Store context flags vs verification parameters flags

[colmenero]

Version

5.8.2

Description

In OpenSSL X509_STORE_CTX_set_flags translates to X509_VERIFY_PARAM_set_flags (see here).
In wolfSSL, X509_STORE_CTX_set_flags sets the context flags (see here). These are not the same as the verification parameters flags (see here). They are both part of the WOLFSSL_X509_STORE_CTX, where we have a flags member and a param->flags member. What is the difference between them?

Setting the X509_V_FLAG_PARTIAL_CHAIN flag in the verification parameter doesn't affect how the certificate is verified, but setting the context's flag does affect it. The relevant code is here). wolfSSL checks for the context flags and the store verification parameter flags, but not the context verification parameter flags. Basically, we have to use:

X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_PARTIAL_CHAIN);

This is a difference in behavior with respect to OpenSSL, and I'm wondering if the two types of flags in the context are needed.

Thanks!

[embhorn]

Hi @colmenero

Thanks for bringing this to our attention. I've requested a review of this by our engineers.

Could you tell us a bit about your project using wolfSSL?

Thanks,
@embhorn

[colmenero]

Thanks @embhorn,

This is for professional interest. I work for a company that develops a product that can use either OpenSSL or wolfSSL as crypto library. I believe we have contacted wolfSSL support previously (for other reasons) through another person in the organization.

Note that this is not a blocker in any way, I can use the store context flags.

[YushengYangRTI]

@embhorn I work with @colmenero , and I have another question related to X509_V_FLAG_PARTIAL_CHAIN.

If the chain consists of only one certificate, which is not self-signed, and the X509_V_FLAG_PARTIAL_CHAIN flag is set, should verification succeed or fail?

I asked a similar question to OpenSSL: openssl/openssl#9171 . Their response was that verification should succeed.

• In OpenSSL 1.0.2, it failed.
• In wolfSSL 5.8.2, it also fails because when we reach f7bfa71#diff-b518f13d0467027d464dda9428fff55943eec3b3da157baa7388b73ff7f4407fR407 , added is 0 because there's only one certificate in the chain; we did not previously add an untrusted issuer.
• In OpenSSL 1.1.1 (and also 3.x), it succeeds.

In wolfSSL, if a chain consists of only one certificate, why is it not considered a chain?