[openssl-users] problems with s_client recognizing revoked intermediate/subordinate ca

Viktor Dukhovni openssl-users at dukhovni.org
Thu Mar 10 22:06:22 UTC 2016

On Thu, Mar 10, 2016 at 10:41:28PM +0100, Jakob Bohm wrote:

> >Any ideas what i could be doing wrong?
> Make sure the intermediary is not included in the "CA storage"
> (hashed or single file) used by the client.  Anything in that
> storage is considered valid and not checked for revocation or
> validity.

This is changing in OpenSSL 1.1.0, and may yet change in a future
OpenSSL 1.0.2 update.  Only the trust-anchor (top-most certificate
from the trust-store) is not checked for expiration or revocation
in OpenSSL 1.1.0.

Intermediate certificates are checked, whether they are from the
trust-store, or acquired from the peer.  To get previous behaviour,
one needs to set the X509_V_FLAG_PARTIAL_CHAIN flag so that the
first certificate found in the trust store becomes the trust-anchor,
and chain construction stops there.

Another way (in OpenSSL 1.1.0) to get an intermediate certificate
to terminate the chain is to decorate it with explicit auxiliary
trust EKUs via the "-trustout" and "-addtrust" options of "openssl
x509", and then add the decorated certificate to the trust store.


More information about the openssl-users mailing list