[openssl-users] problems with s_client recognizing revoked intermediate/subordinate ca

Viktor Dukhovni openssl-users at dukhovni.org
Fri Mar 11 05:54:57 UTC 2016

On Fri, Mar 11, 2016 at 06:16:45AM +0100, Jakob Bohm wrote:

> >They are not trust-anchors, so absent an issuer higher up, they
> >are not sufficient to establish a "chain of trust", unless the
> >application enables "partial chain" support.
> Ok, that reverses the fundamental assumption behind all my
> previous posts (including post #2 in this thread).  Why didn't
> you state this earlier.

I thought I did, but miscommunication by email is all too easy.
Sorry about that.  Intermediate certificates in the trust store
are only fully trusted if either:

    * The application enables partial-chain support, which is
      not advisable in most cases.

    * The intermediate certificate is augmented (decorated)
      with auxiliary trust OIDs that match the required "purpose".

Absent augmentation as a "trusted certificate" for a given purpose,
and with the application not enabling "partial chain" semantics,
intermediate certs from the store just augment missing certificates
from the wire, and should be verified in the same manner.  The
changes I want to backport from 1.1.0 ensure identical treatment
of untrusted intermediates regardless of provenance.


More information about the openssl-users mailing list