I did a little debugging and managed to fix on my end. The issue is now resolved. There's nothing wrong with OpenSSL1.0.0's handling of nameConstraints. It just Rocks!
For those who might run into the same problem i'll explain more.
Debugging revealed the problem to be in the following area:
Breakpoint 2, nc_dn (nm=0x8269a98, base=0x8268b38) at
v3_ncons.c:378
378 {
(gdb) p nm->canon_enc
$5 = (unsigned char *) 0x826a590 "1\r0\v\006\003U\004\n\f
\004good1\r0\v\006\003U\004\003\f\004good"
(gdb) p base->canon_enc
$6 = (unsigned char *) 0x826aab0 "1\r0\v\006\003U\004\003\f
\004good1\r0\v\006\003U\004\n\f\004good"
(gdb) n
386 if (memcmp(base->canon_enc, nm->canon_enc,
base->canon_enclen))
(gdb) n
387 return X509_V_ERR_PERMITTED_VIOLATION;
(gdb)
The above shows that the provided DN and the allowed one seem out of
order. Look at $5 and $6.
So i took another look at the target cert and the nameConstraint in the
signing cert:
> X509v3 Name Constraints: critical
> Permitted:
> DirName: CN = Good, O = good
> Subject: O=good, CN=Good
Look how the order of CN and O are transposed in these entries.
Now whether that is legitimate or not it remains.
Regardless, as soon as I fixed my nameConstraint to:
[ permitted_trust_ca_DN ]
O=good
CN=Good
The problem went away.
I revised my script to have a good test case and a failed one.
The latest are attached for those who may benefit from this.
Thanks to Victor Duchovni and Dr. Stephen Henson for providing guidance and
help.
jeff
On Sat, 2010-06-05 at 20:27 -0400, jeff wrote:
> I tested this openssl 1.0.0. Error 34 is gone now but now error 47 shows
> up which shows the name constraint is being applied. However, it's being
> applied or verified in a way that I don't understand.
> To show you I have simplified the test. Generating only one end
> certificate and specifying one very simple name constraint.
> The name constraint is chosen in a way to eliminate an guess work and
> unspecified matching requirements.
>
> Here are some relevant output. The test scripts are attached.
>
> Command output:
> $ ./testnameconst.sh 2>/dev/null
> OpenSSL 1.0.0a 1 Jun 2010
> error 47 at 0 depth lookup:permitted subtree violation
> ERROR: Good cert should have been verified but it didn't
>
> End entity (Good) cert:
> Version: 3 (0x2)
> Serial Number: 17 (0x11)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=US, CN=SUB CA
> Subject: O=good, CN=Good
> X509v3 extensions:
> X509v3 Basic Constraints: critical
> CA:FALSE
> X509v3 Key Usage: critical
> Digital Signature, Key Encipherment, Key Agreement
> X509v3 Extended Key Usage:
> TLS Web Client Authentication
>
>
> subCA cert:
> Version: 3 (0x2)
> Serial Number: 1 (0x1)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: CN=Root CA, C=US
> Validity
> Not Before: Jun 5 03:10:07 2010 GMT
> Not After : Jun 5 03:10:07 2011 GMT
> Subject: C=US, ST=NY, O=SubCa, CN=SubCA
>
> X509v3 extensions:
> X509v3 Key Usage: critical
> Certificate Sign, CRL Sign
> X509v3 Basic Constraints: critical
> CA:TRUE, pathlen:0
> d
>
>
>
> This email contains Morega Systems Inc. Privileged and Confidential
> information.
This email contains Morega Systems Inc. Privileged and Confidential information.# OpenSSL configuration file for NameConstraint Test # HOME = . RANDFILE = $ENV::HOME/.rnd [ ca ] default_ca = CA_default [ CA_default ] dir = . new_certs_dir = $dir/ crl_dir = $dir/ database = $dir/index certificate = $dir/rootcacert.pem serial = $dir/serial private_key = $dir/rootcakey.pem RANDFILE = $dir/.rand x509_extensions = cert_ext unique_subject = no name_opt = ca_default cert_opt = ca_default default_crl_days= 30 default_days = 365 default_md = sha1 preserve = no policy = policy_default email_in_dn = no msie_hack = no copy_extensions = none [ policy_default ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 1024 default_keyfile = ./rootcakey.pem default_md = sha1 prompt = no distinguished_name = root_ca_distinguished_name string_mask = nombstr [ root_ca_distinguished_name ] commonName = Root CA countryName = US [ cert_ext ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always basicConstraints = critical,CA:FALSE keyUsage = critical, keyCertSign, cRLSign extendedKeyUsage=clientAuth [ root_ca_ext ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always keyUsage = critical, keyCertSign, cRLSign basicConstraints = critical,CA:TRUE [ trusted_ca_ext ] # Extensions for the Sub CA subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always keyUsage = critical, keyCertSign, cRLSign basicConstraints = critical,CA:TRUE,pathlen:0 nameConstraints = critical,@name_const_section [ name_const_section ] #excluded;dirName=excluded_trust_ca_DN permitted;dirName=permitted_trust_ca_DN [ excluded_trust_ca_DN ] O=bad [ permitted_trust_ca_DN ] O=good #CN=Good
# OpenSSL configuration file for NameConstraint Test # HOME = . RANDFILE = $ENV::HOME/.rnd [ ca ] default_ca = SUBCA_default [ SUBCA_default ] dir = . new_certs_dir = $dir/ crl_dir = $dir/ database = $dir/subcaindex certificate = $dir/subcacert.pem serial = $dir/subcaserial private_key = $dir/subcakey.pem RANDFILE = $dir/.rand x509_extensions = cert_ext unique_subject = no name_opt = ca_default cert_opt = ca_default default_crl_days= 30 default_days = 365 default_md = sha1 preserve = no policy = policy_default email_in_dn = no msie_hack = no copy_extensions = none [ policy_default ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 1024 default_keyfile = ./subcakey.pem default_md = sha1 prompt = no distinguished_name = sub_ca_distinguished_name string_mask = nombstr [ sub_ca_distinguished_name ] commonName = SUB CA countryName = US [ cert_ext ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always basicConstraints = critical,CA:FALSE keyUsage = critical,digitalSignature, keyEncipherment, keyAgreement extendedKeyUsage=clientAuth
testnameconst.sh
Description: application/shellscript
