CVE-2021-3450

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1h through 1.1.1j

Description The issue is related to an error in the implementation of a check for certificates in a chain that have explicitly encoded elliptic curve parameters when the X509 V FLAG X509 STRICT flag is set. This flag enables additional security checks of the certificates present in a certificate chain and is not set by default. The error causes the result of a previous check to confirm that certificates in the chain are valid CA certificates to be overwritten, effectively bypassing the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured, there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set, the certificate chain will still be rejected even when the strict flag has been used.

Recommendations To resolve the issue, users of affected OpenSSL versions should upgrade to OpenSSL 1.1.1k. As a temporary workaround, consider avoiding the use of the X509 V FLAG X509 STRICT verification flag or ensure that a purpose is set for the certificate verification. For TLS client or server applications, do not override the default purpose.