[strongSwan-dev] X509_AA flag does not meet spec; implementation is buggy too

[Mike Ryan]

The X509_AA flag parallels the X509_CA flag. Its basic meaning is: the
holder if this certificate has the authority to issue X.509 attribute
certificates. 

According to RFC3281, there is no provision to encode a simple boolean
flag with the meaning of X509_AA in an X.509 certificate.

AA controls, an optional sequence described in section 7.1, provide a
rich set of controls over which attributes may be issued by an AA. There
IS a boolean flag in there: permitUnSpecified. If this is true, then the
holder is allowed to issue any attribute.

This flag is semantically subtly different from a boolean meaning 'is an
attribute authority'.

The handling of the X509_AA flag is buggy as well. Setting the X509_AA
flag on a certificate sets a flag in the data structure, but when the
certificate is encoded into ASN.1 there is no difference between a cert
with and without this flag.

-

To exercise this bug, create a cert with the X509_AA flag, save its
encoding to a file, and then load it again. The X509_AA flag will not be
set.

To create a cert with the AA flag, I modified pki/commands/self.c and
added X509_AA to the --ca flag like so:

case 'b':
    flags |= X509_CA;
    flags |= X509_AA;
    continue;

Then generate a self-signed cert with the CA flag and print the cert:

$ pki --self --dn cn=test --ca --in private.der > test.der
$ pki --print --in test.der | grep AA

No mention of the AA flag is made. The cert is identical to a cert
without the AA flag specified.