Erwann, thank you for the explanation. This makes sense now. I looked at the spec and now I understand the purpose the AKI.authorityCertIssuer. What made me misunderstand this in the first place is that 'openssl x509 -text ...' gives no indication that this field is the name of the issuer's issuer. It only says "DirName":
>>> X509v3 Authority Key Identifier: keyid:21:83:24:4A:59:07:DB:D4:17:2A:29:3C:13:8E:52:B1:EE:09:58:D3 DirName:/C=US/O=OpenSSL/CN=openssl verify chain bug Intermediate CA serial:DC:71:66:B4:3A:50:5A:BE <<< One remaining question. If this extension is "only a helper and MUST NOT be used to (in)validate a certificate chain" as you say or as the spec says "non-critical", then why does 'openssl verify' reject this chain? Thanks, John On Mon, Jun 1, 2015 at 3:32 AM, Erwann Abalea via RT <r...@openssl.org> wrote: > Bonjour, > > > Le 30 mai 2015 à 09:48, John Lofgren via RT <r...@openssl.org> a écrit : > > > > I believe I have pinpointed a typo-error that may be the cause of one or > > two other outstanding bugs related to certificate chain validation. This > > bug only occurs in a chain of certs at least 3 deep when the certs use > > the X509v3 Authority Key Identifier extension. > > > > I am attaching a chain of 3 certs that verifies using the Windows > > Certificate Manager, but fails to verify in versions 1.0.1, 1.0.1c and > > 1.0.1m. > > > > Example failure command: > > openssl verify -CAfile openssl-verify-chain-bug-CA.crt -untrusted > > openssl-verify-chain-bug-IM-CA.crt openssl-verify-chain-bug-CS.crt > > This chain is malformed. > In -bug-CS.crt certificate, the AKI.issuername should be "C=US, O=OpenSSL, > CN=openssl verify chain bug Root CA » instead of « C=US, O=OpenSSL, > CN=openssl verify chain bug Intermediate CA ». > > Microsoft doesn’t choke on it because this extension is only a helper and > MUST NOT be used to (in)validate a certificate chain. > > > If have also provided a one line patch to crypto/x509v3/v3_purp.c. I > > believe the error is due to a simple typo. The function X509_check_akid() > > is meant to compare the keyID, serial number, and issuer name between a > > cert and its issuer cert. The keyID and serial number compares are > working > > correctly. However, when comparing the issuer name, instead of comparing > > the cert's issuer name to the issuer cert's subject name, it is comparing > > to the issuer cert's *issuer* name. i.e. instead of comparing to the > > parent name, it is comparing to the grandparent name. > > AKI is a helper to identify the issuer certificate. A certificate can > uniquely be specified by its issuer name and serial number. Therefore, the > AKI MUST contain the issuer’s issuer name and the issuer’s serial number. > > > _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev