openssl 1.0 vs 1.1 s_client verify CA cert expiration

nate openssl at linuxpowered.net
Thu Sep 30 16:43:54 UTC 2021 

Hello there

I support an app stack over here and a short time ago one of the devs 
contacted me saying
that they were getting some SSL cert errors connecting to a server.

Investigating things it turns out to be the Let's encrypt CA cert 
expiration that
happened recently, that server is managed by someone else so they are 
trying to
get them to fix it.

While investigating I saw some strange behavioral differences between 
OpenSSL 1.0 and
1.1 specifically regarding checking of the CA cert.

If I run this on OpenSSL 1.0.2g (Ubuntu 16.04)

openssl s_client -connect bad_server_name:443 -servername 
bad_server_name
(the server in question uses SNI)

I get at the end a clear:
Verify return code: 10 (certificate has expired)

If I run on the same OpenSSL:

openssl s_client -connect bad_server_name:443 -servername 
bad_server_name | openssl x509 -noout -dates

I get these dates:
notAfter=Sep 30 14:01:15 2021 GMT
notBefore=Aug 31 17:59:09 2021 GMT
notAfter=Nov 29 17:59:08 2021 GMT

Which clearly shows the expired cert.

If I try the same on OpenSSL 1.1.1f (Ubuntu 20.04), I get only the 
server cert
not the CA cert dates:
notBefore=Aug 31 17:59:09 2021 GMT
notAfter=Nov 29 17:59:08 2021 GMT

Also on the first command there is no error saying the cert is expired 
on OpenSSL 1.1.1f

additional differences it seems 1.1.1f defaults to a verify depth of 2 
and 1.0.2g goes at least
to 3 (perhaps more).

If I add -verify 3 to 1.1.1f to connect the first bit of output is:
verify depth is 3
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
(even if I set verify depth to 10 it doesn't report anything higher than 
the cert above)

However on 1.0.2g I get this as the first bit of output:
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired

Can someone point me to the syntax for 1.1.1f that would get it to 
verify the CA? Or is this
a bug (maybe already fixed in a newer version not sure).

I am unsure why Let's encrypt would allow any certs to be signed with a 
CA cert that
was about to expire(especially given their low cert expiration times) 
but that's their
issue.

thanks

nate

More information about the openssl-users mailing list