[PATCH] OpenSSL: Accept certificates marked for both server and client use

Jouni Malinen j at w1.fi
Sat Feb 15 02:48:31 EST 2014

On Sat, Feb 15, 2014 at 12:21:32AM -0500, Anders Kaseorg wrote:
> Commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304 was too strict in
> forbidding certificates marked for client use.  For example, this
> broke the MIT SECURE wireless network.  The extended key usage is a
> _list_ of allowed uses, and rather than checking that client use is
> not in the list, we should check that server use is in the list.

This is unfortunate.. This check was added based on an explicit
specification requirement on the server certificate being rejected if
it contains id-kp-clientAuth and as such, that commit was actually
following that requirement on purpose in the way that would trigger
based on any entry matching.

I understand the view that this should not break (reasonably) deployed
existing networks and this may require some reconsideration. However, I
don't think that this change to require id-kp-serverAuth to be present
would be good either since it would likely break even more use cases. It
might be more reasonable to reject the server based on id-kp-clientAuth
being present without id-kp-serverAuth.

Would it be possible to get the MIT SECURE server certificate that hits
this new constraint on id-kp-clientAuth being present? This would be
useful for further discussion on possible spec changes/clarifications.

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list