diff options
author | David Benjamin <davidben@google.com> | 2021-10-01 16:40:31 -0400 |
---|---|---|
committer | Pete Bentley <prb@google.com> | 2021-10-05 22:02:22 +0100 |
commit | 7c27ee0dbbee0eedaa53f0a863ab5d70a3be3327 (patch) | |
tree | ce80446d6b36ba9ffe3966e82c123dee50c1476b /src/crypto/x509/x509_vpm.c | |
parent | d4d15a8d21af591be105f5879ffa1c63c04fdbae (diff) | |
download | boringssl-7c27ee0dbbee0eedaa53f0a863ab5d70a3be3327.tar.gz |
Enable X509_V_FLAG_TRUSTED_FIRST by default.
Cherry-picked from
https://boringssl-review.googlesource.com/c/boringssl/+/49745
and
https://boringssl-review.googlesource.com/c/boringssl/+/49746
Cherry-picked outside normal BoringSSL release process to allow
easier cherry-picking to Mainline (see bug for details).
The first cherry-pick is a test-only fix to pick up correct defaults,
the rest of this commit message refers to the second.
The OpenSSL X.509 verifier lacks a proper path builder. When there are
two paths available for a certificate, we pick one without looking at
expiry, etc.
In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer
Leaf -> Intermediate -> Root1. Otherwise, we will prefer
Leaf -> Intermediate -> Root1Cross -> Root2:
Root2
|
Root1 Root1Cross
\ /
Intermediate
|
Leaf
If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST
will find the path we want. Same if Root1Cross is expired. (Meanwhile,
if Root1 is expired, TRUSTED_FIRST will break and leaving it off works.
TRUSTED_FIRST does not actually select chains with validity in mind. It
just changes the semi-arbitrary decision.)
OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so
match them. Hopefully the shorter chain is more likely to be correct.
Update-Note: X509_verify_cert will now build slightly different chains
by default. Hopefully, this fixes more issues than it causes, but there
is a risk of trusted_first breaking other scenarios. Those scenarios
will also break OpenSSL 1.1.x defaults, so hopefully this is fine.
BoringSSL-Bug: 439
Bug: 201667701
Test: atest boringssl_crypto_test
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
(cherry picked from BoringSSL commit 8f5eb80b810ff63d14ad3535cb16f7cb8271a4f5)
Change-Id: Ib75feb0081ced6520f9547ff381ee7b4dee75010
Diffstat (limited to 'src/crypto/x509/x509_vpm.c')
-rw-r--r-- | src/crypto/x509/x509_vpm.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/crypto/x509/x509_vpm.c b/src/crypto/x509/x509_vpm.c index 5a881d64..29d5341e 100644 --- a/src/crypto/x509/x509_vpm.c +++ b/src/crypto/x509/x509_vpm.c @@ -528,7 +528,7 @@ static const X509_VERIFY_PARAM default_table[] = { (char *)"default", /* X509 default parameters */ 0, /* Check time */ 0, /* internal flags */ - 0, /* flags */ + X509_V_FLAG_TRUSTED_FIRST, /* flags */ 0, /* purpose */ 0, /* trust */ 100, /* depth */ |