NameConstraints are not being applied (or I don't know how to enforce them?)

[jeff]

I have an example, detailed below, that specifies permitted and excluded
subtrees for a sub-CA. Later it uses the sub-CA cert to sign certificate
requests adhering to and violating the name constraints both, even
though the nameConstraints are marked as critical.
Is this OpenSSL misbehaving or did I miss something when creating the
sub-CA certificate or issuing the user certificate?
thanks/jeff

"openssl.cnf" lines for Root CA when issued the sub-CA's certificate:
        ...
        nameConstraints = critical,@name_const_section
        [ name_const_section ]
        excluded;dirName=excluded_DN
        permitted;dirName=permitted_DN
        
        [ excluded_DN ]
        O=bad
        
        [ permitted_DN ]
        O=good
        
Print out of the sub-CA's cert (trustedcacert.pem):
        Certificate Details:
                Serial Number: 22 (0x16)
                Validity
                    Not Before: Jun  3 13:13:36 2010 GMT
                    Not After : Jun  3 13:13:36 2011 GMT
                Subject:
                    countryName               = US
                    stateOrProvinceName       = NY
                    organizationName          = AcmeCorp
                    commonName                = AcmeCorp
                X509v3 extensions:
                        ...
                    X509v3 Key Usage: critical
                        Certificate Sign, CRL Sign
                    X509v3 Basic Constraints: critical
                        CA:TRUE, pathlen:0
                    X509v3 Name Constraints: critical
                        Permitted:
                          DirName: O = good
                        Excluded:
                          DirName: O = bad

Commands issued to create CSRs and sign them with the sub-CA's cert:

        # signing the good cert req
        openssl req -new -newkey rsa:2048 -nodes -keyout "goodkey.pem" \
                -sha256 -subj "/O=good+CN=Good\/Instance"
                -multivalue-rdn \
                > goodcsr.pem
        openssl x509 -CA trustedcacert.pem -CAkey trustedcakey.pem \
                -days 365 -req -in goodcsr.pem -set_serial 2 -out
                goodcert.pem
        
        
        # signing the bad cert req
        openssl req -new -newkey rsa:2048 -nodes -keyout "badkey.pem" \
                -sha256 -subj "/O=bad+CN=Bad\/Instance" -multivalue-rdn
                \ 
                > badcsr.pem
        openssl x509 -CA trustedcacert.pem -CAkey trustedcakey.pem \
                -days 365 -req -in badcsr.pem -set_serial 3 -out
                badcert.pem
        
Print out of the created badcert.pem:
        Certificate:
            Data:
                Version: 1 (0x0)
                Serial Number: 3 (0x3)
                Signature Algorithm: sha1WithRSAEncryption
                Issuer: C=US, ST=NY, O=AcmeCorp, CN=AcmeCorp
                Validity
                    Not Before: Jun  3 13:13:38 2010 GMT
                    Not After : Jun  3 13:13:38 2011 GMT
                Subject: O=bad, CN=Bad/Instance
                Subject Public Key Info:
                    Public Key Algorithm: rsaEncryption
                    RSA Public Key: (2048 bit)



This email contains Morega Systems Inc. Privileged and Confidential information.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org