On Mon, Apr 06, 2015 at 06:40:28PM +0200, Erwann Abalea wrote: > >What makes you think it is incorrect to check the Key > >Identifier (where present) before checking a signature > >against a key? > > Because the presented file4.pem is a valid issuer certificate for the one > found in file3.pem? > RFC5280 section 6.1 gives the validation algorithm, and the Key Identifier > isn't mentioned. > 6.1.3(a) checks for signature, validity, revocation status, and names (i.e. > that issuercert.subjectName = cert.issuerName). > > You're not supposed to follow exactly the same algorithm (or the one > described in X.509), but whatever you choose, the result MUST be equivalent. On the other hand issuers should not issue certificates whose AKID keyid does not match the subject key identifier of the issuer CA. OpenSSL has been checking this condition for two decades at least, and changing this is an incompatible change that cannot be made in any releases prior to 1.1.0 (not yet released). Even then, I am not convinced that the proposed change is warranted. -- Viktor.