crypto/x509: certificates with AKID don't chain to parents without SKID #30079
Comments
FiloSottile
added
NeedsFix
|
@gopherbot please open both backport issues. This is a regression introduced in a minor release. |
|
Backport issue(s) opened: #30080 (for 1.10), #30081 (for 1.11). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases. |
|
Change https://golang.org/cl/161097 mentions this issue: |
If a certificate somehow has an AKID, it should still chain successfully to a parent without a SKID, even if the latter is invalid according to RFC 5280, because only the Subject is authoritative. This reverts to the behavior before #29233 was fixed in 7701306. Roots with the right subject will still be shadowed by roots with the right SKID and the wrong subject, but that's been the case for a long time, and is left for a more complete fix in Go 1.13. Updates #30079 Change-Id: If8ab0179aca86cb74caa926d1ef93fb5e416b4bb Reviewed-on: https://go-review.googlesource.com/c/161097 Reviewed-by: Adam Langley <agl@golang.org>
|
Short term fix done for Go 1.12, leaving open on Go 1.13 for a more complete fix. |
If a certificate somehow has an AKID, it should still chain successfully to a parent without a SKID, even if the latter is invalid according to RFC 5280, because only the Subject is authoritative. This reverts to the behavior before golang#29233 was fixed in 7701306. Roots with the right subject will still be shadowed by roots with the right SKID and the wrong subject, but that's been the case for a long time, and is left for a more complete fix in Go 1.13. Updates golang#30079 Change-Id: If8ab0179aca86cb74caa926d1ef93fb5e416b4bb Reviewed-on: https://go-review.googlesource.com/c/161097 Reviewed-by: Adam Langley <agl@golang.org>
If a certificate somehow has an AKID, it should still chain successfully to a parent without a SKID, even if the latter is invalid according to RFC 5280, because only the Subject is authoritative. This reverts to the behavior before golang#29233 was fixed in 7701306. Roots with the right subject will still be shadowed by roots with the right SKID and the wrong subject, but that's been the case for a long time, and is left for a more complete fix in Go 1.13. Updates golang#30079 Change-Id: If8ab0179aca86cb74caa926d1ef93fb5e416b4bb Reviewed-on: https://go-review.googlesource.com/c/161097 Reviewed-by: Adam Langley <agl@golang.org>
|
@FiloSottile Is the short term fix what should be used for backporting purposes, and is it enough to resolve the two backport issues? Or should they wait for full fix before backporting? |
|
@dmitshur Yeah, the short term fix is all we need to backport. |
|
Change https://golang.org/cl/163739 mentions this issue: |
…KID has no match If a certificate somehow has an AKID, it should still chain successfully to a parent without a SKID, even if the latter is invalid according to RFC 5280, because only the Subject is authoritative. This reverts to the behavior before #29233 was fixed in 7701306. Roots with the right subject will still be shadowed by roots with the right SKID and the wrong subject, but that's been the case for a long time, and is left for a more complete fix in Go 1.13. Updates #30079 Fixes #30081 Change-Id: If8ab0179aca86cb74caa926d1ef93fb5e416b4bb Reviewed-on: https://go-review.googlesource.com/c/161097 Reviewed-by: Adam Langley <agl@golang.org> (cherry picked from commit 95e5b07) Reviewed-on: https://go-review.googlesource.com/c/163739 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
Change https://golang.org/cl/232993 mentions this issue: |
The fix for #29233 broke certificate chains where a certificate has an AKID but the parent doesn't.
These chains are weird (where did the AKID come from if there's no SKID?) and invalid by RFC 5280 (parents MUST have AKID) but they are out there, and as much of the X.509 ecosystem, we need to live with them.
Reported by @abarisani in #29233 (comment).
In the review @sleevi pointed out that the old code was also subtly broken (if a parent with wrong subject but right AKID and one with right subject but no SKID were available, only the former would be considered, failing to build a chain) but that was a way rarer scenario.
We broke this in a minor (security!) release, which is not good, so we should backport a revert, and fix also the subtle case above in Go 1.13.
The text was updated successfully, but these errors were encountered: