[openssl-users] Certificate Verify and non-root Trust Anchors

Viktor Dukhovni openssl-users at dukhovni.org
Tue Dec 12 01:04:30 UTC 2017

> On Dec 11, 2017, at 7:41 PM, Dr. Pala <madwolf at openca.org> wrote:
> Does it matter that we are not in the TLS case?

No, the issue is not TLS-specific.

> IMHO, the correct (or, better, the expected) behavior (from a developer's standpoint) would be to trust keys in the trusted certificates list, no matter if they are in the form of a Self-Signed or non-Self-Signed certificate - after all, it is a Trust Anchor --> just a Public Key :D

Intermediate CAs in the trust store were historically used just
to augment the peer's chain in case they were left out, and not
necessarily to signal independent trust in the intermediate CA.

The new flag makes it possible to indicate that you fully trust
also the intermediate CAs in the trust store.

With OpenSSL 1.1.0 or later, you can also decorate intermediate
CAs with explicit auxiliary trust EKUs and instead of storing
Such intermediate CAs will work also for applications that don't
set X509_V_FLAG_PARTIAL_CHAIN.  That, together with the change
to default X509_V_FLAG_TRUSTED_FIRST, makes it possible to deploy
trusted intermediates with no application code changes.

Which reminds me, with OpenSSL 1.0.2 you should also set
X509_V_FLAG_TRUSTED_FIRST.  We did not backport that default
change to the stable 1.0.2 release out of caution, but it is
I think a more sensible default behaviour.


More information about the openssl-users mailing list