FIX: intermediates can sign their own OCSP responses

Before it was possible that intermediates signed their own OCSP responses. I.e a compromised intermediate certificate allowed the attacker to sign OCSP responses for this very certificate.
randombit · Nov 16, 2022 · 1829ef9 · 1829ef9
1 parent 5d8d9fb
commit 1829ef9
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp
@@ -234,7 +234,12 @@ PKIX::check_ocsp(const std::vector<std::shared_ptr<const X509_Certificate>>& cer
          {
          try
             {
-            Certificate_Status_Code ocsp_signature_status = ocsp_responses.at(i)->check_signature(trusted_certstores, cert_path);
+            // When verifying intermediate certificates we need to truncate the
+            // cert_path so that the intermediate under investigation becomes the
+            // last certificate in the chain.
+            auto ocsp_cert_path = cert_path;
+            ocsp_cert_path.erase(ocsp_cert_path.begin(), ocsp_cert_path.begin()+i);
+            Certificate_Status_Code ocsp_signature_status = ocsp_responses.at(i)->check_signature(trusted_certstores, ocsp_cert_path);
 
             if(ocsp_signature_status == Certificate_Status_Code::OCSP_SIGNATURE_OK)
                {