Fwd: basic constraints check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hi ,

We are using openssl 1.0.2j and have 3 level certificates like this. 
root  CA --> intermediate 01 CA-->intermediate02 CA -->Server certificate. 

We generated intermediate02 such that it has "basicConstraints" extension and "keyUsage" missing. Now we used this intermediate 02 CA to sign server certificate. 

We have uploaded the CA certificates on the client side in the trust store. 
When a connection is made using openssl s_client / curl, we see that connection goes through successfully and the certificate chain is verified successfully OK. 

We expected the verification to fail as one of the certificate in the chain has "basicConstraints" missing. But openssl allows it. Is this the right behaviour ? 

If we need to have this check in place how to go about it . ?


Thanks,
Sandeep

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux