
<div dir="ltr">It was my interpretation that 0 pathlen on the root self signed meant infinite.<div>The pathlen only applies on the certs between root and the leaf (which obviously can be 0, and CA true or not, but bad form to say true I'd imagine.)</div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Oct 8, 2018 at 1:57 AM Peter Magnusson <<a href="mailto:blaufish.public.email@gmail.com">blaufish.public.email@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">One more logic confusion in the OpenSSL Path Length Constraint check.<br>

Any Path Length Constraint set by Root (or any other Self-Issued<br>

Certificate) is ignored.<br>

Root cause appears to be !(x->ex_flags & EXFLAG_SI)=0 incorrectly<br>

applied to the checker (i.e. the checker and the calculation logic<br>

have been mixed up).<br>

<br>

<a href="https://github.com/blaufish/openssl-pathlen/tree/master/testcase_2" rel="noreferrer" target="_blank">https://github.com/blaufish/openssl-pathlen/tree/master/testcase_2</a><br>

<br>

openssl x509 -text -in root.pem | grep -a1 "X509v3 Basic"<br>

                Certificate Sign, CRL Sign<br>

            X509v3 Basic Constraints: critical<br>

                CA:TRUE, pathlen:0<br>

openssl x509 -text -in evilca.pem | grep -a1 "X509v3 Basic"<br>

                Certificate Sign, CRL Sign<br>

            X509v3 Basic Constraints: critical<br>

                CA:TRUE, pathlen:0<br>

openssl x509 -text -in evilserver.pem | grep -a1 "X509v3 Basic"<br>

        X509v3 extensions:<br>

            X509v3 Basic Constraints: critical<br>

                CA:FALSE<br>

----<br>

openssl x509 -text -in root.pem | egrep -a1 "X509v3 .* Key Identifier"<br>

        X509v3 extensions:<br>

            X509v3 Subject Key Identifier:<br>

                49:39:72:82:78:39:E8:60:AD:17:79:83:DB:65:B8:5C:E6:A7:84:B5<br>

--<br>

--<br>

                49:39:72:82:78:39:E8:60:AD:17:79:83:DB:65:B8:5C:E6:A7:84:B5<br>

            X509v3 Authority Key Identifier:<br>

<br>

keyid:49:39:72:82:78:39:E8:60:AD:17:79:83:DB:65:B8:5C:E6:A7:84:B5<br>

openssl x509 -text -in evilca.pem | grep -a1 "X509v3 .* Key Identifier"<br>

        X509v3 extensions:<br>

            X509v3 Subject Key Identifier:<br>

                B6:B4:75:66:18:B5:D2:4F:57:10:53:93:4F:CD:51:71:A4:27:84:7C<br>

--<br>

--<br>

                B6:B4:75:66:18:B5:D2:4F:57:10:53:93:4F:CD:51:71:A4:27:84:7C<br>

            X509v3 Authority Key Identifier:<br>

<br>

keyid:49:39:72:82:78:39:E8:60:AD:17:79:83:DB:65:B8:5C:E6:A7:84:B5<br>

openssl x509 -text -in evilserver.pem | egrep -a1 "X509v3 .* Key Identifier"<br>

                TLS Web Server Authentication<br>

            X509v3 Subject Key Identifier:<br>

                03:C6:48:91:09:73:F5:DF:EF:B5:9D:A4:66:00:16:C3:E9:DB:99:EE<br>

--<br>

--<br>

                03:C6:48:91:09:73:F5:DF:EF:B5:9D:A4:66:00:16:C3:E9:DB:99:EE<br>

            X509v3 Authority Key Identifier:<br>

<br>

keyid:B6:B4:75:66:18:B5:D2:4F:57:10:53:93:4F:CD:51:71:A4:27:84:7C<br>

----<br>

../openssl-1.1.1/apps/openssl verify -show_chain -verbose -CAfile<br>

root.pem -untrusted evilca.pem evilserver.pem<br>

******* important variables *******<br>

*** check_chain_extensions:524 i=0<br>

*** check_chain_extensions:525 plen=0<br>

*** check_chain_extensions:526 x->ex_pathlen=-1<br>

******* if statement components *******<br>

*** check_chain_extensions:528 i > 1=0<br>

*** check_chain_extensions:529 !(x->ex_flags & EXFLAG_SI)=1<br>

*** check_chain_extensions:530 (x->ex_pathlen != -1)=0<br>

*** check_chain_extensions:531 (plen > (x->ex_pathlen +<br>

proxy_path_length + 1))=0<br>

******* important variables *******<br>

*** check_chain_extensions:524 i=1<br>

*** check_chain_extensions:525 plen=1<br>

*** check_chain_extensions:526 x->ex_pathlen=0<br>

******* if statement components *******<br>

*** check_chain_extensions:528 i > 1=0<br>

*** check_chain_extensions:529 !(x->ex_flags & EXFLAG_SI)=1<br>

*** check_chain_extensions:530 (x->ex_pathlen != -1)=1<br>

*** check_chain_extensions:531 (plen > (x->ex_pathlen +<br>

proxy_path_length + 1))=0<br>

******* important variables *******<br>

*** check_chain_extensions:524 i=2<br>

*** check_chain_extensions:525 plen=2<br>

*** check_chain_extensions:526 x->ex_pathlen=0<br>

******* if statement components *******<br>

*** check_chain_extensions:528 i > 1=1<br>

*** check_chain_extensions:529 !(x->ex_flags & EXFLAG_SI)=0<br>

*** check_chain_extensions:530 (x->ex_pathlen != -1)=1<br>

*** check_chain_extensions:531 (plen > (x->ex_pathlen +<br>

proxy_path_length + 1))=1<br>

evilserver.pem: OK<br>

Chain:<br>

depth=0: C = SE, ST = EvilServer, L = EvilServer, O = EvilServer, OU =<br>

EvilServer, CN = EvilServer (untrusted)<br>

depth=1: C = SE, ST = EvilCA, L = EvilCA, O = EvilCA, OU = EvilCA, CN<br>

= EvilCA (untrusted)<br>

depth=2: C = SE, ST = Root, L = Root, O = Root, OU = Root, CN = Root<br>

-- <br>

openssl-users mailing list<br>

To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>

</blockquote></div>