Disallow certs with explicit curve in verification chain

The check is applied only with X509_V_FLAG_X509_STRICT.

Fixes #12139

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12909)

16 files changed, 179 insertions, 1 deletions

diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 4755b39eb4..c22aab9756 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -174,6 +174,8 @@ const char *X509_verify_cert_error_string(long n)
         return "OCSP verification failed";
     case X509_V_ERR_OCSP_CERT_UNKNOWN:
         return "OCSP unknown cert";
+    case X509_V_ERR_EC_KEY_EXPLICIT_PARAMS:
+        return "Certificate public key has explicit ECC parameters";
 
     default:
         /* Printing an error number into a static buffer is not thread-safe */
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index f30c0f8d38..801055f5a0 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -80,6 +80,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 static int check_dane_issuer(X509_STORE_CTX *ctx, int depth);
 static int check_key_level(X509_STORE_CTX *ctx, X509 *cert);
 static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert);
+static int check_curve(X509 *cert);
 
 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
                          unsigned int *preasons, X509_CRL *crl, X509 *x);
@@ -525,6 +526,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                 ret = 1;
             break;
         }
+        if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
+            /* Check for presence of explicit elliptic curve parameters */
+            ret = check_curve(x);
+            if (ret < 0)
+                ctx->error = X509_V_ERR_UNSPECIFIED;
+            else if (ret == 0)
+                ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS;
+        }
         if ((x->ex_flags & EXFLAG_CA) == 0
             && x->ex_pathlen != -1
             && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
@@ -3313,6 +3322,32 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert)
 }
 
 /*
+ * Check whether the public key of ``cert`` does not use explicit params
+ * for an elliptic curve.
+ *
+ * Returns 1 on success, 0 if check fails, -1 for other errors.
+ */
+static int check_curve(X509 *cert)
+{
+#ifndef OPENSSL_NO_EC
+    EVP_PKEY *pkey = X509_get0_pubkey(cert);
+
+    /* Unsupported or malformed key */
+    if (pkey == NULL)
+        return -1;
+
+    if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
+        int ret;
+
+        ret = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey));
+        return ret < 0 ? ret : !ret;
+    }
+#endif
+
+    return 1;
+}
+
+/*
  * Check whether the signature digest algorithm of ``cert`` meets the security
  * level of ``ctx``.  Should not be checked for trust anchors (whether
  * self-signed or otherwise).
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 0f13739b79..18186c9a98 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -187,6 +187,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 # define         X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH         76
 # define         X509_V_ERR_NO_ISSUER_PUBLIC_KEY                 77
 # define         X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM      78
+# define         X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               79
 
 /* Certificate verify flags */
 
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 0c5ba28309..364f77f08a 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1341,6 +1341,7 @@ int tls_get_message_body(SSL *s, size_t *len)
 static const X509ERR2ALERT x509table[] = {
     {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE},
     {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE},
     {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE},
     {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA},
     {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
diff --git a/test/certs/ca-cert-ec-explicit.pem b/test/certs/ca-cert-ec-explicit.pem
new file mode 100644
index 0000000000..d741ecdb65
--- /dev/null
+++ b/test/certs/ca-cert-ec-explicit.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGDCCAgCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTIwMDkxNTEzMDY0MVoYDzIxMjAwOTE2MTMwNjQxWjANMQswCQYDVQQD
+DAJDQTCCAUswggEDBgcqhkjOPQIBMIH3AgEBMCwGByqGSM49AQECIQD/////AAAA
+AQAAAAAAAAAAAAAAAP///////////////zBbBCD/////AAAAAQAAAAAAAAAAAAAA
+AP///////////////AQgWsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsD
+FQDEnTYIhucEk2pmeOETnSa3gZ9+kARBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLesz
+oPShOUXYmMKWT+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD/////
+AAAAAP//////////vOb6racXnoTzucrC/GMlUQIBAQNCAASlXna3kSD/Yol3RA5I
+icjIxYb9UJoCTzb/LsxjlOvIS5OqCTzpqP0p3JrnvLPsbzq7Cf/g0bNlxAGs1iVM
+5NDco1MwUTAdBgNVHQ4EFgQUFk6ucH6gMXeadmuV7a1iWEnU/CIwHwYDVR0jBBgw
+FoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQsFAAOCAQEAdyUgfT0eAsZzoHFXoWN5uqi0MHuhLI37TEzkH5h7iTpDQJTQ
+F0SjbawfM/nxxUekRW3mjFu3lft+VA7yC0OTNBLffan/vTh+HGOvvYZSMJYgKrMG
+PRWgDId+n9RTcQCf+91cISvOazHixRiJG7JfRLdNZsAE+miw4HgPLFboTwpxtTDJ
+zJ4ssBC6P+5IHwBCtNMiilJMMMzuSaZa5iSo6M9AdXWfcQN3uhW1lgQOLOlKLcbo
+3UhW1GMMhTTeytM5aylbKhRsnL7ozmS44zsKZ25YaQxgjdKitFjVN6j7eyQ7C9J2
+bLXgl3APweLQbGGs0zv08Ad0SCCKYLHK6mMJqg==
+-----END CERTIFICATE-----
diff --git a/test/certs/ca-cert-ec-named.pem b/test/certs/ca-cert-ec-named.pem
new file mode 100644
index 0000000000..5fbe251afb
--- /dev/null
+++ b/test/certs/ca-cert-ec-named.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICJDCCAQygAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTIwMDkxNTEzMDY1MFoYDzIxMjAwOTE2MTMwNjUwWjANMQswCQYDVQQD
+DAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPt+MXCi9+wztEvmdG2EVSk7
+bAiJMXJXW/u0NbcGCrrbhO1NJSHHV3Lks888sqeSPh/bif/ASJ0HX+VarMUoFIKj
+UzBRMB0GA1UdDgQWBBRjigU5REz8Lwf1iD6mALVhsHIanjAfBgNVHSMEGDAWgBSO
+9SWvHptrhD18gJrJU5xNcvejUjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQCQs9wpblefb2C9a7usGL1DJjWJQIFHtUf+6p/KPgEV7LF138ECjL5s
+0AWRd8Q8SbsBH49j2r3LLLMkvFglyRaN+FF+TCC/UQtclTb4+HgLsUT2xSU8U2cY
+SOnzNB5AX/qAAsdOGqOjivPtGXcXFexDKPsw3n+3rJgymBP6hbLagb47IabNhot5
+bMM6S+bmfpMwfsm885zr5vG2Gg9FjjH94Vx4I7eRLkjCS88gkIR1J35ecHFteOdo
+idOaCHQddYiKukBzgdjtTxSDXKffkaybylrwOZ8VBlQd3zC7s02d+riHCnroLnnE
+cwYLlJ5z6jN7zoPZ55yX/EmA0RVny2le
+-----END CERTIFICATE-----
diff --git a/test/certs/ca-key-ec-explicit.pem b/test/certs/ca-key-ec-explicit.pem
new file mode 100644
index 0000000000..08add31ca5
--- /dev/null
+++ b/test/certs/ca-key-ec-explicit.pem
@@ -0,0 +1,10 @@
+-----BEGIN PRIVATE KEY-----
+MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
+AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
+///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
+AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
+9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
+AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgdEf20fpuqEZU
+tZ4ORoq4vb5ETV4a6QOl/iGnDQt++/ihRANCAASlXna3kSD/Yol3RA5IicjIxYb9
+UJoCTzb/LsxjlOvIS5OqCTzpqP0p3JrnvLPsbzq7Cf/g0bNlxAGs1iVM5NDc
+-----END PRIVATE KEY-----
diff --git a/test/certs/ca-key-ec-named.pem b/test/certs/ca-key-ec-named.pem
new file mode 100644
index 0000000000..cff7a64e84
--- /dev/null
+++ b/test/certs/ca-key-ec-named.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgCTrYrMKcyV49+w4B
+TWr2WTZsMM4aFpaYulKAuhiuQ7mhRANCAAT7fjFwovfsM7RL5nRthFUpO2wIiTFy
+V1v7tDW3Bgq624TtTSUhx1dy5LPPPLKnkj4f24n/wEidB1/lWqzFKBSC
+-----END PRIVATE KEY-----
diff --git a/test/certs/ee-cert-ec-explicit.pem b/test/certs/ee-cert-ec-explicit.pem
new file mode 100644
index 0000000000..eccb3342ca
--- /dev/null
+++ b/test/certs/ee-cert-ec-explicit.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIChzCCAi6gAwIBAgIBAjAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAgFw0y
+MDA5MTUxMzE0MzlaGA8yMTIwMDkxNjEzMTQzOVowGTEXMBUGA1UEAwwOc2VydmVy
+LmV4YW1wbGUwggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjOPQEBAiEA////
+/wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAAAAEAAAAAAAAA
+AAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n
+0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i85uVjpEDydwN9
+gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA
+/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAE+7TDP7C9VqQP
+TnqoJc/Fvf/N45BX+lBfmfiGBeRKtSsvrERUlymzQ4/nxVtymozAgFxQ0my998HH
+TSVCj7Sq56N9MHswHQYDVR0OBBYEFKKwEfKYhNv6fbQf0Xd0te7J3GZdMB8GA1Ud
+IwQYMBaAFGOKBTlETPwvB/WIPqYAtWGwchqeMAkGA1UdEwQCMAAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1wbGUwCgYIKoZIzj0E
+AwIDRwAwRAIgb4UITAOFlATeaayWQX9r5gf61qcnzT7TjXCekf7ww9oCIBDltg/u
+ZvS9gqviMFuPjTuk/FhsCTAUzTT7WmgcWeH7
+-----END CERTIFICATE-----
diff --git a/test/certs/ee-cert-ec-named-explicit.pem b/test/certs/ee-cert-ec-named-explicit.pem
new file mode 100644
index 0000000000..db13c0e5ef
--- /dev/null
+++ b/test/certs/ee-cert-ec-named-explicit.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBlDCCATqgAwIBAgIBAjAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAgFw0y
+MDA5MTUxMzE0NDVaGA8yMTIwMDkxNjEzMTQ0NVowGTEXMBUGA1UEAwwOc2VydmVy
+LmV4YW1wbGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQv5PnMStW/Wx9lpvjl
+JTsFIjc2wBv14sNuMh1hfNX8ZJcoCfAAKYu6ujxXt328GWBMaubRbBjOd/eqpEst
+tYKzo30wezAdBgNVHQ4EFgQUmb/qcE413hkpmtjEMyRZZFcN1TYwHwYDVR0jBBgw
+FoAUFk6ucH6gMXeadmuV7a1iWEnU/CIwCQYDVR0TBAIwADATBgNVHSUEDDAKBggr
+BgEFBQcDATAZBgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTAKBggqhkjOPQQDAgNI
+ADBFAiEA9y6J8rdAbO0mDZscIb8rIn6HgxBW4WAqTlFeZeHjjOYCIAmt2ldyObOL
+tXaiaxYX3WAOR1vmfzsdrkCAOCfAkpbo
+-----END CERTIFICATE-----
diff --git a/test/certs/ee-cert-ec-named-named.pem b/test/certs/ee-cert-ec-named-named.pem
new file mode 100644
index 0000000000..0730febf46
--- /dev/null
+++ b/test/certs/ee-cert-ec-named-named.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkzCCATqgAwIBAgIBAjAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAgFw0y
+MDA5MTUxNDEwNDhaGA8yMTIwMDkxNjE0MTA0OFowGTEXMBUGA1UEAwwOc2VydmVy
+LmV4YW1wbGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS0YU57+RFRWxr/frnL
++vOYkY3h9roKnvxCG07wK5tevEYtSdKz0KsHvDBDatw1r3JNv+m2p54/3AqFPAZ3
+5b0Po30wezAdBgNVHQ4EFgQUypypuZrUl0BEmbuhfJpo3QFNIvUwHwYDVR0jBBgw
+FoAUY4oFOURM/C8H9Yg+pgC1YbByGp4wCQYDVR0TBAIwADATBgNVHSUEDDAKBggr
+BgEFBQcDATAZBgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTAKBggqhkjOPQQDAgNH
+ADBEAiAEkKD7H5uxQ4YbQOiN4evbu5RCV5W7TVE80iBfcY5u4wIgGcwr++lVNX0Q
+CTT+M3ukDjOA8OEvKUz1TiDuRAQ29qU=
+-----END CERTIFICATE-----
diff --git a/test/certs/ee-key-ec-explicit.pem b/test/certs/ee-key-ec-explicit.pem
new file mode 100644
index 0000000000..d847d85dbe
--- /dev/null
+++ b/test/certs/ee-key-ec-explicit.pem
@@ -0,0 +1,10 @@
+-----BEGIN PRIVATE KEY-----
+MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
+AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
+///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
+AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
+9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
+AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQg0cmpcTcEYG5G
+ZaVkGjtsBc3sLZn1EuV9qNK2qx6iNzmhRANCAAT7tMM/sL1WpA9Oeqglz8W9/83j
+kFf6UF+Z+IYF5Eq1Ky+sRFSXKbNDj+fFW3KajMCAXFDSbL33wcdNJUKPtKrn
+-----END PRIVATE KEY-----
diff --git a/test/certs/ee-key-ec-named-explicit.pem b/test/certs/ee-key-ec-named-explicit.pem
new file mode 100644
index 0000000000..28f81e9569
--- /dev/null
+++ b/test/certs/ee-key-ec-named-explicit.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2ue+X5ZFJPJPQG2E
+WQY4ALv2PkPp2Gy6KrMiokgmjkehRANCAAQv5PnMStW/Wx9lpvjlJTsFIjc2wBv1
+4sNuMh1hfNX8ZJcoCfAAKYu6ujxXt328GWBMaubRbBjOd/eqpEsttYKz
+-----END PRIVATE KEY-----
diff --git a/test/certs/ee-key-ec-named-named.pem b/test/certs/ee-key-ec-named-named.pem
new file mode 100644
index 0000000000..d627bcf0dd
--- /dev/null
+++ b/test/certs/ee-key-ec-named-named.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGSoneIKG3//ujXGu
+/EoJdNhpKZj026EF/YQ5FblUBWahRANCAAS0YU57+RFRWxr/frnL+vOYkY3h9roK
+nvxCG07wK5tevEYtSdKz0KsHvDBDatw1r3JNv+m2p54/3AqFPAZ35b0P
+-----END PRIVATE KEY-----
diff --git a/test/certs/setup.sh b/test/certs/setup.sh
index 57fca3f448..2bb01fa13e 100755
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -116,6 +116,10 @@ openssl x509 -in ca-cert-md5.pem -trustout \
 # CA has 768-bit key
 OPENSSL_KEYBITS=768 \
 ./mkcert.sh genca "CA" ca-key-768 ca-cert-768 root-key root-cert
+# EC cert with explicit curve
+./mkcert.sh genca "CA" ca-key-ec-explicit ca-cert-ec-explicit root-key root-cert
+# EC cert with named curve
+./mkcert.sh genca "CA" ca-key-ec-named ca-cert-ec-named root-key root-cert
 
 # client intermediate ca: cca-cert
 # trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
@@ -184,6 +188,14 @@ OPENSSL_SIGALG=md5 \
 # 768-bit leaf key
 OPENSSL_KEYBITS=768 \
 ./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert
+# EC cert with explicit curve signed by named curve ca
+./mkcert.sh genee server.example ee-key-ec-explicit ee-cert-ec-explicit ca-key-ec-named ca-cert-ec-named
+# EC cert with named curve signed by explicit curve ca
+./mkcert.sh genee server.example ee-key-ec-named-explicit \
+    ee-cert-ec-named-explicit ca-key-ec-explicit ca-cert-ec-explicit
+# EC cert with named curve signed by named curve ca
+./mkcert.sh genee server.example ee-key-ec-named-named \
+    ee-cert-ec-named-named ca-key-ec-named ca-cert-ec-named
 
 # self-signed end-entity cert with explicit keyUsage not including KeyCertSign
 openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature -days 36500
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 0c643e583f..9b8648e670 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -27,7 +27,7 @@ sub verify {
     run(app([@args]));
 }
 
-plan tests => 138;
+plan tests => 143;
 
 # Canonical success
 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -280,6 +280,27 @@ ok(verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level",
 ok(!verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"]),
    "reject md5 leaf at auth level 1");
 
+# Explicit vs named curve tests
+SKIP: {
+    skip "EC is not supported by this OpenSSL build", 5
+        if disabled("ec");
+    ok(verify("ee-cert-ec-explicit", "sslserver", ["root-cert"],
+               ["ca-cert-ec-named"]),
+        "accept explicit curve leaf with named curve intermediate without strict");
+    ok(verify("ee-cert-ec-named-explicit", "sslserver", ["root-cert"],
+               ["ca-cert-ec-explicit"]),
+        "accept named curve leaf with explicit curve intermediate without strict");
+    ok(!verify("ee-cert-ec-explicit", "sslserver", ["root-cert"],
+               ["ca-cert-ec-named"], "-x509_strict"),
+        "reject explicit curve leaf with named curve intermediate with strict");
+    ok(!verify("ee-cert-ec-named-explicit", "sslserver", ["root-cert"],
+               ["ca-cert-ec-explicit"], "-x509_strict"),
+        "reject named curve leaf with explicit curve intermediate with strict");
+    ok(verify("ee-cert-ec-named-named", "sslserver", ["root-cert"],
+              ["ca-cert-ec-named"], "-x509_strict"),
+        "accept named curve leaf with named curve intermediate with strict");
+}
+
 # Depth tests, note the depth limit bounds the number of CA certificates
 # between the trust-anchor and the leaf, so, for example, with a root->ca->leaf
 # chain, depth = 1 is sufficient, but depth == 0 is not.