Assuming that all self-signed certificates are trusted (here, A and B), then providing a CAfile with D+C+B+A to validate E, the different possible paths are: - E <- D <- B: this path is valid - E <- D <- C <- A: this path is valid
In the validation algorithm described in RFC5280 and X.509, the pathlenConstraints contained in the certificate of the Trust Anchor (here, A or B) is not taken into account. Therefore, the only ones that matter are the values set in C and D, and these values are coherent with both chains. On Thu, Sep 15, 2022 at 7:34 PM Andrew Lynch via openssl-users < openssl-users@openssl.org> wrote: > Hi, > > > > I would like to have my understanding of the following issue confirmed: > > > > Given a two-level CA where the different generations of Root cross-sign > each other, the verification of an end-entity certificate fails with > OpenSSL 1.1.1 – “path length constraint exceeded”. With OpenSSL 1.0.2 the > same verify succeeds. > > > > All Root CA certificates have Basic Constraints CA:TRUE, pathlen:1. The > Sub CA certificate has pathlen:0. > > > > A) Issuer: CN=Root CA, serialNumber=1 > > Subject: CN=Root CA, serialNumber=1 > > > > B) Issuer: CN=Root CA, serialNumber=2 > > Subject: CN=Root CA, serialNumber=2 > > > > C) Issuer: CN=Root CA, serialNumber=1 > > Subject: CN=Root CA, serialNumber=2 > > > > D) Issuer: CN=Root CA, serialNumber=2 > > Subject: CN=Sub CA, serialNumber=2 > > > > E) Issuer: CN=Sub CA, serialNumber=2 > > Subject: Some end entity > > > > With a CAfile containing D, C, B, A in that order the verify of E fails. > If I remove the cross certificate C then the verify succeeds. > > > > I believe OpenSSL 1.1.1 is building a chain of depth 3 (D – C – A) and so > pathlen:1 of A is violated. Without the cross certificate the chain is > only depth 2 (D – B). > > > > Is my understanding of the reason for this failure correct? > > Why is OpenSSL 1.0.2 verifying successfully? Does it not check the path > length constraint or is it actually picking the depth 2 chain instead of > the depth 3? > > > > Regards, > > Andrew. > > > -- Cordialement, Erwann Abalea.
