On Sat, Jan 22, 2022 at 03:09:52PM +0100, Theo Buehler wrote: > The diff below would be what we both expect, but it means we diverge > from OpenSSL's behavior.
AFAIK the OpenSSL implementation doesn't apply constraints in accordance with the procedures referenced in the IANA "SMI Security for PKIX Certificate Policies" in context of the RPKI. In the sense that strictly speaking, the cert validator should apply different validation algorithms (based on the 1.3.6.1.5.5.7.14.X value) https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.14 Perhaps it is worth exploring whether the libressl validator can check for ipAddr-asNumber or ipAddr-asNumberv2, and if either of those two policies is in play, diverge from the OpenSSL behavior? Or in the case that PKIX Certificate Policies are considered a meaningless 'dead end', divergence from OpenSSL's behavior would be unavoidable in any case. An Internet-Draft relevant in this context. *author hat on* I've not yet requested IETF working group adoption, because I'd love additional scrutiny in relationship to the claims about benefit made in RFC 8360. https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rpki-validation-update https://datatracker.ietf.org/meeting/110/materials/slides-110-sidrops-job-snijders-validation-update-00 Kind regards, Job > > Index: x509/x509_addr.c > =================================================================== > RCS file: /cvs/src/lib/libcrypto/x509/x509_addr.c,v > retrieving revision 1.76 > diff -u -p -r1.76 x509_addr.c > --- x509/x509_addr.c 6 Jan 2022 14:08:15 -0000 1.76 > +++ x509/x509_addr.c 22 Jan 2022 14:05:27 -0000 > @@ -1899,9 +1899,6 @@ addr_validate_path_internal(X509_STORE_C > if (IPAddressFamily_inheritance(parent_af) == NULL) > continue; > > - if (sk_IPAddressFamily_find(child, parent_af) < 0) > - continue; > - > if ((ret = verify_error(ctx, cert, > X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) > goto done; > Index: man/X509_STORE_CTX_get_error.3 > =================================================================== > RCS file: /cvs/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3,v > retrieving revision 1.20 > diff -u -p -r1.20 X509_STORE_CTX_get_error.3 > --- man/X509_STORE_CTX_get_error.3 17 Nov 2021 16:08:32 -0000 1.20 > +++ man/X509_STORE_CTX_get_error.3 22 Jan 2022 14:06:25 -0000 > @@ -509,6 +509,13 @@ A name constraint violation occurred in > No name constraints minimum and maximum not supported > A certificate name constraints extension included a minimum or maximum > field: this is not supported. > +.It Dv X509_V_ERR_UNNESTED_RESOURCE : \ > + RFC 3779 resource not subset of parent's resources > +When walking up a certificate chain, all resources specified in > +RFC 3779 extensions must be contained in the resources delegated in > +the issuer's RFC 3779 extensions. > +The error indicates that this is not the case or that the trust anchor > +has inheritance. > .It Dv X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE : \ > No unsupported name constraint type > An unsupported name constraint type was encountered.
