[openssl-users] openssl is flexible when verifying

Jeffrey Walton noloader at gmail.com
Sun Apr 5 23:15:13 UTC 2015


On Sun, Apr 5, 2015 at 5:26 PM, Yuting Chen <chenyt at cs.sjtu.edu.cn> wrote:
> I checked some other certificates, and found that some non self-signed
> certificates having duplicate extension instances can be verified by
> openssl. I guess openssl is quite gentle when validating these malformed
> certificates.

Well, I don't think its OpenSSL per se in this instance. The
underlying problem is the malleability in the standard. In this case,
its RFC 5280 and:

    "Applications are not required to verify that key identifiers
    match when performing certification path validation." -
    http://tools.ietf.org/html/rfc5280#section-4.2.1.2

In this case, there could be 1, 2, or 10 of them. And its not required
that OpenSSL actually use any of them in path validation.

(Rejecting a valid path due to an incorrect AKI is a different story).


More information about the openssl-users mailing list