From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Fri, 15 Jan 2016 08:49:11 +0000 (-0500)
Subject: Reject when explicit trust EKU are set and none match.
X-Git-Tag: OpenSSL_1_1_0-pre3~472
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3342dcea7a633e579e1971dfd16ff3fc14dc3936;p=oweals%2Fopenssl.git

Reject when explicit trust EKU are set and none match.

Returning untrusted is enough for for full chains that end in
self-signed roots, because when explicit trust is specified it
suppresses the default blanket trust of self-signed objects.

But for partial chains, this is not enough, because absent a similar
trust-self-signed policy, non matching EKUs are indistinguishable
from lack of EKU constraints.

Therefore, failure to match any trusted purpose must trigger an
explicit reject.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---

diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index 8f2ff8321e..851e745220 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -312,6 +312,21 @@ static int obj_trust(int id, X509 *x, int flags)
             if (OBJ_obj2nid(obj) == id)
                 return X509_TRUST_TRUSTED;
         }
+        /*
+         * Reject when explicit trust EKU are set and none match.
+         *
+         * Returning untrusted is enough for for full chains that end in
+         * self-signed roots, because when explicit trust is specified it
+         * suppresses the default blanket trust of self-signed objects.
+         *
+         * But for partial chains, this is not enough, because absent a similar
+         * trust-self-signed policy, non matching EKUs are indistinguishable
+         * from lack of EKU constraints.
+         *
+         * Therefore, failure to match any trusted purpose must trigger an
+         * explicit reject.
+         */
+        return X509_TRUST_REJECTED;
     }
     return X509_TRUST_UNTRUSTED;
 }