[openssl-users] Unexpected behavior in certificate hostname check

Viktor Dukhovni openssl-users at dukhovni.org
Tue Sep 18 21:49:41 UTC 2018

> On Sep 18, 2018, at 5:27 PM, ⁨דרור מויל⁩ <⁨moyaldror at gmail.com⁩> wrote:
> I'm experiencing some unexpected (in my opinion - and I might be in the wrong here) behavior in hostname checking the OpenSSL CLI utils.

The default behaviour follows:


which says:

   As noted, a client MUST NOT seek a match for a reference identifier
   of CN-ID if the presented identifiers include a DNS-ID, SRV-ID,
   URI-ID, or any application-specific identifier types supported by the

> I'm trying to verify the hostname of a certificate which has CN=mysite.com and altSubj=localhost (was generated by pyca/cryptography example - https://cryptography.io/en/latest/x509/tutorial/#creating-a-self-signed-certificate) and the check always fails on hostname mismatch.

Your certificate is poorly crafted it must list all the desired domains in the
subjectAltName extension, and then may repeat one of them in the Subject CN as
a fallback for legacy software.

> The thing is, that when the flags=0, X509_check_host will call do_X509_check
> that will verify only the altSubjNames and not the CN in the Subj.

As expected.

> I tried to find a way to set the flags to X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
> using a CLI flag or config but there is no such option.
> Was it meant to work like this? am I missing something?

Obtain a properly crafted certificate and all will be well.
The host flags, are not IIRC exposed via the CLI.  Good luck.


More information about the openssl-users mailing list