"Diego R. Lopez" wrote:
>
> [EMAIL PROTECTED] said:
> > A standard property of certificates is that the issuer name and serial
> > number must be unique.
>
> > The Authority Key Identifier extension is used as a means of uniquely
> > identifying the issuing authority. One way it does this is to use the
> > issuer name and serial number of the issuing authority.
>
> > The subject name of the issuer certificate is already available in the
> > issuer name of the subject certificate. If merely used this then it
> > would be duplicating information.
>
> I'm sorry but I cannot get your point. I agree on that the issuer name plus
> serial number must be unique. I also agree on that the subject name of the
> issuer certificate is already in the issuer name of the subject
> certificate and there is no need to gert it again.
>
> What I cannot get is why the name inside the Authority key identifier of
> the candidate subject must match the issuer of the issuer certificate.
Because it is used as a way of uniquely identifying the issuing
authority, in cases where the candidate issuing authorities have the
same subject name.
If it contained the subject name of the issuing certificate then it
would just contain a subject name and serial number which need not be
unique.
To give a quick example:
CA1:
subject CN=sub CA
issuer CN=Root CA number 1
serial 01
CA2:
subject CN=sub CA
issuer CN=Root CA number 2
serial 01
is permitted. If we now have a user certificate:
user:
subject CN=my user
issuer CN=sub CA
serial 02
Now the authority keyid in this user certificate might contain:
issuer = Root CA number 1
serial = 01
This uniquely identifies the issuing authoritys certificate.
If instead it had the subject name of its issuing certificate it would
have:
issuer = sub CA
serial = 01
which is identical for both candidate potential CAs.
> The certificates we are trying to verify are also generated using
> openSSL and they contain (in the Authority key identifier) the name
> of their issuer (not the one of the issuer for their issuer's cert as
> you seem to suggest).
Which version of OpenSSL was used to generate these certificates?
Current versions certainly use the issuing authorities issuer name and
serial number. In v3_akey.c:
cert = ctx->issuer_cert;
...
if((issuer && !ikeyid) || (issuer == 2)) {
isname = X509_NAME_dup(X509_get_issuer_name(cert));
serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
if(!isname || !serial) {
X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
goto err;
}
}
I'm not sure whether its possible to get past the checks in the OpenSSL
utilities somehow and pass an invalid issuing certificate and get an
incorrect value in the extension that way.
> So there seems to be an error either in the extension generation functions
> (I don`t think so) or in the verification functions.
>
Although I don't recall a bug in this area I'll check to see if any
older versions of OpenSSL wrongly used the subject name of the issuer
certificate.
> Please, would you have a look on the files and cert paths I attached to
> my previous message and tell me why (without the patch I propose) the
> verification fails?
>
OK, I'll have a look at them.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
