[openssl-dev] [openssl.org #3886] [BUG] [PATCH] verify fails for 3-level cert chain when using X509v3 Authority Key Identifier
John Lofgren via RT
rt at openssl.org
Mon Jun 1 15:20:34 UTC 2015
Erwann, thank you for the explanation. This makes sense now. I looked at
the spec and now I understand the purpose the AKI.authorityCertIssuer. What
made me misunderstand this in the first place is that 'openssl x509 -text
...' gives no indication that this field is the name of the issuer's
issuer. It only says "DirName":
>>>
X509v3 Authority Key Identifier:
keyid:21:83:24:4A:59:07:DB:D4:17:2A:29:3C:13:8E:52:B1:EE:09:58:D3
DirName:/C=US/O=OpenSSL/CN=openssl verify chain bug
Intermediate CA
serial:DC:71:66:B4:3A:50:5A:BE
<<<
One remaining question. If this extension is "only a helper and MUST NOT be
used to (in)validate a certificate chain" as you say or as the spec says
"non-critical", then why does 'openssl verify' reject this chain?
Thanks,
John
On Mon, Jun 1, 2015 at 3:32 AM, Erwann Abalea via RT <rt at openssl.org> wrote:
> Bonjour,
>
> > Le 30 mai 2015 à 09:48, John Lofgren via RT <rt at openssl.org> a écrit :
> >
> > I believe I have pinpointed a typo-error that may be the cause of one or
> > two other outstanding bugs related to certificate chain validation. This
> > bug only occurs in a chain of certs at least 3 deep when the certs use
> > the X509v3 Authority Key Identifier extension.
> >
> > I am attaching a chain of 3 certs that verifies using the Windows
> > Certificate Manager, but fails to verify in versions 1.0.1, 1.0.1c and
> > 1.0.1m.
> >
> > Example failure command:
> > openssl verify -CAfile openssl-verify-chain-bug-CA.crt -untrusted
> > openssl-verify-chain-bug-IM-CA.crt openssl-verify-chain-bug-CS.crt
>
> This chain is malformed.
> In -bug-CS.crt certificate, the AKI.issuername should be "C=US, O=OpenSSL,
> CN=openssl verify chain bug Root CA » instead of « C=US, O=OpenSSL,
> CN=openssl verify chain bug Intermediate CA ».
>
> Microsoft doesn’t choke on it because this extension is only a helper and
> MUST NOT be used to (in)validate a certificate chain.
>
> > If have also provided a one line patch to crypto/x509v3/v3_purp.c. I
> > believe the error is due to a simple typo. The function X509_check_akid()
> > is meant to compare the keyID, serial number, and issuer name between a
> > cert and its issuer cert. The keyID and serial number compares are
> working
> > correctly. However, when comparing the issuer name, instead of comparing
> > the cert's issuer name to the issuer cert's subject name, it is comparing
> > to the issuer cert's *issuer* name. i.e. instead of comparing to the
> > parent name, it is comparing to the grandparent name.
>
> AKI is a helper to identify the issuer certificate. A certificate can
> uniquely be specified by its issuer name and serial number. Therefore, the
> AKI MUST contain the issuer’s issuer name and the issuer’s serial number.
>
>
>
More information about the openssl-dev
mailing list