crypto/x509: AKID and issuer SKID are not checked to match

[PeterNovotney]

What version of Go are you using (go version)?

go1.14.6

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

It reproduces on the playground.

What did you do?

https://play.golang.org/p/SBdIYeRXuOB verification succeeds for this certificate chain where the AIK keyid on the leaf certificate does not match the issuer ID.

What did you expect to see?

OpenSSL verify rejects this certificate chain due to the AIK KeyId and Issuer ID mismatch.

This can be verified with: openssl verify -CAfile ca.pem passing.pem
where ca.pem and passing.pem are the same x.509 certs that are in the playground example.

I expected Go x.509 Verify to also fail the chain.

What did you see instead?

Go x.509 Verify succeeds

[networkimprov]

cc @FiloSottile @katiehockman

[FiloSottile]

The spec does not require a match, we can check what the other good verifiers do (Chrome and moz::pkix) and match that.

[rolandshoemaker]

Chromium allows mismatches, but during chain building prioritizes potential issuers with matching SKID/AKID above those with mismatches (see https://source.chromium.org/chromium/chromium/src/+/master:net/cert/internal/path_builder.cc;l=113?q=subject_key_identifier&ss=chromium%2Fchromium%2Fsrc&start=11). A similar approach to this is suggested in https://go-review.googlesource.com/c/go/+/232993.

Mozilla::pkix just ignores SKID/AKID matching entirely.

[rolandshoemaker]

With https://go-review.googlesource.com/c/go/+/232993 landed this is now expected behavior and matches what Chromium does.

[networkimprov]

See also #30079