On Thu, Oct 04, 2018 at 02:07:55PM +0200, Peter Magnusson wrote: > Modulus of evilca.pem begins with 00:cd:ba:9f and modulus of > evilserver.pem begins with 00:af:83:6f, so they are different even if > both have Subject: C=SE, ST=EvilServer, L=EvilServer, O=EvilServer, > OU=EvilServer, CN=EvilServer. That's the difference between self-signed and self-issued. The root CA is self-signed. Your previous EE cert would have been self-issued, had it been a CA. But it had CA:FALSE, which makes it not self-issued per RFC5280, as that classification applies only to CAs. > Funnily enough I don't trigger the edge case on regenerated files with > correct Subject information. That's not "funnily enough", that's expected, if my analysis of the problem is correct, i.e. the problem is that the existing code treats even non-CA leaf certs as self-issued provided the subject and issuer match. This throws the path length constraint checks off by 1 in just the case of "self-issued but for the CA bit" EE certs. The proposed patch is intended to resolve that issue. If my analysis is correct (please test any more interesting combinations you can come up with), then the patch should be merged into the existing OpenSSL supported releases and perhaps also related OpenSSL forks (either or both of LibreSSL or BoringSSL that have not changed the code in question). -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
