fix: enforce pathLenConstraint regardless of keyUsage extension#1141
Closed
eddieran wants to merge 1 commit intodigitalbazaar:mainfrom
Closed
fix: enforce pathLenConstraint regardless of keyUsage extension#1141eddieran wants to merge 1 commit intodigitalbazaar:mainfrom
eddieran wants to merge 1 commit intodigitalbazaar:mainfrom
Conversation
The pathLenConstraint check in the certificate chain verification was gated on keyUsageExt !== null, meaning a CA certificate without the keyUsage extension could bypass path length constraints. This changes the condition to check bcExt !== null instead, ensuring pathLenConstraint from basicConstraints is always enforced on CA certificates regardless of whether keyUsage is present. Ref: GHSA-h8mc-2r26-8398
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The
pathLenConstraintcheck in_verifyCertificateChain(lib/x509.js) was gated onkeyUsageExt !== null, allowing a CA certificate without the keyUsage extension to bypass path length constraints entirely. OpenSSL correctly rejects the same chain.This changes the condition from
keyUsageExt !== nulltobcExt !== null, ensuringpathLenConstraintfrom basicConstraints is always enforced on CA certificates.Security Advisory
Ref: GHSA-h8mc-2r26-8398
Details
Before (vulnerable):
A CA cert that omits keyUsage but sets
basicConstraints.pathLenConstraint = 0can still issue intermediate CA certs, violating the path length limit.After (fixed):
The pathLenConstraint is now checked whenever basicConstraints is present, regardless of whether keyUsage exists.