[openssl-users] Path Length Constraint ignored for Root and any self-issued certificate

J Decker d3ck0r at gmail.com
Mon Oct 8 11:27:10 UTC 2018


It was my interpretation that 0 pathlen on the root self signed meant
infinite.
The pathlen only applies on the certs between root and the leaf (which
obviously can be 0, and CA true or not, but bad form to say true I'd
imagine.)

On Mon, Oct 8, 2018 at 1:57 AM Peter Magnusson <
blaufish.public.email at gmail.com> wrote:

> One more logic confusion in the OpenSSL Path Length Constraint check.
> Any Path Length Constraint set by Root (or any other Self-Issued
> Certificate) is ignored.
> Root cause appears to be !(x->ex_flags & EXFLAG_SI)=0 incorrectly
> applied to the checker (i.e. the checker and the calculation logic
> have been mixed up).
>
> https://github.com/blaufish/openssl-pathlen/tree/master/testcase_2
>
> openssl x509 -text -in root.pem | grep -a1 "X509v3 Basic"
>                 Certificate Sign, CRL Sign
>             X509v3 Basic Constraints: critical
>                 CA:TRUE, pathlen:0
> openssl x509 -text -in evilca.pem | grep -a1 "X509v3 Basic"
>                 Certificate Sign, CRL Sign
>             X509v3 Basic Constraints: critical
>                 CA:TRUE, pathlen:0
> openssl x509 -text -in evilserver.pem | grep -a1 "X509v3 Basic"
>         X509v3 extensions:
>             X509v3 Basic Constraints: critical
>                 CA:FALSE
> ----
> openssl x509 -text -in root.pem | egrep -a1 "X509v3 .* Key Identifier"
>         X509v3 extensions:
>             X509v3 Subject Key Identifier:
>                 49:39:72:82:78:39:E8:60:AD:17:79:83:DB:65:B8:5C:E6:A7:84:B5
> --
> --
>                 49:39:72:82:78:39:E8:60:AD:17:79:83:DB:65:B8:5C:E6:A7:84:B5
>             X509v3 Authority Key Identifier:
>
> keyid:49:39:72:82:78:39:E8:60:AD:17:79:83:DB:65:B8:5C:E6:A7:84:B5
> openssl x509 -text -in evilca.pem | grep -a1 "X509v3 .* Key Identifier"
>         X509v3 extensions:
>             X509v3 Subject Key Identifier:
>                 B6:B4:75:66:18:B5:D2:4F:57:10:53:93:4F:CD:51:71:A4:27:84:7C
> --
> --
>                 B6:B4:75:66:18:B5:D2:4F:57:10:53:93:4F:CD:51:71:A4:27:84:7C
>             X509v3 Authority Key Identifier:
>
> keyid:49:39:72:82:78:39:E8:60:AD:17:79:83:DB:65:B8:5C:E6:A7:84:B5
> openssl x509 -text -in evilserver.pem | egrep -a1 "X509v3 .* Key
> Identifier"
>                 TLS Web Server Authentication
>             X509v3 Subject Key Identifier:
>                 03:C6:48:91:09:73:F5:DF:EF:B5:9D:A4:66:00:16:C3:E9:DB:99:EE
> --
> --
>                 03:C6:48:91:09:73:F5:DF:EF:B5:9D:A4:66:00:16:C3:E9:DB:99:EE
>             X509v3 Authority Key Identifier:
>
> keyid:B6:B4:75:66:18:B5:D2:4F:57:10:53:93:4F:CD:51:71:A4:27:84:7C
> ----
> ../openssl-1.1.1/apps/openssl verify -show_chain -verbose -CAfile
> root.pem -untrusted evilca.pem evilserver.pem
> ******* important variables *******
> *** check_chain_extensions:524 i=0
> *** check_chain_extensions:525 plen=0
> *** check_chain_extensions:526 x->ex_pathlen=-1
> ******* if statement components *******
> *** check_chain_extensions:528 i > 1=0
> *** check_chain_extensions:529 !(x->ex_flags & EXFLAG_SI)=1
> *** check_chain_extensions:530 (x->ex_pathlen != -1)=0
> *** check_chain_extensions:531 (plen > (x->ex_pathlen +
> proxy_path_length + 1))=0
> ******* important variables *******
> *** check_chain_extensions:524 i=1
> *** check_chain_extensions:525 plen=1
> *** check_chain_extensions:526 x->ex_pathlen=0
> ******* if statement components *******
> *** check_chain_extensions:528 i > 1=0
> *** check_chain_extensions:529 !(x->ex_flags & EXFLAG_SI)=1
> *** check_chain_extensions:530 (x->ex_pathlen != -1)=1
> *** check_chain_extensions:531 (plen > (x->ex_pathlen +
> proxy_path_length + 1))=0
> ******* important variables *******
> *** check_chain_extensions:524 i=2
> *** check_chain_extensions:525 plen=2
> *** check_chain_extensions:526 x->ex_pathlen=0
> ******* if statement components *******
> *** check_chain_extensions:528 i > 1=1
> *** check_chain_extensions:529 !(x->ex_flags & EXFLAG_SI)=0
> *** check_chain_extensions:530 (x->ex_pathlen != -1)=1
> *** check_chain_extensions:531 (plen > (x->ex_pathlen +
> proxy_path_length + 1))=1
> evilserver.pem: OK
> Chain:
> depth=0: C = SE, ST = EvilServer, L = EvilServer, O = EvilServer, OU =
> EvilServer, CN = EvilServer (untrusted)
> depth=1: C = SE, ST = EvilCA, L = EvilCA, O = EvilCA, OU = EvilCA, CN
> = EvilCA (untrusted)
> depth=2: C = SE, ST = Root, L = Root, O = Root, OU = Root, CN = Root
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181008/13bdc938/attachment.html>


More information about the openssl-users mailing list