In fact I did not use any store (thus openssl should be correct). I just tested the logic (openssl verify -CAfile $ca_file $file) and found that it is a little tricky to find the issuer of a certificate (e.g., name/sn-based, key id based), and the behavior is unpredictable. Sometimes a certificate may have two or more authority key ids (it should be incorrect, but I just produced some certificates to test the logic, and found that the issuer can be found or not found.) Sounds like that the issuer cannot be found because the authority key id of file3.pem does not match with the subject key id of file4.pem. Meanwhile the building strategy is flexible. I also made some certificates contains two or more instances of authority key ids, and the issuer can be found (or sometimes cannot be found). On Sat, Apr 4, 2015 at 2:35 PM, Yuting Chen <chenyt at cs.sjtu.edu.cn> wrote: > In fact I did not use any store (thus openssl should be correct). I just > tested the logic (openssl verify -CAfile $ca_file $file) and found that it > is a little tricky to find the issuer of a certificate (e.g., > name/sn-based, key id based), and the behavior is unpredictable. Sometimes > a certificate may have two or more authority key ids (it should be > incorrect, but I just produced some certificates to test the logic, and > found that the issuer can be found or not found.) > > Sounds like that the issuer cannot be found because the authority key id > of file3.pem does not match with the subject key id of file4.pem. Meanwhile > the building strategy is flexible. I also made some certificates contains > two or more instances of authority key ids, and the issuer can be found (or > sometimes cannot be found). > > On Sat, Apr 4, 2015 at 1:22 PM, Jeffrey Walton <noloader at gmail.com> wrote: > >> > What makes you think it is incorrect to check the Key >> > Identifier (where present) before checking a signature >> > against a key? >> >> An X.509 certificate does one thing: it binds a public key to an >> identity. In PKI, a public key alone means nothing because trust is >> placed in principals or issuers. >> >> In end entity certificate, you don't need the Issuer DN and AKI >> because they are disjoint and uncertified. You need the issuing >> certificate with a valid signature. But it would be helpful to find >> the issuer's certificate easily. >> >> If the AKI is missing, wrong or a duplicate, then it just means that >> you lost the ability to find an issuing certificate easily. >> >> OpenSSL could be more flexible or friendly in its building strategy. >> But that could move into the "which directory" problem rather quickly. >> >> If Yuting Chen provided a store with the required certificates, then >> OpenSSL is probably incorrect. Chen's original email does not detail >> it, so its hard to say at the moment. >> >> > What other reasonable purpose could the Key Identifier >> > fields serve? >> >> Its a hint to help find the issuing certificate. Its supposed to be >> used when an issuer has multiple signing keys. >> >> The AKI does not need to be a key identifier. It can also be be the { >> Issuer DN, Serial Number } pair of the issuer's certificate. >> >> Jeff >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150404/c82904f1/attachment.html>