I've come across a situation when someone is using self-signed
certificates to perform S/MIME signaturing. Someone has 2 self-signed
certs with the same information in the Subject DN. One is used for
signing, the other for encryption.
When OpenSSL checks the issuer it ends up in x509v3/v3_purp.c in the
function X509_check_issued().
If the encryption cert is passed as the issuer to be checked, then the
result returned is X509_V_OK because the issuer/subject DNs match on the
subject/issuer certs, and there is no AKID information. This in
turn results in the S/MIME signature verification failing, because the
wrong cert is "OK".
So, given that there is a stack of certs loaded, I added another check
in X509_check_issued(), which occurs after the code:-
if(ku_reject(issuer, KU_KEY_CERT_SIGN))
return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
I now compare the subject cert's SubjectDN and IssuerDN, if they are the
same, then I use X509_cmp() to check that the subject and issuer certs are
indeed the same. If not, I return an error.
Before I submit it as a patch, is there anything you can think of that
might break because of this code change?
- DR
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
