Handle additional certificate error cases in new X.509 verifier.

With the old verifier, the verify callback can always return 1 instructing
the verifier to simply continue regardless of a certificate verification
failure (e.g. the certificate is expired or revoked). This would result
in a chain being built, however the first error encountered would be
persisted, which allows the caller to build the chain, have the
verification process succeed, yet upon inspecting the error code note
that the chain is not valid for some reason.

Mimic this behaviour by keeping track of certificate errors while building
chains - when we finish verification, find the certificate error closest
to the leaf certificate and expose that via the X509_STORE_CTX. There are
various corner cases that we also have to handle, like the fact that we
keep an certificate error until we find the issuer, at which point we have
to clear it.

Issue reported by Ilya Shipitcin due to failing haproxy regression tests.

With much discussion and input from beck@ and tb@!

ok beck@ tb@

1 files changed, 2 insertions, 1 deletions

diff --git a/lib/libcrypto/x509/x509_internal.h b/lib/libcrypto/x509/x509_internal.h
index 9d69055afa6..f6887be5fbf 100644
--- a/lib/libcrypto/x509/x509_internal.h
+++ b/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_internal.h,v 1.3 2020/09/15 11:55:14 beck Exp $ */
+/* $OpenBSD: x509_internal.h,v 1.4 2020/11/11 18:49:34 jsing Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -57,6 +57,7 @@ struct x509_constraints_names {
 
 struct x509_verify_chain {
 	STACK_OF(X509) *certs;		/* Kept in chain order, includes leaf */
+	int *cert_errors;		/* Verify error for each cert in chain. */
 	struct x509_constraints_names *names;	/* All names from all certs */
 };