[openssl-users] Extended key usage keyAgreement bit in certificate
John Foley
foleyj at cisco.com
Wed Jul 22 12:47:18 UTC 2015
The following commit changed the behavior of checking the extended key
usage bits in a server certificate when using X509_PURPOSE_SSL_SERVER:
http://marc.info/?l=openssl-cvs&m=132759007026375&w=2
This commit was put into 1.0.2 on April 6, 2012. Therefore, 1.0.1 and
1.0.2 behave differently in this regard. When using 1.0.2, the server
certificate needs to include the keyAgreement bit. Otherwise the client
will reject the server certificate when checking the purpose
(X509_PURPOSE_SSL_SERVER).
Does this behavior in 1.0.2 comply with RFC 5246? Reading section 7.4.2
on pages 47/48, the server certificate should include the keyAgreement
bit when using DH key exchange cipher suites. The wording on page 48 is:
DH_DSS Diffie-Hellman public key; the keyAgreement bit
DH_RSA MUST be set if the key usage extension is
present.
Given there's no other mention of using the keyAgreement bit in RFC
5246, does this imply the keyAgreement bit doesn't need to be set when
not using a DH cipher suite? Given the commit noted above will always
check the keyAgreement bit, and the logic in v3_purp.c is unaware of the
negotiated cipher suite, would this be considered a bug? If not, would
it be appropriate to back-port this commit to 1.0.1 so that we would
have consistent behavior between 1.0.1 and 1.0.2?
More information about the openssl-users
mailing list