Use subject from issuer certificate instead of its issuer

voltone / x509

Elixir package for working with X.509 certificates, Certificate Signing Requests (CSRs), Certificate Revocation Lists (CRLs) and RSA/ECC key pairs

BSD 3-Clause "New" or "Revised" License

119 stars 27 forks source link

Use subject from issuer certificate instead of its issuer #13

Closed mobileoverlord closed 5 years ago

mobileoverlord commented 5 years ago

I've been testing the creation and validity of a chain of root.pem -> intermediate.pem -> user.pem certificates and found that I was receiving errors when verifying the chain validity with openssl verify -CAfile <(root.pem, intermediate.pem) user.pem. After inspecting the certificates, I noticed that the issuer of user.pem was set to the subject from root.pem. After applying this change, the call to openssl verify passed.

voltone commented 5 years ago

Oops, thanks! I'm afraid there might be some more glitches like that, due to incomplete test coverage. I'll try and find some time to do some quality control...