On Thu, Sep 30, 2021 at 12:07:08AM -0400, Viktor Dukhovni
<[email protected]> wrote:
> On Thu, Sep 30, 2021 at 01:21:19PM +1000, raf wrote:
>
> > You said that the following extensions are needed:
> >
> > basicConstraints = CA:true
> > keyUsage = digitalSignature, keyCertSign, cRLSign
> > extendedKeyUsage = serverAuth, clientAuth
> >
> > Is it the case that serverAuth is only required for CA
> > certificates used with smtp_tls_CAfile (or
> > lmtp_tls_CAfile), and that clientAuth is only required
> > for CA certificates used with smtpd_tls_CAfile?
>
> No, because you don't get to choose which CA signed your certificates.
>
> Rather a CA with only "serverAuth" (OpenSSL-specific alias for the EKU
> OID in question) can only be used to issue TLS server certificates, and
> a CA with only "clientAuth" can only be used to issue TLS client
> certificates. A CA with EKU not specified or one that lists both can
> be used for either.
Thanks, but the above sounds to me like a "Yes" to the
question that I think I asked. So, if the answer is "No",
then there's clearly too much I don't understand about x509
(which is definitely the case), and/or the way that I
formed my question was not helpful.
This is what I was expecting to be the case:
That the following extensions are needed for certificates that
are specified with smtpd_tls_CAfile:
basicConstraints = CA:true
keyUsage = digitalSignature, keyCertSign, cRLSign
extendedKeyUsage = clientAuth
And that the following extensions are needed for certificates that
are specified with smtp_tls_CAfile (or lmtp_tls_CAfile):
basicConstraints = CA:true
keyUsage = digitalSignature, keyCertSign, cRLSign
extendedKeyUsage = serverAuth
If that's not the case, then perhaps I can ask the question
in a different way:
If all the following extensions are needed in a certificate
that is specified with smtpd_tls_CAfile:
basicConstraints = CA:true
keyUsage = digitalSignature, keyCertSign, cRLSign
extendedKeyUsage = serverAuth, clientAuth
Then what are all the extensions that are needed in a certificate
that is specified with smtp_tls_CAfile (or lmtp_tls_CAfile)?
Here's another attempt at the question:
Is it the case that, for a certificate file specified
with smtpd_tls_CAfile, the output of a command like
"openssl x509 -purpose -in ca.pem -noout"
must contain "SSL client CA : Yes"?
And is it the case that, for a certificate file
specified with smtp_tls_CAfile (or lmtp_tls_CAfile),
the output of a command like
"openssl x509 -purpose -in ca.pem -noout"
must contain "SSL server CA : Yes"?
I hope that makes my question clearer. Sorry I'm being dense.
I really need to devote some serious time to understanding x509
and openssl one of these days.
> The relying party just uses the CA certificates as they are, though in
> the case of root CA certificates, many implementations don't check the
> self-signature, and then one can mutate the CA cert, although more
> properly trust settings to root CAs are applied in the trust store
> externally to the certificate.
>
> --
> Viktor.
cheers,
raf
