[openssl-dev] [openssl.org #3637] [PATCH] x509: skip certs if in alternative cert chain

[Matt Caswell via RT]

On Thu Dec 18 15:31:48 2014, fedor at indutny.com wrote:
> In situations like [0] the server may provide alternative certificate
> chain, which is no longer valid in the current certificate store. In
> fact the issuer of the leaf (or some intermediate) cert is known and
> trusted, but the alternative chain certs that are sent by server are
> not trusted, thus leading to `ctx->get_issuer(...)` return 0.
>
> This patch changes the default behavior from "borking out the whole sent
> chain" to "pop as much certs as needed to make it work".
>
> Basically, it pops the last cert and checks if the previous has known
> issuer.
>
> [0]: https://bugzilla.mozilla.org/show_bug.cgi?id=986005#c4

Hi Fedor

As per my email on openssl-dev here are some notes on the patch submitted with
this ticket:
The patch changes the state that the chain is left in within ctx in the event
of an error. As this is a public API function this is a problem as it could
break applications that depend on the behaviour. This function is actually
called from server code when constructing the cert chain. The behaviour change
above breaks the cert chain construction. Also the value of "num" is
incorrectly handled so that error messages are incorrect...usually returning
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT. Finally the code goes into a loop in the
event that it encounters an orphaned non-root cert in the cert store. The loop
would be infinite except that the incorrect handling of num above means that it
eventually escapes when the max depth is reached. As mentioned on openssl-dev I
have an alternative patch with the same goal that addresses this issue. I am
going to leave this ticket open until such time as that patch is in master.

Matt