reg: question about SSL server cert verification

Viktor Dukhovni openssl-users at
Fri Jun 18 15:07:43 UTC 2021

On Fri, Jun 18, 2021 at 03:09:47PM +0200, Jakob Bohm via openssl-users wrote:

> Now the client simply works backwards through that list, checking if
> each certificate signed the next one or claims to be signed by a
> certificate in /etc/certs.  This lookup is done based on the complete
> distinguished name, not just the CN part of it.  At every step, the
> certificate may be referenced by a "key identifier" instead of the
> distinguished name, and some clients will compare that instead of the
> distinguished name.

All extant (non-EOL) OpenSSL releases prioritise the local trust-store
over the remotely provided CA certificate list when building the
certificate chain.  The remote chain is used only when no match is found
in the trust store.  As as a matching issuer is found in the trust store
all further lookups are from the trust store only.

If the local trust store contains only "root CAs", and the remote peer
provides the rest of the chain, with no overlap in the subject
distinguished names, the behaviour is not observably different from
Jakob's description.

Differences are observed once the local trust store contains some
intermediate certificates or the remote chain provides a cross cert for
which the local store instead contains a corresponding (same subject
name and keyid) self-signed root, or the cross cert is in the local
store, but the remote peer sends a root.  In all such cases chain
construction uses the certs from the trust store.  This tends to produce
less surprising (and ideally better, or at least what you implicitly
asked for) results.


More information about the openssl-users mailing list