openssl: X509_verify_cert returns different result with OpenSSL 3.0

X509_verify_cert returns different result with OpenSSL 3.0 than 1.1 and changing chain certificate order changes OpenSSL 3.0 result outcome.

Test Certificate: test.txt Issuer: C=LT, O=VI Registru Centras - I.k. 124110246, OU=Registru Centro Sertifikavimo Centras, CN=VI Registru Centras RCSC (IssuingCA-A) Subject: C=LT, O=VI Registru Centras - I.k. 124110246, OU=Registru Centro Sertifikavimo Centras, CN=VI Registru Centras OCSP (IssuingCA-A) X509v3 Subject Key Identifier: C7:D1:A1:7B:74:F8:1E:9D:DD:AF:10:08:9A:C6:AE:5C:10:FC:D9:63 X509v3 Authority Key Identifier: keyid:4A:4A:CE:E8:D2:C1:D7:88:7C:26:FB:A8:7E:9C:BB:08:40:62:CD:3E

There are three potential issuer CA certs with a matching subject DN in the CAfile, none have an issuer in the CAfile, so verification will fail to find the trust anchor regardless of which is chosen:

chain.txt chain_reverse.txt Certificate: Issuer: C=LT, O=VI Registru Centras - I.k. 124110246, OU=Registru Centro Sertifikavimo Centras, CN=VI Registru Centras RCSC (PolicyCA) Subject: C=LT, O=VI Registru Centras - I.k. 124110246, OU=Registru Centro Sertifikavimo Centras, CN=VI Registru Centras RCSC (IssuingCA-A) X509v3 Subject Key Identifier: 4A:4A:CE:E8:D2:C1:D7:88:7C:26:FB:A8:7E:9C:BB:08:40:62:CD:3E X509v3 Authority Key Identifier: keyid:C3:71:C6:BC:03:A7:97:FF:1D:9B:D4:5D:7F:E3:20:3F:49:42:2C:71

Certificate: Issuer: C=LT, O=VI Registru Centras - I.k. 124110246, OU=Registru Centro Sertifikavimo Centras, CN=VI Registru Centras RCSC (PolicyCA) Subject: C=LT, O=VI Registru Centras - I.k. 124110246, OU=Registru Centro Sertifikavimo Centras, CN=VI Registru Centras RCSC (IssuingCA-A) X509v3 Subject Key Identifier: 7E:46:D5:F1:38:4E:AE:0D:86:A8:49:49:C1:5C:DF:06:8F:EA:BF:93 X509v3 Authority Key Identifier: keyid:C3:71:C6:BC:03:A7:97:FF:1D:9B:D4:5D:7F:E3:20:3F:49:42:2C:71

Certificate: Issuer: C=LT, O=VI Registru Centras - I.k. 124110246, OU=Registru Centro Sertifikavimo Centras, CN=VI Registru Centras RCSC (PolicyCA) Subject: C=LT, O=VI Registru Centras - I.k. 124110246, OU=Registru Centro Sertifikavimo Centras, CN=VI Registru Centras RCSC (IssuingCA-A) X509v3 Subject Key Identifier: 02:17:EB:FE:C0:A7:41:79:97:50:68:3E:5E:18:48:66:42:0D:F8:FA X509v3 Authority Key Identifier: keyid:78:CA:E3:3E:8F:16:B6:D6:9C:B3:06:6A:41:82:19:EE:C8:9F:2F:BB

The first one has matching subject key id, while the last does not. It appears that OpenSSL 1.1.1 is able to find the matching issuer regardlss of of the CAfile order, while OpenSSL 3.0 seems to stop at the first matching subject DN. openssl 1.1 with default chain

openssl verify -CAfile chain.txt -attime 1498620657 test.txt
test.pem: C = LT, O = VI Registru Centras - I.k. 124110246, OU = Registru Centro Sertifikavimo Centras, CN = VI Registru Centras RCSC (IssuingCA-A)
error 2 at 1 depth lookup:unable to get issuer certificate

openssl 1.1 with reverse chain

openssl verify -CAfile chain_reverse.txt -attime 1498620657 test.txt
test.pem: C = LT, O = VI Registru Centras - I.k. 124110246, OU = Registru Centro Sertifikavimo Centras, CN = VI Registru Centras RCSC (IssuingCA-A)
error 2 at 1 depth lookup:unable to get issuer certificate

openssl 3.0 with default chain

openssl verify -CAfile chain.txt -attime 1498620657 test.txt
C = LT, O = VI Registru Centras - I.k. 124110246, OU = Registru Centro Sertifikavimo Centras, CN = VI Registru Centras RCSC (IssuingCA-A)
error 30 at 1 depth lookup: authority and subject key identifier mismatch
error test.pem: verification failed

openssl 3.0 with reverse chain

openssl verify -CAfile chain_reverse.txt -attime 1498620657 test.txt
C = LT, O = VI Registru Centras - I.k. 124110246, OU = Registru Centro Sertifikavimo Centras, CN = VI Registru Centras RCSC (IssuingCA-A)
error 2 at 1 depth lookup: unable to get issuer certificate
error test.pem: verification failed

I think expected result should be same whatever order of chain.

About this issue

Original URL
State: closed
Created 2 years ago
Comments: 27 (15 by maintainers)

Commits related to this issue

x509_vfy.c: Revert the core of #14094 regarding chain_build() error reporting The problem of producing to-the-point diagnostics will be fixed in a follow-up PR. Fixes #18691 — committed to siemens/openssl by DDvO 2 years ago
x509_vfy.c: Revert the core of #14094 regarding chain_build() error reporting The problem of producing to-the-point diagnostics will be fixed in a follow-up PR. Fixes #18691 — committed to siemens/openssl by DDvO 2 years ago
x509_vfy.c: Revert the core of #14094 regarding chain_build() error reporting The problem of producing to-the-point diagnostics will be fixed in a follow-up PR. Fixes #18691 Reviewed-by: Viktor Dukh... — committed to openssl/openssl by DDvO 2 years ago
x509_vfy.c: Revert the core of #14094 regarding chain_build() error reporting The problem of producing to-the-point diagnostics will be fixed in a follow-up PR. Fixes #18691 — committed to siemens/openssl by DDvO 2 years ago
x509_vfy.c: Revert the core of #14094 regarding chain_build() error reporting The problem of producing to-the-point diagnostics will be fixed in a follow-up PR. Fixes #18691 Reviewed-by: Viktor Dukh... — committed to sftcd/openssl by DDvO 2 years ago

Most upvoted comments

I’m going to provide soon a PR that on

OPENSSL_TRACE=X509_VERIFY apps/openssl verify -show_chain -CAfile <(cat vca-cert2.pem vca-cert.pem) vee-cert.pem

will produce:

TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY: X509 chain building start
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:     handling target certificate at depth 0:
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         Subject: CN=server.example
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:          Issuer: CN=CA
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         Serial Number: 2 (0x2)
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         Validity
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             Not Before: Jul  4 18:48:10 2022 GMT
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             Not After : Jul  5 18:48:10 2122 GMT
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         X509v3 Subject Key Identifier: 
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             D8:4A:F9:66:E0:A6:5E:4B:3E:4C:9C:C2:3F:D3:8E:69:FD:FB:B0:BC
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         X509v3 Authority Key Identifier: 
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             7D:3F:C6:10:AC:00:4E:DD:3A:05:B6:98:43:82:EF:3B:C8:CF:CF:A3
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:       checking candidate issuer certificate:
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         Subject: CN=CA
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:          Issuer: CN=Root CA
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         Serial Number: 2 (0x2)
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         Validity
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             Not Before: Jul  4 18:48:10 2022 GMT
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             Not After : Jul  5 18:48:10 2122 GMT
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         X509v3 Subject Key Identifier: 
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             CE:4C:2A:C9:7F:68:18:86:DC:EB:E5:87:79:FE:22:30:47:16:D3:D9
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         X509v3 Authority Key Identifier: 
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             90:26:89:EC:D4:95:36:32:30:D9:16:F1:C8:D1:4A:21:4A:45:40:6D
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:       candidate issuer certificate rejected due to error 30: authority and subject key identifier mismatch
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:       checking candidate issuer certificate:
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         Subject: CN=CA
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:          Issuer: CN=Root CA
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         Serial Number: 2 (0x2)
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         Validity
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             Not Before: Jul  4 18:48:08 2022 GMT
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             Not After : Jul  5 18:48:08 2122 GMT
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         X509v3 Subject Key Identifier: 
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             7D:3F:C6:10:AC:00:4E:DD:3A:05:B6:98:43:82:EF:3B:C8:CF:CF:A3
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         X509v3 Authority Key Identifier: 
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             90:26:89:EC:D4:95:36:32:30:D9:16:F1:C8:D1:4A:21:4A:45:40:6D
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:       candidate issuer certificate accepted
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:     handling further certificate at depth 1:
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         Subject: CN=CA
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:          Issuer: CN=Root CA
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         Serial Number: 2 (0x2)
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         Validity
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             Not Before: Jul  4 18:48:08 2022 GMT
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             Not After : Jul  5 18:48:08 2122 GMT
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         X509v3 Subject Key Identifier: 
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             7D:3F:C6:10:AC:00:4E:DD:3A:05:B6:98:43:82:EF:3B:C8:CF:CF:A3
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:         X509v3 Authority Key Identifier: 
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY:             90:26:89:EC:D4:95:36:32:30:D9:16:F1:C8:D1:4A:21:4A:45:40:6D
TRACE[C0:A7:82:17:41:7F:00:00]:X509_VERIFY: X509 chain building failure
CN=CA
error 2 at 1 depth lookup: unable to get issuer certificate
error vee-cert.pem: verification failed

DDvO on Jul 4, 2022

Looks great! Many thanks.

vdukhovni on Jul 4, 2022