[openssl-users] openssl is flexible when verifying
noloader at gmail.com
Sun Apr 5 23:15:13 UTC 2015
On Sun, Apr 5, 2015 at 5:26 PM, Yuting Chen <chenyt at cs.sjtu.edu.cn> wrote:
> I checked some other certificates, and found that some non self-signed
> certificates having duplicate extension instances can be verified by
> openssl. I guess openssl is quite gentle when validating these malformed
Well, I don't think its OpenSSL per se in this instance. The
underlying problem is the malleability in the standard. In this case,
its RFC 5280 and:
"Applications are not required to verify that key identifiers
match when performing certification path validation." -
In this case, there could be 1, 2, or 10 of them. And its not required
that OpenSSL actually use any of them in path validation.
(Rejecting a valid path due to an incorrect AKI is a different story).
More information about the openssl-users