Google Git
Sign in
chromium / chromium / src.git / 0de7df17b0f15613b30a422226d96c6429255d5c / . / net / data / verify_certificate_chain_unittest / target-has-pathlen-but-not-ca.pem
blob: 508a604b788d26d9bd6a3250985dba01812fd6f0 [file] [log] [blame]
[Created by: generate-target-has-pathlen-but-not-ca.py]
Certificate chain with 1 intermediate, a trusted root, and a target
certificate that is not a CA, and yet has a pathlen set. Verification is
expected to fail, since pathlen should only be set for CAs.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ca:73:f9:c5:cb:c6:2c:26:07:85:8f:4b:a4:ac:
52:18:84:42:ca:cb:34:59:92:5a:d8:f7:1f:df:51:
ed:6a:d5:e2:e1:dc:06:fb:72:0d:f3:e7:9f:38:0d:
46:f4:19:77:31:33:4c:5b:ac:dd:6c:8c:06:68:4c:
48:84:e2:c7:17:28:a9:0b:4e:07:07:b6:7b:cc:a9:
ef:6c:ae:22:6e:03:d6:d4:5b:f1:d9:aa:9e:61:54:
c7:14:79:cb:d6:c2:8f:da:87:e8:ae:d2:b3:66:4f:
d3:4c:56:b8:e0:80:f8:45:b7:11:35:53:ec:d4:49:
f8:05:70:f3:5b:56:b2:05:6d:3e:46:f8:be:67:71:
48:a6:65:dd:55:62:a3:23:b0:94:e1:f2:3b:17:54:
40:cc:37:90:d9:78:5a:d8:29:99:3f:02:16:a8:5b:
5e:64:f4:f2:84:ad:25:c6:cf:2c:5b:e7:6c:bf:88:
63:0c:8a:9b:fb:d9:b1:30:5a:21:74:1f:e4:5a:54:
23:3a:a1:02:34:97:2c:a2:af:08:05:f0:db:52:58:
7f:86:80:12:a3:f9:78:c0:ad:d6:8b:12:53:72:55:
24:ca:3e:70:f2:7f:78:8f:b7:a1:32:f1:2c:7f:23:
db:7b:ce:79:cf:cc:6d:d8:f7:14:54:5c:e0:db:7d:
60:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:D8:C1:91:A6:13:EB:0F:B4:6F:F2:B0:C4:0C:D9:0A:25:8E:53:10
X509v3 Authority Key Identifier:
keyid:5B:9F:DF:D5:C6:FF:4F:39:52:EA:EF:97:5B:C1:ED:E1:CC:44:4E:B6
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE, pathlen:1
Signature Algorithm: sha256WithRSAEncryption
70:43:96:4c:98:6f:28:18:8a:59:39:82:cc:24:47:f8:58:f8:
f8:43:04:09:1e:a6:51:59:bc:60:36:ff:a1:41:51:e1:4c:40:
6b:5e:8b:73:3c:c4:37:65:f4:b0:57:01:8f:c6:ba:0c:5b:97:
a1:6b:3a:ea:53:79:8f:9a:99:f8:ca:01:a5:15:ac:60:4c:a7:
a7:68:07:72:3c:ed:06:70:d8:a4:d0:c0:5f:88:f2:6a:c0:a1:
2b:e7:58:68:23:d3:7e:f0:98:99:7d:3d:91:25:e3:84:4f:ef:
55:a4:ee:f7:1f:dc:f2:af:a8:74:96:6c:26:c4:d8:b6:84:dc:
b7:e7:7d:9d:2b:7b:3b:e6:e4:ad:76:e0:aa:ea:a4:26:97:4b:
20:cd:b1:bd:a8:6e:b3:08:47:31:a2:01:7b:b5:6c:72:d0:f0:
12:ac:bd:4f:be:de:23:cb:34:14:d2:11:42:3f:d5:70:76:4c:
99:db:ce:bc:0e:d5:2e:4b:6f:c3:1b:5d:c6:58:89:74:5f:1d:
62:cf:df:1e:4c:13:08:88:cb:66:6f:00:c2:c5:6f:bb:b4:9e:
1f:8a:7d:9d:0b:a6:11:6f:28:bb:5e:46:ab:71:d4:eb:00:8c:
71:6b:32:85:3d:17:ca:d0:15:90:66:7a:b2:96:0c:c1:9d:2e:
53:36:97:5b
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKc/nF
y8YsJgeFj0ukrFIYhELKyzRZklrY9x/fUe1q1eLh3Ab7cg3z5584DUb0GXcxM0xb
rN1sjAZoTEiE4scXKKkLTgcHtnvMqe9sriJuA9bUW/HZqp5hVMcUecvWwo/ah+iu
0rNmT9NMVrjggPhFtxE1U+zUSfgFcPNbVrIFbT5G+L5ncUimZd1VYqMjsJTh8jsX
VEDMN5DZeFrYKZk/AhaoW15k9PKErSXGzyxb52y/iGMMipv72bEwWiF0H+RaVCM6
oQI0lyyirwgF8NtSWH+GgBKj+XjArdaLElNyVSTKPnDyf3iPt6Ey8Sx/I9t7znnP
zG3Y9xRUXODbfWCzAgMBAAGjgfowgfcwHQYDVR0OBBYEFJnYwZGmE+sPtG/ysMQM
2QoljlMQMB8GA1UdIwQYMBaAFFuf39XG/085Uurvl1vB7eHMRE62MD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAgEBMA0GCSqGSIb3DQEBCwUAA4IB
AQBwQ5ZMmG8oGIpZOYLMJEf4WPj4QwQJHqZRWbxgNv+hQVHhTEBrXotzPMQ3ZfSw
VwGPxroMW5ehazrqU3mPmpn4ygGlFaxgTKenaAdyPO0GcNik0MBfiPJqwKEr51ho
I9N+8JiZfT2RJeOET+9VpO73H9zyr6h0lmwmxNi2hNy3532dK3s75uStduCq6qQm
l0sgzbG9qG6zCEcxogF7tWxy0PASrL1Pvt4jyzQU0hFCP9VwdkyZ2868DtUuS2/D
G13GWIl0Xx1iz98eTBMIiMtmbwDCxW+7tJ4fin2dC6YRbyi7XkarcdTrAIxxazKF
PRfK0BWQZnqylgzBnS5TNpdb
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c8:43:a7:fe:04:ff:78:d4:be:60:bd:16:7d:46:
a2:cf:a8:74:42:6b:2b:49:13:61:2e:78:e7:7c:49:
52:0b:df:bf:b0:e1:5e:dd:f5:39:99:11:ff:d2:14:
8f:db:de:10:55:90:29:05:b3:49:db:80:87:d1:82:
6b:15:97:4b:da:5e:d7:da:11:0c:84:1e:db:d9:57:
4d:52:cf:31:a0:1f:bd:4f:79:22:7a:ee:5a:ae:9d:
22:df:71:d3:20:12:e5:c8:7e:1e:76:d3:6f:07:6e:
5c:c3:89:11:a2:35:50:05:4d:6f:30:d8:3c:ef:38:
80:51:e3:ee:7d:66:81:7f:7c:c4:e7:d0:d4:53:1d:
00:3d:03:cb:87:f4:3d:b9:13:cd:16:ef:b2:51:3f:
1c:96:0a:71:90:ca:25:c4:10:71:aa:ba:27:c8:67:
94:af:63:7c:29:2a:2e:a8:4e:03:7e:6c:5c:2f:96:
8d:9d:ca:c5:6f:f1:e7:8d:92:a9:ed:aa:87:3a:74:
12:c7:ea:3f:ad:a2:6a:76:d8:f6:c9:96:27:6e:8b:
a3:b8:cc:d4:2b:9b:61:be:2b:11:c5:bb:da:ef:14:
23:5d:5d:96:69:c0:a7:7a:16:db:3a:4e:e4:22:84:
55:02:26:7b:a5:8e:84:12:e4:36:fc:c5:07:d9:ee:
c5:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:9F:DF:D5:C6:FF:4F:39:52:EA:EF:97:5B:C1:ED:E1:CC:44:4E:B6
X509v3 Authority Key Identifier:
keyid:8A:85:CE:7E:DC:AF:15:B7:01:C2:5C:81:3F:3D:14:49:D2:38:08:AB
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
14:37:73:58:3c:37:40:b3:ff:a3:e4:f3:2d:f1:26:6b:c9:82:
17:c5:97:4d:bd:84:6a:19:25:08:20:a9:7d:38:fb:3d:a4:7f:
06:80:7e:fb:6e:7e:bf:26:90:4b:96:ab:a7:f9:49:a5:d6:77:
67:b5:ab:bb:ad:ea:84:5a:43:13:f9:b3:1a:80:b1:59:cc:d4:
1d:33:e8:0d:b0:af:9a:80:44:0e:a6:01:f3:a4:e2:87:2b:db:
47:be:0f:28:08:d9:ab:7c:d9:4c:86:d0:ba:bc:1b:dc:99:9b:
33:ea:a7:3e:ef:52:b8:70:a8:27:e7:83:59:cd:57:38:7f:a1:
36:53:4f:a0:1b:69:7d:e4:fa:9f:2b:52:50:09:23:62:c6:c0:
01:a6:85:76:45:80:6a:b6:54:bd:60:5d:5a:3a:04:92:ab:e3:
bd:0c:94:7f:5f:79:9c:3f:6e:12:c3:96:b0:78:44:9b:03:1e:
79:11:fb:8d:a5:1d:55:c9:b3:e5:a0:26:18:10:68:92:b8:54:
68:d0:2d:e1:99:0c:08:9c:cc:40:50:34:69:9f:13:e6:d7:87:
85:e7:57:63:3e:17:0f:ce:02:7b:78:e5:18:ef:1a:55:b1:6a:
55:f8:44:3e:92:1d:08:a1:7d:bb:fc:00:be:e3:1b:83:aa:b8:
75:f0:05:45
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEOn/gT/
eNS+YL0WfUaiz6h0QmsrSRNhLnjnfElSC9+/sOFe3fU5mRH/0hSP294QVZApBbNJ
24CH0YJrFZdL2l7X2hEMhB7b2VdNUs8xoB+9T3kieu5arp0i33HTIBLlyH4edtNv
B25cw4kRojVQBU1vMNg87ziAUePufWaBf3zE59DUUx0APQPLh/Q9uRPNFu+yUT8c
lgpxkMolxBBxqronyGeUr2N8KSouqE4DfmxcL5aNncrFb/HnjZKp7aqHOnQSx+o/
raJqdtj2yZYnboujuMzUK5thvisRxbva7xQjXV2WacCnehbbOk7kIoRVAiZ7pY6E
EuQ2/MUH2e7FGQIDAQABo4HLMIHIMB0GA1UdDgQWBBRbn9/Vxv9POVLq75dbwe3h
zEROtjAfBgNVHSMEGDAWgBSKhc5+3K8VtwHCXIE/PRRJ0jgIqzA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
ABQ3c1g8N0Cz/6Pk8y3xJmvJghfFl029hGoZJQggqX04+z2kfwaAfvtufr8mkEuW
q6f5SaXWd2e1q7ut6oRaQxP5sxqAsVnM1B0z6A2wr5qARA6mAfOk4ocr20e+DygI
2at82UyG0Lq8G9yZmzPqpz7vUrhwqCfng1nNVzh/oTZTT6AbaX3k+p8rUlAJI2LG
wAGmhXZFgGq2VL1gXVo6BJKr470MlH9feZw/bhLDlrB4RJsDHnkR+42lHVXJs+Wg
JhgQaJK4VGjQLeGZDAiczEBQNGmfE+bXh4XnV2M+Fw/OAnt45RjvGlWxalX4RD6S
HQihfbv8AL7jG4OquHXwBUU=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d3:fa:b1:7f:2b:e4:ff:ad:10:e9:54:54:ef:6a:
81:02:0b:b6:83:70:89:ae:d9:4d:54:ea:95:99:88:
3d:59:7d:97:1e:fd:b9:9b:53:8b:14:1e:a4:68:07:
ed:68:65:68:7d:4f:ba:28:38:ff:87:33:98:2c:32:
d0:e5:00:78:0f:6a:20:32:7d:9e:7d:9b:af:e9:39:
fe:5c:bc:04:1c:06:1a:11:1a:46:24:34:f7:e3:af:
56:6d:38:8f:46:39:a6:01:fa:56:f9:d7:9e:73:35:
1a:23:94:12:0f:0d:d3:ec:fe:09:57:f6:a0:9c:18:
a7:ba:4b:c9:37:a3:0c:60:77:4b:77:5f:c8:9c:7e:
b1:5c:b3:43:72:da:c9:6c:c8:71:24:ab:2f:c4:83:
bd:b0:4f:60:af:46:0d:7b:34:8f:e9:70:a2:85:ed:
6e:05:df:e3:c1:40:3d:17:b1:f0:a3:7d:e2:17:6f:
3d:fe:11:81:90:1f:c2:f8:bc:2c:d5:9c:fc:04:47:
24:c4:5e:cf:20:0f:31:e8:7d:ea:b5:69:b8:0f:35:
19:5d:13:08:db:d6:a2:dc:7a:33:92:b3:9c:fc:35:
de:cf:55:96:f7:52:6e:a9:e2:93:b0:52:07:8d:0f:
95:9c:0e:0d:1b:48:0e:b8:41:4f:eb:68:da:e5:6d:
a1:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:85:CE:7E:DC:AF:15:B7:01:C2:5C:81:3F:3D:14:49:D2:38:08:AB
X509v3 Authority Key Identifier:
keyid:8A:85:CE:7E:DC:AF:15:B7:01:C2:5C:81:3F:3D:14:49:D2:38:08:AB
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
3b:f2:cd:03:ef:d9:61:67:ea:7b:dd:e9:88:13:07:8d:94:51:
62:bb:56:d6:c1:be:8a:d0:a0:81:fe:1d:90:6d:85:94:2c:ac:
33:fb:5d:f6:c9:74:72:7b:f7:5a:b8:e4:b6:dd:30:bb:93:3b:
74:22:e9:fe:e9:5c:b2:8b:d4:a1:21:0c:e6:3c:ee:86:ae:9e:
8a:fd:88:bb:a7:fd:20:bb:9c:ff:d4:ca:6f:66:60:19:14:d1:
d1:f2:d6:f3:b2:58:c8:4d:15:30:e1:e0:fc:40:ad:55:25:ba:
8d:25:68:26:c4:64:68:7e:94:e6:f4:96:5a:c4:e6:ba:85:5b:
b2:32:d1:82:32:8b:f4:3f:6f:4e:d5:de:2e:d7:09:3c:1f:7e:
93:3a:22:d8:ef:40:41:47:28:80:03:77:0d:f9:51:28:28:b6:
53:24:66:f7:3b:56:6c:53:58:55:b2:49:7c:c4:1a:3d:a1:37:
29:19:8a:9a:99:84:7f:63:ac:21:85:f5:02:5a:5a:1c:7c:0a:
8b:bc:83:ff:80:57:2e:ce:62:c5:79:58:24:12:e8:af:a4:6c:
ce:a8:92:2b:25:c4:e3:b6:27:f7:d5:dd:e6:fa:cc:91:6c:59:
5e:f5:a4:e2:4f:0b:18:fa:4e:9c:88:66:20:25:af:87:14:01:
27:08:89:6a
-----BEGIN TRUST_ANCHOR_UNCONSTRAINED-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP6sX8r5P+tEOlUVO9q
gQILtoNwia7ZTVTqlZmIPVl9lx79uZtTixQepGgH7WhlaH1Puig4/4czmCwy0OUA
eA9qIDJ9nn2br+k5/ly8BBwGGhEaRiQ09+OvVm04j0Y5pgH6VvnXnnM1GiOUEg8N
0+z+CVf2oJwYp7pLyTejDGB3S3dfyJx+sVyzQ3LayWzIcSSrL8SDvbBPYK9GDXs0
j+lwooXtbgXf48FAPRex8KN94hdvPf4RgZAfwvi8LNWc/ARHJMRezyAPMeh96rVp
uA81GV0TCNvWotx6M5KznPw13s9VlvdSbqnik7BSB40PlZwODRtIDrhBT+to2uVt
oWMCAwEAAaOByzCByDAdBgNVHQ4EFgQUioXOftyvFbcBwlyBPz0USdI4CKswHwYD
VR0jBBgwFoAUioXOftyvFbcBwlyBPz0USdI4CKswNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA78s0D79lh
Z+p73emIEweNlFFiu1bWwb6K0KCB/h2QbYWULKwz+132yXRye/dauOS23TC7kzt0
Iun+6Vyyi9ShIQzmPO6Grp6K/Yi7p/0gu5z/1MpvZmAZFNHR8tbzsljITRUw4eD8
QK1VJbqNJWgmxGRofpTm9JZaxOa6hVuyMtGCMov0P29O1d4u1wk8H36TOiLY70BB
RyiAA3cN+VEoKLZTJGb3O1ZsU1hVskl8xBo9oTcpGYqamYR/Y6whhfUCWlocfAqL
vIP/gFcuzmLFeVgkEuivpGzOqJIrJcTjtif31d3m+syRbFle9aTiTwsY+k6ciGYg
Ja+HFAEnCIlq
-----END TRUST_ANCHOR_UNCONSTRAINED-----
150302120000Z
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
FAIL
-----BEGIN VERIFY_RESULT-----
RkFJTA==
-----END VERIFY_RESULT-----
Target certificate looks like a CA but does not set all CA properties
-----BEGIN ERRORS-----
VGFyZ2V0IGNlcnRpZmljYXRlIGxvb2tzIGxpa2UgYSBDQSBidXQgZG9lcyBub3Qgc2V0IGFsbCBDQSBwcm9wZXJ0aWVz
-----END ERRORS-----