Hi Kaleb, I think that this practice might not be a best practice anymore (if it ever was):

Kaleb J. Himes wrote:

We consider it best practice to validate all certificates in the chain and use this by default.

Quoting from https://datatracker.ietf.org/doc/html/r … ion-4.4.2:

Note: Prior to TLS 1.3, "certificate_list" ordering required each
   certificate to certify the one immediately preceding it; however,
   some implementations allowed some flexibility.  Servers sometimes
   send both a current and deprecated intermediate for transitional
   purposes, and others are simply configured incorrectly, but these
   cases can nonetheless be validated properly.  For maximum
   compatibility, all implementations SHOULD be prepared to handle
   potentially extraneous certificates and arbitrary orderings from any
   TLS version
, with the exception of the end-entity certificate which
   MUST be first.

So you might want to enable WOLFSSL_ALT_CERT_CHAINS by default to accomodate to "be prepared to handle potentially extraneous certificates".

In addition, wolfSSL isn't supporting "arbitrary orderings" currently, i.e. for a path A (trust anchor) -> B -> C -> D (leaf), if it receives the certificates in the order D - B - C, it fails.

I've found https://www.wolfssl.com/docs/wolfssl-manual/ch2/, which confirms the validation behavior described by the OP:

WOLFSSL_ALT_CERT_CHAIN ... allows loading intermediate CA's as trusted and ignoring no signer failures for CA's up the chain to root. The alternate certificate chain mode only requires that the peer certificate validate to a trusted CA.

But, as mentioned previously, it is not working like that currently, i.e. trust in intermediate CAs works even without WOLFSSL_ALT_CERT_CHAIN. Has something changed recently in regards to this?.

amirmaim wrote:

to clarify: assuming we have 3 certificates A->B->C (A signed B, B signed C), where A is self-signed certificate, is there a way to load B as the my trust anchor, and allow WOLFSSL to authenticate C only with B (that is, without self-signed certificate)?

this behavior will be equivalent to OPENSSL with "partial_chain" flag.

amirmaim wrote:

without the flag, OPENSSL return "unable to get local issuer certificate". WOLFSSL return -188 (ASN_NO_SIGNER_E).

I can't reproduce this error with the current (Aug 2021) wolfSSL source code from https://github.com/wolfSSL/wolfssl.

In my tests, if I only configure trust in an intermediate CA, wolfSSL validates the certification path successfully, instead of failing as described by the OP!.

Maybe in the past it was required to always chain up to self-signed root CAs to validate the certification paths (as OpenSSL does by default, unless X509_V_FLAG_PARTIAL_CHAIN is used), but not anymore?. Can anyone confirm?.

PS: From my tests, WOLFSSL_ALT_CERT_CHAINS isn't really related to this as it (apparently) only instructs the library to ignore unrelated certificates during validation and even without it enabled, trusting only in an intermediate CA currently suffices for successful validation.