[openssl-users] openssl verify accepting CA certs issued by intermediate with CA:TRUE, pathlen:0

Viktor Dukhovni openssl-users at dukhovni.org
Thu Oct 4 10:25:48 UTC 2018 

On Wed, Oct 03, 2018 at 07:16:51PM +0200, Peter Magnusson wrote:

> The following test case attempts to validates evilserver.pem, issued
> by evilca.pem.

More specifically, we see that in this test the leaf server certificate
has the same subject and issuer, so EXFLAG_SI is set for that
certificate, and it did not count in the path length:

    $ /usr/local/bin/openssl verify -show_chain -verbose -trusted root.pem -untrusted untrusted.pem evilserver.pem  
    evilserver.pem: OK
    Chain:
    depth=0: C = SE, ST = EvilServer, L = EvilServer, O = EvilServer, OU = EvilServer, CN = EvilServer (untrusted)
    depth=1: C = SE, ST = EvilServer, L = EvilServer, O = EvilServer, OU = EvilServer, CN = EvilServer (untrusted)
    depth=2: C = SE, ST = Intermediate, O = Intermediate, OU = Intermediate, CN = Intermediate (untrusted)
    depth=3: C = SE, ST = Root, L = Root, O = Root, OU = Root, CN = Root

but this corner-case is not correct, the concept of "self-issued"
only applies to CAs, so for the leaf to be skipped it would have
the be a self-issued CA.  Try the patch below:

-- 
	Viktor.

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 3a60d412da..77ca325d54 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -445,6 +445,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
     int i, must_be_ca, plen = 0;
     X509 *x;
     int proxy_path_length = 0;
+    int is_ca;
     int purpose;
     int allow_proxy_certs;
     int num = sk_X509_num(ctx->chain);
@@ -484,7 +485,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                                 X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED))
                 return 0;
         }
-        ret = X509_check_ca(x);
+        ret = is_ca = X509_check_ca(x);
         switch (must_be_ca) {
         case -1:
             if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
@@ -524,8 +525,8 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
             if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
                 return 0;
         }
-        /* Increment path length if not self issued */
-        if (!(x->ex_flags & EXFLAG_SI))
+        /* Increment path length if not a self issued CA */
+        if (!(is_ca && x->ex_flags & EXFLAG_SI))
             plen++;
         /*
          * If this certificate is a proxy certificate, the next certificate

More information about the openssl-users mailing list