[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

Viktor Dukhovni viktor at openssl.org
Thu Oct 18 04:45:17 UTC 2018

The branch OpenSSL_1_0_2-stable has been updated
       via  35cf781c20b65e51c6d0d3e9a199e74534b60b4a (commit)
       via  c8ce9e50d50af58d878d81522a3d592c00a17ba0 (commit)
      from  b1016c96dbb7a8d9b724f34656e0b2aae9e54cfe (commit)

- Log -----------------------------------------------------------------
commit 35cf781c20b65e51c6d0d3e9a199e74534b60b4a
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date:   Mon Oct 8 12:05:14 2018 -0400

    Apply self-imposed path length also to root CAs
    Also, some readers of the code find starting the count at 1 for EE
    cert confusing (since RFC5280 counts only non-self-issued intermediate
    CAs, but we also counted the leaf).  Therefore, never count the EE
    cert, and adjust the path length comparison accordinly.  This may
    be more clear to the reader.
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit dc5831da59e9bfad61ba425d886a0b06ac160cd6)

commit c8ce9e50d50af58d878d81522a3d592c00a17ba0
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date:   Thu Oct 4 23:53:01 2018 -0400

    Only CA certificates can be self-issued
    At the bottom of https://tools.ietf.org/html/rfc5280#page-12 and
    top of https://tools.ietf.org/html/rfc5280#page-13 (last paragraph
    of above https://tools.ietf.org/html/rfc5280#section-3.3), we see:
       This specification covers two classes of certificates: CA
       certificates and end entity certificates.  CA certificates may be
       further divided into three classes: cross-certificates, self-issued
       certificates, and self-signed certificates.  Cross-certificates are
       CA certificates in which the issuer and subject are different
       entities.  Cross-certificates describe a trust relationship between
       the two CAs.  Self-issued certificates are CA certificates in which
       the issuer and subject are the same entity.  Self-issued certificates
       are generated to support changes in policy or operations.  Self-
       signed certificates are self-issued certificates where the digital
       signature may be verified by the public key bound into the
       certificate.  Self-signed certificates are used to convey a public
       key for use to begin certification paths.  End entity certificates
       are issued to subjects that are not authorized to issue certificates.
    that the term "self-issued" is only applicable to CAs, not end-entity
    certificates.  In https://tools.ietf.org/html/rfc5280#section-
    the description of path length constraints says:
       The pathLenConstraint field is meaningful only if the cA boolean is
       asserted and the key usage extension, if present, asserts the
       keyCertSign bit (Section  In this case, it gives the
       maximum number of non-self-issued intermediate certificates that may
       follow this certificate in a valid certification path.  (Note: The
       last certificate in the certification path is not an intermediate
       certificate, and is not included in this limit.  Usually, the last
       certificate is an end entity certificate, but it can be a CA
    This makes it clear that exclusion of self-issued certificates from
    the path length count applies only to some *intermediate* CA
    certificates.  A leaf certificate whether it has identical issuer
    and subject or whether it is a CA or not is never part of the
    intermediate certificate count.  The handling of all leaf certificates
    must be the same, in the case of our code to post-increment the
    path count by 1, so that we ultimately reach a non-self-issued
    intermediate it will be the first one (not zeroth) in the chain
    of intermediates.
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit ed422a2d0196ada0f5c1b6e296f4a4e5ed69577f)


Summary of changes:
 crypto/x509/x509_vfy.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 749768e..da778d4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -694,10 +694,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                     goto end;
-        /* Check pathlen if not self issued */
-        if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
-            && (x->ex_pathlen != -1)
-            && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+        /* Check pathlen */
+        if ((i > 1) && (x->ex_pathlen != -1)
+            && (plen > (x->ex_pathlen + proxy_path_length))) {
             ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
             ctx->error_depth = i;
             ctx->current_cert = x;
@@ -705,8 +704,8 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
             if (!ok)
                 goto end;
-        /* Increment path length if not self issued */
-        if (!(x->ex_flags & EXFLAG_SI))
+        /* Increment path length if not a self issued intermediate CA */
+        if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0)
          * If this certificate is a proxy certificate, the next certificate

More information about the openssl-commits mailing list