gnutls_ocsp_resp_verify() requires signer in trust list to have id-kp-OCSPSigning

Closed Issue created 3 years ago by Airtower

Description of problem:

While debugging issues when using mod_gnutls with Let's Encrypt certificates I noticed that gnutls_ocsp_resp_verify() considers OCSP responses invalid if they're signed directly by a CA on the trust list (as Let's Encrypt does) instead of using a delegated signer. This is because gnutls_ocsp_resp_verify() requires the id-kp-OCSPSigning key purpose unconditionally. According to RFC 6960, Section 4.2.2.2 the id-kp-OCSPSigning key purpose is only needed for a delegated signer, not the CA certificate that issued the certificate being checked, or a signer explicitly declared as trusted.

Version of gnutls used:

3.7.1 (from Ubuntu)
GnuTLS master as of c70941ce

How reproducible:

The attached files contain a trust list (root and intermediate CA, trust.pem), an OCSP response signed directly by the intermediate CA (response-ca.der), and an OCSP response signed by a delegated signer signed by the intermediate CA (response-delegated.der). Both responses are for a certificate issued by the intermediate CA.

Steps to Reproduce:

datefudge --static "2021-07-14 00:00" ocsptool --infile=response-ca.der --verify-response --load-trust=trust.pem
datefudge --static "2021-07-14 00:00" ocsptool --infile=response-delegated.der --verify-response --load-trust=trust.pem

Actual results:

The first verification fails with "Signer cert keyusage error", the second succeeds.

Expected results:

Both responses should be considered valid.

Linked items 0

Link items together to show that they're related or that one is blocking others.