I want to understand if Openssl supports the key usage extension validation. If yes, how does it understand that each certificate in the chain received in server certificate correctly specifies the key usage ?
Asked
Active
Viewed 521 times
2
-
a) yes b) by looking at the key usage of all the certificates in the chain - how else? – Steffen Ullrich Jun 30 '21 at 19:21
-
You need to either blackbox test an https client that uses openssl for building and validating TLS cert chain, or you need to review the source code of openssl. For example, I suspect key usage is ignored in RSA certs, but I don't know that. – Z.T. Jul 01 '21 at 08:43
1 Answers
1
Yes, it does. For e.g. "-purpose" option can be used for specifying the certificate purpose during verification operation.
From OpenSSL verify:
The second operation is to check every untrusted certificate's extensions for consistency with the supplied purpose. If the -purpose option is not included then no checks are done. The supplied or "leaf" certificate must have extensions compatible with the supplied purpose and all other certificates must also be valid CA certificates. The precise extensions required are described in more detail in the CERTIFICATE EXTENSIONS section of the x509 utility.
As mentioned above, OpenSSL check certificate extensions. Certificate Extensions are introduced from version 3 of the X.509 standard for certificates. OpenSSL generally raises warning with version 1 due to missing extensions.
From OpenSSL x509:
The -purpose option checks the certificate extensions and determines what the certificate can be used for. The actual checks done are rather complex and include various hacks and workarounds to handle broken certificates and software.
......
If the keyUsage extension is present then additional restraints are made on the uses of the certificate. A CA certificate must have the keyCertSign bit set if the keyUsage extension is present.
The extended key usage extension places additional restrictions on the certificate uses. If this extension is present (whether critical or not) the key can only be used for the purposes specified.
......
SSL Client:
The extended key usage extension must be absent or include the "web client authentication" OID. keyUsage must be absent or it must have the > digitalSignature bit set. Netscape certificate type must be absent or it must have the SSL client bit set.
SSL Client CA:
The extended key usage extension must be absent or include the "web client authentication" OID. Netscape certificate type must be absent or > it must have the SSL CA bit set: this is used as a work around if the basicConstraints extension is absent.
SSL Server
The extended key usage extension must be absent or include the "web server authentication" and/or one of the SGC OIDs. keyUsage must be absent or it must have the digitalSignature, the keyEncipherment set or both bits set. Netscape certificate type must be absent or have the SSL server bit set.
SSL Server CA
The extended key usage extension must be absent or include the "web server authentication" and/or one of the SGC OIDs. Netscape certificate type must be absent or the SSL CA bit must be set: this is used as a work around if the basicConstraints extension is absent.
....
You can read more over here:
saurabh
- 723
- 1
- 4
- 12