Verification may be falsely rejected when root cert has authorityCertIssuer field #11461
Description
Cryptography's x509 verification appears to reject verification on a certificate when the authorityCertIssuer field is present in the authority key identifier extension of the root certificate. This may be correct per CABF baseline, but is suspiciously different from all other implementations I tested.
I have written a small script that isolates the issue. This fails on cryptography.hazmat.bindings._rust.x509.VerificationError: validation failed: CandidatesExhausted(Other("authorityKeyIdentifier must not contain authorityCertIssuer")). The leaf and intermediate do not contain authorityCertIssuer - the root does.
The error message originates in the code here. This code seems to have an exception that allows the authority key identifier extension to be absent, but if it is found, the presence of authorityCertIssuer will lead to an error.
This is a widely trusted root certificate, and no browsers and other testing tools don't seem to have an issue with it. I do see the CABF baseline does not allow authorityCertIssuer. But this was introduced in 2020, the root certificate is from 2006. Perhaps there are other details I don't know - I'm not too familiar with these policies and their implementations. It definitely seems strange and undesirable that cryptography rejects a certificate where other implementations find it valid.
It would be great if someone with more experience in this area could look at this and determine if cryptography is too strict in this case, and what the correct behavior would be.
For completeness, my versions, with cryptography installed in a venv through pip install:
cffi==1.15.1
cryptography==43.0.0
pip-tools==6.14.0
setuptools==73.0.0
Python 3.9.6 (default, Nov 10 2023, 13:38:27)
[Clang 15.0.0 (clang-1500.1.0.2.5)] on darwin