Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error with chain of trust with multiple intermediates with same name #332

Closed
martinsuchan opened this issue Apr 6, 2016 · 3 comments

Comments

Projects
None yet
4 participants
@martinsuchan
Copy link

commented Apr 6, 2016

See:
https://dev.ssllabs.com/ssltest/analyze.html?d=signed.bad.horse
https://signed.bad.horse

capture

This domain is more of a joke than actual web, but it uses valid chain with self-signed cert on the top.
The problem is it uses multiple intermediates with same CN and SSLLabs probably uses CN as unique ID for certs, and it then fails to rebuild the original chain of trust.

Expected behavior - the chain of trust should be rebuilt properly for https://signed.bad.horse

@yashks

This comment has been minimized.

Copy link
Member

commented Apr 7, 2016

Overall Rating is T, if trust is ignored, it will be A. Please check in dev.ssllabs.com

Regards,
Yash K.S

@ivanr ivanr added the bug label Jun 15, 2016

@ivanr

This comment has been minimized.

Copy link
Contributor

commented Jun 15, 2016

From memory, path building does use SKI/AKI if they're present, but it falls back to using Subject/Issuer otherwise. However, I think this is a bug in the "is_self_signed" method, which looks only at Subject/Issuer and not SKI/AKI. Should be easy to fix.

@bhushan5640

This comment has been minimized.

Copy link
Collaborator

commented Sep 8, 2016

@bhushan5640 bhushan5640 closed this Oct 4, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.