AW: [EXTERNAL] Stricter pathlen checks in OpenSSL 1.1.1 compared to 1.0.2?.

Viktor Dukhovni openssl-users at
Fri Sep 16 12:43:38 UTC 2022

On Fri, Sep 16, 2022 at 08:32:27AM +0000, Andrew Lynch via openssl-users wrote:

> So is this a possible bug or a feature of OpenSSL 1.1.1?  (using
> 1.1.1n right now)

OpenSSL 1.1.1 is doing the right thing.

> If I set up the content of CAfile or CApath so that E <- D <- C <- A
> is the only path that can be taken then the validation fails with

There are two intermediate CA certificates (C and D) in this path.  This
path should be rejected when the path length constraint of A is set to 1.

> If I create the first root certificate (A) with pathlen:2 instead of
> pathlen:1 then validation succeeds

As expected.

> So it appears to me that OpenSSL 1.1.1n is definitely taking the
> pathlen constraint of certificate A into account.

As expected.  While A's self-signed certificate is not counted in the
path length, its path length constraint is honoured and applied to the
rest of the non-EE (and not self-issued) CA certificates in the chain.

On Fri, Sep 16, 2022 at 12:23:12PM +0000, Corey Bonnell via openssl-users wrote:

> Can you provide the actual subject DNs for each certificate? RFC 5280
> specifies that self-issued certificates (i.e., issuer DN == subject
> DN) are not considered in the pathLen calculation, so knowing whether
> these certificates are self-issued or not may be helpful in better
> diagnosing the issue.

There's no need.  Everything is working as expected.


More information about the openssl-users mailing list