Questions re: OpenSSL Client Compatibility Changes for Let’s Encrypt Certificates

From my point of view (also see my post above), the fix was the introduction of X509_V_FLAG_TRUSTED_FIRST in OpenSSL. Per the official documentation, this flag is set by default since OpenSSL 1.1.0. The docs don't say if they mean 1.1.0 in general, or a specific patch release of 1.1.0.

https://www.openssl.org/docs/manmaster/man3/X509_VERIFY_PARAM_set_flags.html

When X509_V_FLAG_TRUSTED_FIRST is set, which is always the case since OpenSSL 1.1.0, construction of the certificate chain in X509_verify_cert(3) searches the trust store for issuer certificates before searching the provided untrusted certificates. Local issuer certificates are often more likely to satisfy local security requirements and lead to a locally trusted root. This is especially important when some certificates in the trust store have explicit trust settings (see "TRUST SETTINGS" in openssl-x509(1)).

Edit: I just checked the source code. X509_V_FLAG_TRUSTED_FIRST is set by default since Check chain extensions also for trusted certificates · openssl/openssl@0daccd4 · GitHub, which is part of the very first OpenSSL 1.1.0 release.

There's some confusion to this, as you sometimes also need to set X509_V_FLAG_PARTIAL_CHAIN, which is not set by default in 1.1.0, but I believe that this isn't neccessary in this case though.

I also want to highlight that your trust store needs to include ISRG Root X1, otherwise all of this is moot.

2 Likes