[Pkg-openssl-devel] Bug#862335: openssl creates and accepts certificates with bad notAfter field

Harald Dunkel harri at afaics.de
Thu May 11 12:59:20 UTC 2017 

Package: openssl
Version: 1.1.0e-1

If I create a self-signed certificate with a bad notAfter field,
then openssl doesn't complain. Sample session:

% mkdir -p ca/root-ca/private ca/root-ca/db crl certs
% chmod 700 ca/root-ca/private
% cp /dev/null ca/root-ca/db/root-ca.db
% cp /dev/null ca/root-ca/db/root-ca.db.attr
% echo 01 > ca/root-ca/db/root-ca.crt.srl
% echo 01 > ca/root-ca/db/root-ca.crl.srl
% 
% openssl req -new \
>     -config etc/root-ca.conf \
>     -out ca/root-ca.csr \
>     -keyout ca/root-ca/private/root-ca.key
Generating a 4096 bit RSA private key
...............................................++
...........................................................................................................................................................................................++
writing new private key to 'ca/root-ca/private/root-ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
% openssl ca -selfsign \
>     -config etc/root-ca.conf \
>     -in ca/root-ca.csr \
>     -out ca/root-ca.crt \
>     -extensions root_ca_ext \
>     -enddate 20451231235959Z
Using configuration from etc/root-ca.conf
Enter pass phrase for ./ca/root-ca/private/root-ca.key:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: May 11 10:53:09 2017 GMT
            Not After : Dec 31 23:59:59 2045 GMT
        Subject:
            countryName               = DE
            organizationName          = example AG
            organizationalUnitName    = example Certificate Authority
            commonName                = example Root CA
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                57:E9:EC:EB:0A:A5:F4:26:DC:1A:CF:CE:2E:E5:59:20:F0:FE:10:AD
            Authority Information Access: 
                CA Issuers - URI:http://pki.example.com/ca/root-ca.cer

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://pki.example.com/ca/root-ca.crl

            X509v3 Authority Key Identifier: 
                keyid:57:E9:EC:EB:0A:A5:F4:26:DC:1A:CF:CE:2E:E5:59:20:F0:FE:10:AD

Certificate is to be certified until Dec 31 23:59:59 2045 GMT (10461 days)
Sign the certificate? [y/n]:yes


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

% openssl verify -CAfile ca/root-ca.crt ca/root-ca.crt
ca/root-ca.crt: OK



Please note the "-enddate 20451231235959Z" and compare with RFC 5280
section 4.1.2.5 (https://www.ietf.org/rfc/rfc5280.txt). The GeneralizedTime 
format is not allowed for 2045, but apparently openssl doesn't convert 
the string to UTCTime format.


libressl rejects the certificate (created on Debian), e.g. on OpenBSD 6.0:

% openssl verify -CAfile root-ca.crt root-ca.crt 
root-ca.crt: C = DE, O = example AG, OU = example Certificate Authority, CN = example Root CA
error 14 at 0 depth lookup:format error in certificate's notAfter field



Regards
Harri

More information about the Pkg-openssl-devel mailing list