TLS clientAuth requires ExtKeyUsageClientAuth through whole certificate chain

rfis...@gmail.com

unread,

Jan 2, 2014, 12:52:45 AM1/2/14

to golan...@googlegroups.com

This is a repost of an SO question: http://stackoverflow.com/questions/20875626/tls-clientauth-requires-extkeyusageclientauth-through-whole-certificate-chain

I'm trying out TLS client authentication using go. It worked fine when I created a simple self-signed client certificate with ExtKeyUsageClientAuth set, but when a client tries to connect with a longer certificate chain:

CA -> intermediate -> client

I get the following error: x509: certificate specifies an incompatible key usage

The relevant calls are

handshake_server.go: processCertsFromClient()

verify.go: checkChainForKeyUsage()

and if I'm reading the code right it looks like every single certificate in my chain must have the client auth extended key set.

I'm no x509 expert but that seems like a strange requirement, I've never seen a CA or an intermediate certificate that had client auth set. I don’t see how can you be expected to configure a long lived CA to handle all possible future key usages.

So where's the mistake?

I can think of a few possibilities

I don’t understand TLS (likely)
my assumption that client auth works much like server auth is wrong
I’m reading the code wrong
my tls server is misconfigured
golang's TLS client auth implementation is wrong

alan...@gmail.com

unread,

Jan 4, 2014, 8:13:36 PM1/4/14

to golan...@googlegroups.com, rfis...@gmail.com

On Thursday, January 2, 2014 12:52:45 AM UTC-5, rfis...@gmail.com wrote:

and if I'm reading the code right it looks like every single certificate in my chain must have the client auth extended key set.

I'm no x509 expert but that seems like a strange requirement, I've never seen a CA or an intermediate certificate that had client auth set. I don’t see how can you be expected to configure a long lived CA to handle all possible future key usages.

Yes, the whole chain needs to be compatible with the client-auth EKU. Most CA certificates either don't specify a key usage, or explictly use the 'any' usage, which is good enough[1].

If you have an explicit chain which you should should be verifying but isn't, please let me know.

[1] http://tip.golang.org/src/pkg/crypto/x509/verify.go#L431

Cheers

AGL

Rhythmic Fistman

unread,

Jan 11, 2014, 12:05:11 AM1/11/14

to alan...@gmail.com, golan...@googlegroups.com

I changed my CAs to include any usage but in the version of go I have client authentication still fails as the continue statement in checkChainForKeyUsage is not breaking out of the right for loop. Continuing to the outer loop fixes the problem.

I see that this bug was fixed on the 10th of December 2013. The latest binary distros of go were made on the 1st of December so I guess I'll have to build from source to get client authentication working.

The diff you don't have a certificate chain for testing the fix

https://code.google.com/p/go/source/browse/src/pkg/crypto/x509/verify.go

I can give you a simple chain if you like.

Thanks!

RF

Reply all

Reply to author

Forward