> On Dec 9, 2017, at 11:04 AM, admin@??? wrote:
>
> I tried creating a testcase for (2 1 1) mode, but it passes with current master
> and OpenSSL 1.0.1t
The upstream ssl_dane library issue was that the subject name
of synthesized intermediate CA certificates was inadvertently
set NULL after some code "cleanup" in:
https://github.com/vdukhovni/ssl_dane/commit/df4ce91591815ec9472045b538eeb140270eeecb
this was fixed recently in:
https://github.com/vdukhovni/ssl_dane/commit/d9767f2fc78dbaf990c18df00bf17fd0c2ee2baa
To produce a test case we need to understand when "synthesized"
intermediate certificates come into play. Because DANE-TA(2)
authentication is independent of the usual WebPKI trusted roots,
and OpenSSL prior to 1.0.2 does not support "partial chains" in
which the trust-anchor is not a self-signed root, what happens
in "ssl_dane" (prior to OpenSSL 1.0.2) is:
* If the presented certificate that matches the DANE-TA(2)
TLSA record is self-signed, it becomes the trust-anchor
for verification as-is.
* Otherwise, it is not self-signed, and a new certificate
is generated to replace it, together with a parent issuer
certificate that is self-signed.
With the bug not patched, the issuer name of the generated
intermediate certificate is inadvertently left empty and
its creation of its "self-signed" issuer detects the empty
name and returns an error.
So to reproduce the problem, your "2 1 1" issuer certificate
MUST NOT be self-signed. The test chain needs to be:
depth 0: server, issued by:
depth 1: 2 1 1 CA issued by:
depth 2: another CA, can be left out of presented chain
--
Viktor.
