Created attachment 35387 [details] PoC using non-canonical name comparison in SSLCARequestDN* We've hit an unusual case with a public CA which has issued two intermediate certificates used for issuing client certificates, where the subject names of the intermediate CAs only differ in the case of one character of the Subject DN (i.e. one has lower case, the other upper case). OpenSSL treats these names as identical - it canonicalizes names internally (lower case, removing whitespace), and X509_NAME_cmp() compares as equal. Other TLS implementations do not treat them as equal. While the name comparison rules in https://tools.ietf.org/html/rfc3280#section-4.1.2.4 are clear, the rules in https://tools.ietf.org/html/rfc5280#section-7.1 are more ambiguous, with language like "Conforming implementations MUST support name comparisons using caseIgnoreMatch" not explicit. Anyway, the CA apparently thinks this practice is acceptable. One way to work around this is in mod_ssl is to change the behaviour of SSLCARequestDN* to avoid OpenSSL's standard (canonical) name comparison and rely on a bitwise DN comparison. On one hand, few people need to use that directive, and the behaviour change should make no difference to 99.999% of them, so there should be little downside. On the other hand, this forces unnecessary complexity into mod_ssl for a borderline standards violation.
I should have been more explicit here, the problem this creates is that mod_ssl can only send one of the two "duplicate" CA names in a certificate request, when both are required.
With r1825120 which simplifies to using SSL_add_file_cert_subjects_to_stack() this was fixed in OpenSSL via https://github.com/openssl/openssl/pull/4731