crypto/x509: VerifyOptions.KeyUsages went from any required to all required in 1.10 #24162
Comments
grittygrease
changed the title
|
Excuse the edits. I think this can be boiled down to this loop: Line 861 in 0681c7c in which every EKU in opts.KeyUsages is required to pass the ekuPermittedBy test. Compare this to the previous logic where only one of opts.KeyUsages was required to be valid. |
|
The failure does not reproduce on any tagged cfssl version, checkout commit b9f59aa instead. Longer version (or skip to the
cfssl 1.3.0 does not build with Go 1.10, and the test passes in cfssl 1.3.1 because it looks like it was fixed here cloudflare/cfssl@c68df53.
Before that fix So failing is expected behavior AFAICT. But still I couldn't figure out why it was failing before, because the point of #23884 was to make this specific case fail again. So I checked out But then again it was failing on the other certificate.
KeyUsages: []x509.ExtKeyUsage{
x509.ExtKeyUsageServerAuth,
x509.ExtKeyUsageClientAuth,
x509.ExtKeyUsageMicrosoftServerGatedCrypto,
x509.ExtKeyUsageNetscapeServerGatedCrypto,
},The certificates only have The current behavior is that all Lines 860 to 870 in b5bd5bf However the previous behavior was that any Lines 515 to 517 in 6732fcc The old behavior matches the docs, even if vague. So this is a pretty bad regression AFAICT, breaking most multi-value uses of (I don't think SANs are involved, nor the root or intermediate lack of EKUs.) /cc @agl |
FiloSottile
added
the
NeedsFix
FiloSottile
changed the title
|
Change https://golang.org/cl/97720 mentions this issue: |
|
I misremembered this and thought that all specified EKUs needed to match, but the previous behaviour was clearly that any of them was sufficient. Sending CL to specify that in the docs and restore old behaviour. |
|
Reopening for cherry-pick. |
|
CL 97720 OK for Go 1.10.1 |
andybons
added
CherryPickApproved
|
Change https://golang.org/cl/102790 mentions this issue: |
…d be sufficient. The documentation was unclear here and I misremembered the behaviour and changed it in 1.10: it used to be that matching any EKU was enough but 1.10 requires that all EKUs match. Restore 1.9 behaviour and clarify the documentation to make it official. Fixes #24162. Change-Id: Ic9466cd0799cb27ec3a3a7e6c96f10c2aacc7020 Reviewed-on: https://go-review.googlesource.com/97720 Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-on: https://go-review.googlesource.com/102790 Run-TryBot: Andrew Bonventre <andybons@golang.org>
The behavior of x509.Verify changed in Go 1.10, which broke a test in CFSSL.
The previous behavior was that when the array of extended key usages in x509.VerifyOptions contains ExtKeyUsageClientAuth, then calling x509.Verify on a valid chain to a leaf certificate with the client certificate auth EKU set results in a valid response, which is the expected behavior. In Go 1.10, this behavior only works when x509.VerifyOptions only contains ExtKeyUsageClientAuth. If x509.VerifyOptions contains both ExtKeyUsageClientAuth and ExtKeyUsageServerAuth, then x509.Verify fails this check for leaf certificate with a client authentication usage.
Is there a new requirement for leaf certificates with Client Auth?
What version of Go are you using (
go version)?go 1.10
Steps to reproduce
The following test fails in cfssl 1.3 (https://github.com/cloudflare/cfssl/tree/1.3.0)
https://github.com/cloudflare/cfssl/blob/master/bundler/bundler_test.go#L914
Output in Go 1.10
The text was updated successfully, but these errors were encountered: