SSL client certificate validation needs dedicated ssl.verifyclient.ca-file
According to https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL as well as https://redmine.lighttpd.net/issues/1288 SSL client certification uses the parameter "ssl.ca-file" for the list of trusted CA certificates that eligible client certificates must be signed from.
At the same time, this parameter is being used for sending out any intermediate CA certificates that were used to sign the server certificate contained in "ssl.pemfile".
This dual-use of the "ssl.ca-file" is problematic, because it would allow client certificates that would have been signed from any of the intermediate certficates from the server certificate chain.
This really, really, really should not be the case as it would allow undesired cases of successful client certificate verification.
I suggest to:
1. Add a parameter "ssl.verifyclient.ca-file" to be able to configure a dedicated set of CA certificates that are only being used for verifying client certificates
2. Rename "ssl.ca-crl-file" to "ssl.verifyclient.ca-crl-file" to point out it's only being used for client certificate verification
3. Rename "ssl.ca-dn-file" to "ssl.verifyclient.ca-dn-file" to point out it's only being used for client certificate verification
Perhaps the documentation needs to be made clearer.
The verify_callback() function in mod_openssl contains this comment:
/* verify that client cert is issued by CA in ssl.ca-dn-file * if both ssl.ca-dn-file and ssl.ca-file were configured */
If I understand you correctly, this is your goal. Is that right?
If ssl.ca-dn-file is not specified, then ssl.ca-file is used for client cert validation.
Please see the commit message for commit 9fd39690
gstrauss: This seems very weird to me. According to https://redmine.lighttpd.net/issues/2694 ssl.ca-dn-file is just a file that should contain DNs of CAs that should be hinted to clients in the TLS handshake, not actual trusted CA certificates (see also https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL -> "but not trusted root CAs"). So, what's true here?
Also available in: Atom