gnutls_ocsp_resp_verify() requires signer in trust list to have id-kp-OCSPSigning
Description of problem:
While debugging issues when using mod_gnutls with Let's Encrypt certificates I noticed that gnutls_ocsp_resp_verify() considers OCSP responses invalid if they're signed directly by a CA on the trust list (as Let's Encrypt does) instead of using a delegated signer. This is because gnutls_ocsp_resp_verify() requires the id-kp-OCSPSigning key purpose unconditionally. According to RFC 6960, Section 4.2.2.2 the id-kp-OCSPSigning key purpose is only needed for a delegated signer, not the CA certificate that issued the certificate being checked, or a signer explicitly declared as trusted.
Version of gnutls used:
- 3.7.1 (from Ubuntu)
- GnuTLS
masteras of c70941ce
How reproducible:
The attached files contain a trust list (root and intermediate CA, trust.pem), an OCSP response signed directly by the intermediate CA (response-ca.der), and an OCSP response signed by a delegated signer signed by the intermediate CA (response-delegated.der). Both responses are for a certificate issued by the intermediate CA.
Steps to Reproduce:
- datefudge --static "2021-07-14 00:00" ocsptool --infile=response-ca.der --verify-response --load-trust=trust.pem
- datefudge --static "2021-07-14 00:00" ocsptool --infile=response-delegated.der --verify-response --load-trust=trust.pem
Actual results:
The first verification fails with "Signer cert keyusage error", the second succeeds.
Expected results:
Both responses should be considered valid.