2011/8/1 Howard Chu hyc@symas.com:
David Hawes wrote:
[...]
Think about why you would configure such a setup, and what it actually means. When you have a certificate of your own, signed by a particular CA, that obviously means that you must trust that CA. If you're going to accept a cert from another party that is signed by a different CA that obviously means that you must also trust the other CA. There is absolutely nothing gained from isolating these two CAs, on either side of the session.
You've never been into such a situation. That doesn't mean such an isolation is irrelevant.
In a project I'm working on (that doesn't mean I'm the only guy who produced the certificates, in my basement, etc), servers have a certificate signed by a public CA, but can accept connections from client signed by their own CA. The servers and clients are disseminated all over the world, and are "country-level" (sorry for my bad english, I don't know how to translate it). For example, consider some countries: DE, US, UK, AU, ... Each of these countries have a server, signed by a public CA (so that everybody, even anonymous users, can connect and trust the server), but they deliver client auth certificates to other countries participants (verified by diplomatic means), signed by their own CA. That way, the German server only trusts German-CA-issued client certificates, and all the other country participants, when connecting to the German server, need to select the right client certificate.
OpenSSL (e.g.) already sends only the chain of certificates relevant to its own subject cert. The fact that all CAs are tossed into a single file (or directory) together is irrelevant; in memory it's all managed as a database and only the certs that it needs are accessed.
In "the certs that it needs", who is "it"? The server? How can the server know what are the needed certs for the client to build a certificate chain joining a trust anchor *he* (the client) only knows about?
I verified that on a GnuTLS-enabled OpenLDAP, the behavior you described is what happens, but I haven't tested with a more complicated chain (for example a cross certified CA certificate, which could then attach to several trust anchors). I also saw that because you place everything in the same file, the server sends the root CA to the client, which is useless (and therefore is a waste).