OpenSSL version 1.1 added support for verifying Certificate Transparency is being used on an SSL connection. The "openssl s_client" command can be used to see the SCTs provided over a connection: $ openssl s_client -connect google.com:443 -ct -CApath /etc/ssl/certs/CONNECTED(00000003) [...] --- SCTs present (2) --- SCT validation status: valid Signed Certificate Timestamp: Version : v1 (0x0) Log : Comodo Sabre CT log Log ID : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0: C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C Timestamp : Mar 13 20:05:26.276 2018 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:20:07:50:5B:7E:CC:20:19:40:38:91:35:04: 8D:F4:5D:2D:97:2B:3F:AF:C9:87:9D:B5:50:EA:2C:47: A9:CB:67:F5:02:21:00:A3:4E:50:DA:7C:F7:99:61:E5: F4:93:C9:C4:97:BC:89:EC:17:03:8B:15:2C:89:3D:98: BA:A3:5A:42:5C:C7:E1 --- SCT validation status: valid Signed Certificate Timestamp: Version : v1 (0x0) Log : Google Rocketeer log Log ID : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66: A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB Timestamp : Mar 13 20:05:25.963 2018 GMT Extensions: none Signature : ecdsa-with-SHA256 30:46:02:21:00:BE:9C:26:70:2B:FF:F3:08:40:9A:99: F5:DE:3C:12:23:D7:5C:51:4E:09:B0:F8:D7:34:EB:D2: 2C:92:D0:E0:2F:02:21:00:F4:C5:09:B0:E9:6C:DB:BF: 14:D6:73:98:04:9D:43:34:FD:B9:55:74:17:B4:73:2A: F5:1A:EF:68:2D:D7:93:F4 --- SSL handshake has read 4115 bytes and written 274 bytes Verification: OK --- [...] Applications can take advantage of this using OpenSSL's CT API. To simply require that a certificate is accompanied by at least one SCTs with a valid signature, add the following call to your application: SSL_CTX_enable_ct(ctx, SSL_CT_VALIDATION_STRICT); If you want more control over what constitutes a reasonable set of SCTs, you can register a callback to evaluate the SCTs: int at_least_two_scts(const CT_POLICY_EVAL_CTX *ctx, const STACK_OF(SCT) *scts, void *arg) { return sk_SCT_num(scts) >= 2; }
SSL_CTX_set_ct_validation_callback (ctx, at_least_two_scts, NULL);
|