[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

Viktor Dukhovni viktor at openssl.org
Thu Oct 18 04:10:45 UTC 2018

The branch OpenSSL_1_1_1-stable has been updated
       via  a190ea8ad7f2405d1a6245e59481fb6e3d0f60d2 (commit)
       via  bb6923945ee61b024c841f8131416c3c35cc9746 (commit)
      from  871039698042467b814b4fa37353db120be5b331 (commit)

- Log -----------------------------------------------------------------
commit a190ea8ad7f2405d1a6245e59481fb6e3d0f60d2
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date:   Mon Oct 8 12:05:14 2018 -0400

    Apply self-imposed path length also to root CAs
    Also, some readers of the code find starting the count at 1 for EE
    cert confusing (since RFC5280 counts only non-self-issued intermediate
    CAs, but we also counted the leaf).  Therefore, never count the EE
    cert, and adjust the path length comparison accordinly.  This may
    be more clear to the reader.
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit dc5831da59e9bfad61ba425d886a0b06ac160cd6)

commit bb6923945ee61b024c841f8131416c3c35cc9746
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date:   Thu Oct 4 23:53:01 2018 -0400

    Only CA certificates can be self-issued
    At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and
    top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph
    of above https://tools.ietf.org/html/rfc5280#section-3.3), we see:
       This specification covers two classes of certificates: CA
       certificates and end entity certificates.  CA certificates may be
       further divided into three classes: cross-certificates, self-issued
       certificates, and self-signed certificates.  Cross-certificates are
       CA certificates in which the issuer and subject are different
       entities.  Cross-certificates describe a trust relationship between
       the two CAs.  Self-issued certificates are CA certificates in which
       the issuer and subject are the same entity.  Self-issued certificates
       are generated to support changes in policy or operations.  Self-
       signed certificates are self-issued certificates where the digital
       signature may be verified by the public key bound into the
       certificate.  Self-signed certificates are used to convey a public
       key for use to begin certification paths.  End entity certificates
       are issued to subjects that are not authorized to issue certificates.
    that the term "self-issued" is only applicable to CAs, not end-entity
    certificates.  In https://tools.ietf.org/html/rfc5280#section-
    the description of path length constraints says:
       The pathLenConstraint field is meaningful only if the cA boolean is
       asserted and the key usage extension, if present, asserts the
       keyCertSign bit (Section  In this case, it gives the
       maximum number of non-self-issued intermediate certificates that may
       follow this certificate in a valid certification path.  (Note: The
       last certificate in the certification path is not an intermediate
       certificate, and is not included in this limit.  Usually, the last
       certificate is an end entity certificate, but it can be a CA
    This makes it clear that exclusion of self-issued certificates from
    the path length count applies only to some *intermediate* CA
    certificates.  A leaf certificate whether it has identical issuer
    and subject or whether it is a CA or not is never part of the
    intermediate certificate count.  The handling of all leaf certificates
    must be the same, in the case of our code to post-increment the
    path count by 1, so that we ultimately reach a non-self-issued
    intermediate it will be the first one (not zeroth) in the chain
    of intermediates.
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f)


Summary of changes:
 crypto/x509/x509_vfy.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 3a60d41..61e8192 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -517,15 +517,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
         /* check_purpose() makes the callback as needed */
         if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
             return 0;
-        /* Check pathlen if not self issued */
-        if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
-            && (x->ex_pathlen != -1)
-            && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+        /* Check pathlen */
+        if ((i > 1) && (x->ex_pathlen != -1)
+            && (plen > (x->ex_pathlen + proxy_path_length))) {
             if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
                 return 0;
-        /* Increment path length if not self issued */
-        if (!(x->ex_flags & EXFLAG_SI))
+        /* Increment path length if not a self issued intermediate CA */
+        if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0)
          * If this certificate is a proxy certificate, the next certificate

More information about the openssl-commits mailing list