 14:59:19 CET 2013

not in security theory.


The peers in SSL are mutually suspicions - which means that before the state transition that define “security” each peer must be assumed to be spoofing by the other. In SSL, the last 2 pairwise messages of the handshake are those that prove that the handshake messages themselves are authentic, and thus the handshake is authentic. Only at that point is the entity authentication service of SSL actually delivered.


For example, if client release its last message but fails to receive that from the server, there was proof of nothing - and the suspicion remains.


in SSL, there are no states depending on message-evidence that so and so holds a private key.


If you go to a math exam and show 30m worth of workings but make a tiny adding error at the last step getting the wrong answer, you still get 0 points on the score. There are no points for correct workings. The bridge fell down.

Sent from Windows Mail

From: Jaak Ristioja
Sent: ‎February‎ ‎19‎, ‎2013 ‎5‎:‎50‎ ‎AM
To: Nikos Mavrogiannopoulos
CC: gnutls-devel
Subject: Re: [gnutls-devel] gnutls_certificate_verify_peers* question

On 19.02.2013 14:05, Nikos Mavrogiannopoulos wrote:
> On Tue, Feb 19, 2013 at 10:10 AM, Jaak Ristioja <jaak.ristioja at cyber.ee> wrote:
>> Hello!
>> If I use the gnutls_certificate_verify_peers2() or
>> gnutls_certificate_verify_peers3() functions in the callback set using
>> gnutls_certificate_set_verify_function(), do those functions also verify
>> that the peer has the private key corresponding to the public key in the
>> certificate, or is it done elsewhere outside of the callback?
> Hello,
>  For simplicity I'll focus on the signing ciphersuites. In that case,
> during the handshake you receive a message from the peer that contains
> handshake parameters (it is the random nonces and DH params in server
> side) that are signed. This message is verified in gnutls_handshake()
> directly (i.e. you have no say on that). If that succeeds the callback
> takes control and verifies whether the parameters (i.e. the
> certificate) used in the previous signature verification are
> acceptable.

Do I understand it correctly, that once the callback (set using
gnutls_certificate_set_verify_function) is called during handshake, it
has already been verified that the peer holds the private key for the
public key in the certificate the peer provides?


Gnutls-devel mailing list
Gnutls-devel at lists.gnutls.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130219/4a76010e/attachment.htm>

More information about the Gnutls-devel mailing list