search

pyca / pyopenssl

A Python wrapper around the OpenSSL library
https://pyopenssl.org/
Apache License 2.0
882 stars 421 forks source link

Does order matter when verifying an X.509 store? #1237

Open kaedenbrinkman opened 1 year ago

kaedenbrinkman commented 1 year ago

I noticed that changing the order of the two intermediate CAs (when one is irrelevant) results in a different verification result:

root_1, chain_1, leaf_1 = generate_chain()  # root, intermediate, leaf
root_2, chain_2, leaf_2 = generate_chain()

r0 = validate_chain(leaf_1, [chain_1], root_1)    # leaf, intermediates, root
r1 = validate_chain(leaf_1, [chain_1, chain_2], root_1)
r2 = validate_chain(leaf_1, [chain_2, chain_1], root_1)

print(r0, r1, r2) # True True False

I was under the impression that the order that certs are added to an X.509 store did not matter. I also didn't seem to find anything in the OpenSSL documentation about this. Can anyone clarify?

Example (source): https://gist.github.com/kaedenbrinkman/c5f2b7d05034999cd55821a4f3403720

PyOpenSSL v23.2.0, Python v3.7.7

alex commented 1 year ago

I fear my answer will be unsatisfying: this simply does whatever OpenSSL does :-/

kaedenbrinkman commented 1 year ago

I see, any tips on where I should look to figure this out?