Skip to content

crypto/x509: certificate with empty Authority Key Identifier extension considered invalid #70619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dulanshuangqiao opened this issue Nov 30, 2024 · 6 comments
Open

crypto/x509: certificate with empty Authority Key Identifier extension considered invalid #70619

dulanshuangqiao opened this issue Nov 30, 2024 · 6 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.

Comments

@dulanshuangqiao
Copy link

Go version

go version go1.18.1 linux/amd64

Output of go env in your module/workspace:

GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/liu/.cache/go-build"
GOENV="/home/liu/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/liu/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/liu/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/lib/go-1.18"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/lib/go-1.18/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.18.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3649475886=/tmp/go-build -gno-record-gcc-switches"

What did you do?

I used crypto/x509 of golang to convert the der certificate to a pem certificate. For my test case, there was an Authority Key Identifier extension with an empty value.

What did you see happen?

Golang considered it an invalid Authority Key Identifier extension, but openssl and gnutls did not.

What did you expect to see?

According to rfc5280, the keyIdentifier, authorityCertIssuer, and authorityCertSerialNumber of the Authority Key Identifier extension are all OPTIONAL
@gabyhelp
Copy link

Related Issues

Related Code Changes

Related Discussions

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@seankhliao
Copy link
Member

please show a reproducer. also 1.18 is not a supported version.
Note that the RFC says:

The keyIdentifier field of the authorityKeyIdentifier extension MUST
be included in all certificates generated by conforming CAs to
facilitate certification path construction. There is one exception;
where a CA distributes its public key in the form of a "self-signed"
certificate, the authority key identifier MAY be omitted.

and it should be allowed from #15194

@seankhliao seankhliao added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Nov 30, 2024
@seankhliao seankhliao changed the title Authority Key Identifier extension validity judgment crypto/x509: certificate with empty Authority Key Identifier extension considered invalid Nov 30, 2024
@dulanshuangqiao
Copy link
Author

请提供重现程序。另外 1.18 不是受支持的版本。 请注意,RFC 指出:

authorityKeyIdentifier 扩展的 keyIdentifier 字段必须
包含在符合要求的 CA 生成的所有证书中,以
方便构建证书路径。有一个例外;
当 CA 以“自签名”证书的形式分发其公钥时
,可以省略授权密钥标识符。

从#15194开始应该允许

I implemented this problem again in go version go1.23.2 linux/amd64
My report is that the extension appears but the value is empty, not the omitted Authority Key Identifier extension mentioned in rfc5280. Since the keyIdentifier, authorityCertIssuer and authorityCertSerialNumber of the Authority Key Identifier extension are all optional, openssl and gnutls do not consider this case as an invalid Authority Key Identifier extension, but golang's crypto/x509 judges it as invalid
I attached the test case and the golang program I used (the program corresponds to the certificate format conversion command of openssl)
appendix.zip

@seankhliao seankhliao added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. and removed WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. labels Dec 1, 2024
@seankhliao
Copy link
Member

cc @golang/security

@gabyhelp gabyhelp mentioned this issue Jan 31, 2025
Closed
@gabyhelp gabyhelp mentioned this issue Feb 19, 2025
Open
@gabyhelp gabyhelp mentioned this issue Mar 25, 2025
Open
@dulanshuangqiao
Copy link
Author

cc @golang/security

There is no staff to handle this report for a long time.I hope a developer can review my report,This is very important for my work.

@rolandshoemaker
Copy link
Member

rolandshoemaker commented Apr 2, 2025
edited
Loading

Just because these fields are OPTIONAL (in the ASN.1 terminology) does not mean they can generally be empty. RFC 5280 specifically says that the keyIdentifier must be present (except for in the self-signed case) and the CABF Baseline Requirements also says it must be present. I'm confused as to what the extension being present, but the value being empty, would mean. How would that aid in path building?

We specifically target the web PKI, for which AKI is generally necessary for happy path building. While OpenSSL and GnuTLS support many things, which exponentially increase their complexity, we do not, and without a strong rationale for adding support for this, I cannot imagine we would be particularly interested in doing it.

This was referenced Apr 9, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rolandshoemaker @seankhliao @dulanshuangqiao @gabyhelp