For more details see Issue 733403 .
When verifying a server certificate, the extended key usage of the leaf certificate, and all the intermediates ( Issue 634442 ), must conform to serverAuth.
Currently Server Gated Crypto key usages [1] are accepted as equivalent to serverAuth, for legacy reasons.
For the builtin verifier, this legacy allowance is restricted to sha1 intermediates to prevent it from working with new certs (which seems sufficient from data on public certificates).
We should remove this legacy support for (Netscape) Server Gated Crypto altogether as these are not part of the RFC 5280 profile, or required by baseline requirements.
Attached is a sample chain with such an intermediate.
[1] Netscape Server Gated Crypto (2.16.840.1.113730.4.1), Microsoft Server Gated Crypto (1.3.6.1.4.1.311.10.3.3)
When verifying a server certificate, the extended key usage of the leaf certificate, and all the intermediates ( Issue 634442 ), must conform to serverAuth.
Currently Server Gated Crypto key usages [1] are accepted as equivalent to serverAuth, for legacy reasons.
For the builtin verifier, this legacy allowance is restricted to sha1 intermediates to prevent it from working with new certs (which seems sufficient from data on public certificates).
We should remove this legacy support for (Netscape) Server Gated Crypto altogether as these are not part of the RFC 5280 profile, or required by baseline requirements.
Attached is a sample chain with such an intermediate.
See also Issue 733403 for more history.
[1] Netscape Server Gated Crypto (2.16.840.1.113730.4.1), Microsoft Server Gated Crypto (1.3.6.1.4.1.311.10.3.3)
Comment 1 by eroman@chromium.org
, May 17 2018