Performing verification for Focal

Generating the ssl certificates, and reproducing the problem with version
1.1.1f-1ubuntu2.3 from -updates.

ubuntu@select-lobster:~$ sudo apt-cache policy openssl | grep Installed
  Installed: 1.1.1f-1ubuntu2.3
ubuntu@select-lobster:~$ mkdir reproducer
ubuntu@select-lobster:~$ cd reproducer
ubuntu@select-lobster:~/reproducer$ mkdir CA
ubuntu@select-lobster:~/reproducer$ cat << EOF >> rootCA.cnf
> [ req ]
> prompt = no
> distinguished_name = req_distinguished_name
> x509_extensions = usr_cert
> 
> [ req_distinguished_name ]
> C = DE
> O = Test Org
> CN = Test RSA PSS Root-CA
> 
> [ usr_cert ]
> basicConstraints = critical,CA:TRUE
> keyUsage = critical,keyCertSign,cRLSign
> subjectKeyIdentifier = hash
> authorityKeyIdentifier = keyid:always
> EOF
ubuntu@select-lobster:~/reproducer$ cat << EOF >> subCA.cnf
> [ req ]
> prompt = no
> distinguished_name = req_distinguished_name
> x509_extensions = usr_cert
> 
> [ req_distinguished_name ]
> C = DE
> O = Test Org
> CN = Test RSA PSS Sub-CA
> 
> [ usr_cert ]
> basicConstraints = critical,CA:TRUE,pathlen:0
> keyUsage = critical,keyCertSign,cRLSign
> subjectKeyIdentifier = hash
> authorityKeyIdentifier = keyid:always
> EOF
ubuntu@select-lobster:~/reproducer$ cat << EOF >> user.cnf
> [ req ]
> prompt = no
> distinguished_name = req_distinguished_name
> x509_extensions = usr_cert
> 
> [ req_distinguished_name ]
> C = DE
> O = Test Org
> CN = Test User
> 
> [ usr_cert ]
> basicConstraints = critical,CA:FALSE,pathlen:0
> keyUsage = critical,digitalSignature,keyAgreement
> extendedKeyUsage = clientAuth,serverAuth
> subjectKeyIdentifier = hash
> authorityKeyIdentifier = keyid:always
> EOF
ubuntu@select-lobster:~/reproducer$ openssl genpkey -algorithm RSA-PSS -out rootCA_key.pem -pkeyopt rsa_keygen_bits:2048
......................+++++
............+++++
ubuntu@select-lobster:~/reproducer$ openssl req -config rootCA.cnf -set_serial 01 -new -batch -sha256 -nodes -x509 -days 9125 -out CA/rootCA_cert.pem -key rootCA_key.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
ubuntu@select-lobster:~/reproducer$ openssl genpkey -algorithm RSA-PSS -out subCA_key.pem -pkeyopt rsa_keygen_bits:2048
........+++++
....+++++
ubuntu@select-lobster:~/reproducer$ openssl req -config subCA.cnf -new -out subCA_req.pem -key subCA_key.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
ubuntu@select-lobster:~/reproducer$ openssl x509 -req -sha256 -in subCA_req.pem -CA CA/rootCA_cert.pem -CAkey rootCA_key.pem -out CA/subCA_cert.pem -CAserial rootCA_serial.txt -CAcreateserial -extfile subCA.cnf -extensions usr_cert -days 4380 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
Signature ok
subject=C = DE, O = Test Org, CN = Test RSA PSS Sub-CA
Getting CA Private Key
ubuntu@select-lobster:~/reproducer$ c_rehash CA
Doing CA
ubuntu@select-lobster:~/reproducer$ openssl genpkey -algorithm RSA-PSS -out user1_key.pem -pkeyopt rsa_keygen_bits:2048
...................+++++
.........................+++++
ubuntu@select-lobster:~/reproducer$ openssl req -config user.cnf -new -out user1_req.pem -key user1_key.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
ubuntu@select-lobster:~/reproducer$ openssl x509 -req -sha256 -in user1_req.pem -CA CA/subCA_cert.pem -CAkey subCA_key.pem -out user1_cert.pem -CAserial subCA_serial.txt -CAcreateserial -extfile user.cnf -extensions usr_cert -days 1825 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
Signature ok
subject=C = DE, O = Test Org, CN = Test User
Getting CA Private Key

Now, we verify the certificates:

ubuntu@select-lobster:~/reproducer$ openssl verify -CAfile CA/rootCA_cert.pem -untrusted CA/subCA_cert.pem user1_cert.pem
C = DE, O = Test Org, CN = Test User
error 20 at 0 depth lookup: unable to get local issuer certificate
error user1_cert.pem: verification failed

We see verification fail, due to CA:FALSE,pathlen:0 basicConstraints.

I then enabled -proposed, and installed openssl and libssl1.1 version
1.1.1f-1ubuntu2.4

If we then repeat the certificate validation:

ubuntu@select-lobster:~/reproducer$ openssl verify -CAfile CA/rootCA_cert.pem -untrusted CA/subCA_cert.pem user1_cert.pem
user1_cert.pem: OK

The certificates validate properly.

Additionally, if we examine the new unit tests added to openssl's testsuite in
the buildlog for focal:

https://launchpadlibrarian.net/537505620/buildlog_ubuntu-focal-amd64.openssl_1.1.1f-1ubuntu2.4_BUILDING.txt.gz

we see:

../../../test/certs/ee-pathlen.pem: OK
../../util/shlib_wrap.sh ../../apps/openssl verify -auth_level 1 -purpose sslserver -trusted ../../../test/certs/root-cert.pem -untrusted ../../../test/certs/ca-cert.pem ../../../test/certs/ee-pathlen.pem => 0
ok 84 - accept non-ca with pathlen:0 by default
CN = server.example
error 41 at 0 depth lookup: invalid or inconsistent certificate extension
error ../../../test/certs/ee-pathlen.pem: verification failed
../../util/shlib_wrap.sh ../../apps/openssl verify -auth_level 1 -purpose sslserver -x509_strict -trusted ../../../test/certs/root-cert.pem -untrusted ../../../test/certs/ca-cert.pem ../../../test/certs/ee-pathlen.pem => 2
ok 85 - reject non-ca with pathlen:0 with strict flag

Both tests pass with "ok", so the feature is working as intended in both standard and strict mode.

Since everything is in order, I am happy to mark verified for Focal.