New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509: CANotAuthorizedForExtKeyUsage is premature #24590
Comments
CC @FiloSottile |
EKU "nesting" is not part of RFC5280. However, several platforms (MS CryptoAPI, NSS, etc) (mis)use the EKU extension in CA certificates to constrain the set of purpose(s) for which leaf certificates may be used. |
The EKU nesting check is documented and matched by other major platforms, as you said, so I don't see that changing.
However, I can see why ignoring those EKUs instead of erroring out might be the right choice, in particular if that's the other platforms behavior. While name constraints are documented to be verified in Voice of God mode (which is necessary for subsequent calls to
@agl opinions? |
We've enforced nesting of requested EKUs for a long time. When redoing it, I asked sleevi how he would like to see it work and, having double checked with him, I had misunderstood and he would be fine with only enforcing the nesting of requested EKUs. So we could relax this again, although the argument that I find compelling is that there could be a path (that we didn't find) which makes the nesting valid. The argument above seems to be that it's ok to not nest them because some verifiers don't check this and it's fine that some EKUs could never be accepted by a verifier that does. That seems to painting those verifiers into a corner where they could never enforce this, which doesn't seem like a positive move. I also agree with @FiloSottile that a CT verifier would have sufficiently different goals that it would probably not want to use verify.go. So while the overall request might be valid based on my updated understanding from sleevi, this is not a strong test case. |
Leaving for @FiloSottile and @agl to decide. |
We have also encountered this error. While waiting for a fix upstream, is there a workaround that we can use to ignore this validation error? |
Based on discussion with @agl, we will go back to only enforcing nesting (and returning CANotAuthorizedForExtKeyUsage) when the EKU is being asserted in Verify. @gopherbot, please open a tracking issue for backporting to 1.10. |
Backport issue(s) opened: #25258 (for 1.10). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases. |
- golang 1.10 has a bug parsing x509 certificates, see golang/go#24590 [#157626761] Signed-off-by: Mirah Gary <mgary@pivotal.io>
Change https://golang.org/cl/113475 mentions this issue: |
See golang/go#24590 [#157663527, #157286799] Co-authored-by: Kieron Browne <kbrowne@pivotal.io>
We're going to change back to the 1.9 behaviour w.r.t. EKUs. But this is because Go generally doesn't try to be aggressive in fixing these ecosystem issues. If you hit chains that did not have nested EKUs, that's probably a landmind that will bite you in the future and something to be addressed. |
- this is because of a [bug in 1.10](golang/go#24590) [#157768129]
What version of Go are you using (
go version
)?1.10.
Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (
go env
)?Linux amd64.
What did you do?
https://play.golang.org/p/ITwuMz9qN4z
What did you expect to see?
No error.
What did you see instead?
verification failure: x509: a root or intermediate certificate is not authorized for an extended key usage: EKU not permitted: asn1.ObjectIdentifier{2, 16, 840, 1, 113741, 1, 2, 3}
The text was updated successfully, but these errors were encountered: