[openssl-users] openssl verify accepting CA certs issued by intermediate with CA:TRUE, pathlen:0
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Oct 3 14:51:01 UTC 2018
On Wed, Oct 03, 2018 at 02:51:57PM +0200, Peter Magnusson wrote:
> $ openssl verify -verbose -CAfile root.pem -untrusted intermediate.pem evil.pem
> evil.pem: OK
This is expected to work when intermediate.pem has pathlen 0, because
you're verifying "evil.pem" as a *leaf* certificate, its CA:true
is irrelevant when it is the last (leaf) certificate in the chain.
An actually unexpected result would be:
$ openssl verify -verbose -CAfile root.pem -untrusted intermediate.pem -untrusted evil.pem badee.pem
badee.pem: OK
where badee.pem is signed by evil.pem. The path length constraint
is not a constraint against issuing EE certs with CA:true, it only
constraints the number additional intermediate (non-self-issued)
CAs in a valid path. In your example that number is zero.
https://tools.ietf.org/html/rfc5280#section-4.2.1.9
The pathLenConstraint field is meaningful only if the cA boolean is
asserted and the key usage extension, if present, asserts the
keyCertSign bit (Section 4.2.1.3). In this case, it gives the
maximum number of non-self-issued intermediate certificates that may
follow this certificate in a valid certification path.
--
Viktor.
More information about the openssl-users
mailing list