The extended key usage criticality check is skipped if it is the
first extension in the certificate in check_purpose_timestamp_sign()
The following patch addresses that issue. There are two other calls to
X509_get_ext_by_NID() in the same file that may also be suspect.
$ more ts_purpose.patch
diff -ur openssl_orig/crypto/x509v3/v3_purp.c
openssl/crypto/x509v3/v3_purp.c
--- openssl_orig/crypto/x509v3/v3_purp.c 2013-09-23
23:06:45.000000000 -0400
+++ openssl/crypto/x509v3/v3_purp.c 2013-09-25
21:49:04.000000000 -0400
@@ -684,7 +684,7 @@
return 0;
/* Extended Key Usage MUST be critical */
- i_ext = X509_get_ext_by_NID((X509 *) x,
NID_ext_key_usage, 0);
+ i_ext = X509_get_ext_by_NID((X509 *) x,
NID_ext_key_usage, -1);
if (i_ext >= 0)
{
X509_EXTENSION *ext =
X509_get_ext((X509 *) x, i_ext);
