[openssl-users] Expected behavior for verification when a subordinate in a chain is promoted to a self signed root?

33 views
Skip to first unread message

Jeffrey Walton

unread,
May 23, 2015, 8:39:00 PM5/23/15
to
I have an odd situation, and I don't know what the expect behavior is.
It was experienced when attempting to validate a path for
usercenter.checkpoint.com.

If I use s_client and `-showcerts`, I get a chain that terminates in
an old Root called "Class 3 Public Primary Certification Authority".
Its old and deprecated, so I tried to root or anchor trust in the next
lower intermediate.

The next lower intermediate is called ''VeriSign Class 3 Public
Primary Certification Authority - G5". Its sent in the chain, *but* I
downloaded it out of band from Symantec's site.

Then I ran s_client again with the downloaded version of the
certifcate (see below). It results in "Verify return code: 20 (unable
to get local issuer certificate)".

After some digging, it looks like ''VeriSign Class 3 Public Primary
Certification Authority - G5" are two different certificates with two
different serial numbers. One is sent in the chain and one is
available for download. What changed is the G5 certificate was
promoted to a self signed root due to the former CA deprecation. But
it reused the Disntiguished Name and public key, so Authority Key
Identifier and Subject Key Identifier stayed the same.

What is the expected behavior here? Should it fail or should it succeed?

Does the chain override the root or anchor? I think RFC 4518 treats
them as different certificates, so it just looks like the old G5
certificate is suprious and unnecessary. (... but confusing due to the
DN/SKI reuse)).

Jeff

**********

$ openssl s_client -connect usercenter.checkpoint.com:443 -tls1 \
-servername usercenter.checkpoint.com \
-CAfile VeriSign-Class-3-Public-Primary-Certification-Authority-G5.pem
...
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID: C58DA6CCEDD45F1BBA0FEE06C8A83B999E94105156DBF68365E98FD9E930668E
Session-ID-ctx:
Master-Key:
F725717020A58405B9B08366F46157F606F7B37CB4142B690F613F43C1073BB6E178A2D1FECB7A735D9359FDE3E2B6F0
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1432427549
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Matt Caswell

unread,
May 24, 2015, 9:42:45 AM5/24/15
to
This was fixed in the git 1.0.2 HEAD a little while ago. If you try that
version it should work, and will be in 1.0.2b.

A backport of the fix also exists for 1.0.1 but it hasn't hit the repo yet.

Matt
Reply all
Reply to author
Forward
0 new messages