Certificate verification failing sometimes when certificate has empty subject #21156
Labels
branch: master
Merge to master branch
branch: 3.0
Merge to openssl-3.0 branch
branch: 3.1
Merge to openssl-3.1
severity: regression
The issue/pr is a regression from previous released version
triaged: bug
The issue/pr is/fixes a bug
The leaf certificate in our certificate chain currently has an empty subject.
This was verifying fine always until we updated alpine linux to version with OpenSSL 3.0.8 (from 1.1.1q).
It is also still validating fine on debian linux with OpenSSL 3.0.8.
Root cause analysis indicated that following commit caused the issue: 72ded6f
Reason is the empty subject is now always seen as an issue and returns -2. In both cases when empty subject is a or b. Which of course invalidates the compare invariant:
"" < "anything"
and"anything" < ""
.We have a certificate chain that exactly triggers issue on alpine linux qsort that the correct certificate is not found anymore in verification.
When doing following patch, everything verification works again: #21155
The text was updated successfully, but these errors were encountered: