Google Git
Sign in
chromium / chromium / src / 8cccf2141e0fbf642d1254943ee6452f73692bea / . / net / data / verify_certificate_chain_unittest / intermediate-unknown-critical-extension.pem
blob: 3d65c7e2f6a3ae166f6c2c41c52a18707a495da6 [file] [log] [blame]
[Created by: generate-intermediate-unknown-critical-extension.py]
Certificate chain with 1 intermediate and a trusted root. The intermediate
has an unknown X.509v3 extension (OID=1.2.3.4) that is marked as critical.
Verifying this certificate chain is expected to fail because there is an
unrecognized critical extension.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:8a:82:ba:91:ca:1e:03:94:8f:9d:68:98:8b:
95:3b:c1:e3:d1:5b:82:45:bf:72:24:cb:6f:de:91:
2e:e3:49:ba:31:7b:57:db:90:36:32:e6:b4:41:8f:
38:89:c6:6b:82:60:dc:98:e7:4b:06:55:41:db:9c:
a8:e0:97:15:5a:3c:06:ac:37:89:f5:9b:65:b6:93:
a7:2e:45:f3:b3:15:59:a7:6d:64:d5:cb:93:da:46:
b1:97:8a:79:f6:48:4b:4c:18:d6:38:cf:55:5b:6b:
78:c2:f5:f0:37:54:67:8d:90:43:81:ec:15:1e:e7:
75:55:57:7e:6a:74:71:73:6d:b4:d5:37:b5:28:40:
2e:6f:a6:64:b8:77:fd:2c:6c:25:2c:27:cf:db:fa:
b4:c9:39:c2:d1:1e:e2:a1:73:bb:ec:81:dc:c3:ec:
d0:a0:08:1e:81:53:88:51:d2:83:d2:ba:33:3f:79:
1e:2a:6f:80:7b:21:d8:bb:80:93:68:ea:f4:a9:d5:
88:b8:ac:0b:ff:90:bd:cc:8a:6b:e7:e5:27:47:d9:
a0:68:5d:38:3c:b0:a3:4a:ae:5a:d9:a6:f8:51:61:
28:fb:21:5c:01:aa:72:76:60:f6:e0:88:a1:44:b5:
fa:85:27:45:67:0f:c6:b1:11:00:81:23:3c:aa:a1:
58:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:30:C8:2B:C4:EC:EB:81:5B:D2:2B:62:ED:34:29:BB:3C:40:FD:4B
X509v3 Authority Key Identifier:
keyid:C8:5D:13:08:EB:15:BB:7B:35:8E:74:DF:D3:C3:55:51:78:E1:4A:D3
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
ca:46:c4:08:c9:4e:1b:3f:96:fd:d7:9c:89:d6:ea:7f:76:53:
ac:03:55:eb:9a:d5:86:f8:66:cd:39:54:f0:7b:d1:74:62:83:
c7:58:46:b1:ad:da:b7:fd:03:94:3b:b8:a5:4a:01:45:53:2c:
c6:ae:55:52:08:78:de:66:49:a0:40:eb:7d:43:03:00:46:03:
1d:6d:c5:83:57:f6:92:a5:c6:04:76:f1:de:bf:ec:90:8b:3b:
99:70:80:41:10:93:07:2c:eb:cd:5b:b5:e6:12:76:41:db:81:
ab:f5:6a:a5:e4:67:45:39:fa:14:bf:0d:e7:e4:a9:f3:9a:57:
4c:20:4e:68:fd:1a:35:00:66:b7:c6:fd:2f:14:db:7b:28:3a:
59:31:5a:9d:96:d1:2e:27:d1:7a:c3:eb:b4:28:f1:e2:9a:d1:
1d:be:6b:9d:81:4e:4c:7f:5d:fe:5f:20:8f:bb:f0:85:ee:bb:
2d:66:40:bb:ec:40:c1:51:4f:f9:1d:24:4e:64:ad:64:1c:e5:
68:3f:cb:b2:6c:c5:82:c9:e7:5d:7d:73:8d:ec:d9:b7:af:06:
71:53:92:dd:aa:23:28:38:f0:06:d6:64:cb:f5:ac:f2:4c:e2:
5a:55:c3:a6:d7:7e:32:21:19:54:c4:aa:cd:21:60:fd:b7:45:
81:a1:53:ae
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHioK6
kcoeA5SPnWiYi5U7wePRW4JFv3Iky2/ekS7jSboxe1fbkDYy5rRBjziJxmuCYNyY
50sGVUHbnKjglxVaPAasN4n1m2W2k6cuRfOzFVmnbWTVy5PaRrGXinn2SEtMGNY4
z1Vba3jC9fA3VGeNkEOB7BUe53VVV35qdHFzbbTVN7UoQC5vpmS4d/0sbCUsJ8/b
+rTJOcLRHuKhc7vsgdzD7NCgCB6BU4hR0oPSujM/eR4qb4B7Idi7gJNo6vSp1Yi4
rAv/kL3Mimvn5SdH2aBoXTg8sKNKrlrZpvhRYSj7IVwBqnJ2YPbgiKFEtfqFJ0Vn
D8axEQCBIzyqoVhlAgMBAAGjgekwgeYwHQYDVR0OBBYEFJQwyCvE7OuBW9IrYu00
Kbs8QP1LMB8GA1UdIwQYMBaAFMhdEwjrFbt7NY5039PDVVF44UrTMD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEAykbECMlOGz+W/decidbq
f3ZTrANV65rVhvhmzTlU8HvRdGKDx1hGsa3at/0DlDu4pUoBRVMsxq5VUgh43mZJ
oEDrfUMDAEYDHW3Fg1f2kqXGBHbx3r/skIs7mXCAQRCTByzrzVu15hJ2QduBq/Vq
peRnRTn6FL8N5+Sp85pXTCBOaP0aNQBmt8b9LxTbeyg6WTFanZbRLifResPrtCjx
4prRHb5rnYFOTH9d/l8gj7vwhe67LWZAu+xAwVFP+R0kTmStZBzlaD/LsmzFgsnn
XX1zjezZt68GcVOS3aojKDjwBtZky/Ws8kziWlXDptd+MiEZVMSqzSFg/bdFgaFT
rg==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:da:1c:0d:74:40:2d:01:10:9c:e0:0c:aa:01:c7:
ed:a4:03:b5:a0:b0:1d:c0:70:70:9a:76:6d:5d:4d:
16:ed:39:87:76:43:e1:c1:3f:b9:f8:20:63:40:02:
d4:0f:f4:f5:4a:97:eb:46:ad:8c:29:cb:45:a7:33:
16:b0:10:b3:bc:f6:9e:fb:e6:61:d5:7d:43:ce:27:
43:ae:4f:b1:d1:47:6b:13:e5:20:66:09:b9:10:83:
a3:d4:40:6d:cc:fb:cb:28:1e:6e:bc:75:46:7b:9d:
f9:b4:5f:c9:43:24:d6:d7:c1:a8:6b:d6:52:1e:6d:
9d:89:d6:41:eb:9f:db:32:e3:05:21:b1:b7:77:78:
e1:d4:f9:95:c5:84:63:91:88:ce:31:66:2c:51:89:
f3:a4:a3:0d:11:b2:a2:45:fd:59:1b:09:a9:bc:48:
38:0d:25:c7:dd:c9:6a:15:5f:c5:5f:60:5e:c0:28:
5d:19:ff:51:17:86:ea:b5:56:f6:1e:cc:ee:80:93:
f2:82:7b:2f:fa:96:1f:4b:15:b0:34:23:81:bb:b9:
a4:83:1a:2f:e0:6d:ee:48:96:4d:f1:7b:09:3e:1f:
43:c6:76:8f:56:fd:1e:5f:21:6f:6f:49:b0:94:fa:
c9:be:76:61:f6:f8:51:72:40:99:d5:f2:f6:09:f7:
d9:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:5D:13:08:EB:15:BB:7B:35:8E:74:DF:D3:C3:55:51:78:E1:4A:D3
X509v3 Authority Key Identifier:
keyid:3F:B3:AA:13:E1:86:96:B3:E3:8D:20:EC:BE:70:71:D0:1B:F8:67:9A
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
1.2.3.4: critical
....
Signature Algorithm: sha256WithRSAEncryption
dc:d2:aa:62:74:fa:cf:eb:4f:b3:cd:aa:a9:52:b0:fe:7a:0d:
96:e4:07:8f:b6:d4:6d:ad:33:a6:4e:ad:2f:a5:ff:83:a0:75:
d1:ed:fc:c0:80:a6:73:73:49:6d:0d:3f:84:b5:d4:cf:07:74:
3e:aa:bf:38:59:e4:fa:b6:d2:45:07:b3:a6:0b:b0:43:47:03:
7e:45:c1:7b:f1:84:10:c3:0b:d7:2f:c9:be:ff:96:da:1b:4b:
cb:fa:05:ca:22:d2:e4:f0:f7:32:91:4f:95:05:6c:5d:be:6c:
64:7b:cb:6d:a1:a9:d0:9c:5b:1d:3a:bd:4a:50:69:e2:06:fa:
89:2b:3b:2e:12:f6:3f:d7:79:f1:36:ec:e3:6c:12:67:b2:a3:
b0:89:16:8c:2c:02:04:0d:89:e1:ca:69:d0:86:7e:fd:14:9d:
c8:ef:06:42:fc:46:b9:88:25:e2:b5:b7:8a:6b:ab:d6:1f:ec:
d1:12:b3:28:cd:9e:9f:56:8d:7c:49:6c:06:96:93:66:25:43:
b0:76:b0:9a:59:f8:9c:35:29:8c:db:a7:74:d7:ac:e7:99:ea:
11:34:0b:6f:cf:bb:5e:28:2a:ab:9a:13:83:44:d7:01:3c:61:
c8:10:dd:0d:ef:66:3d:be:ee:72:70:d3:27:a2:b0:f7:f1:bc:
50:e1:ac:3e
-----BEGIN CERTIFICATE-----
MIIDfTCCAmWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hwNdEAt
ARCc4AyqAcftpAO1oLAdwHBwmnZtXU0W7TmHdkPhwT+5+CBjQALUD/T1SpfrRq2M
KctFpzMWsBCzvPae++Zh1X1DzidDrk+x0UdrE+UgZgm5EIOj1EBtzPvLKB5uvHVG
e535tF/JQyTW18Goa9ZSHm2didZB65/bMuMFIbG3d3jh1PmVxYRjkYjOMWYsUYnz
pKMNEbKiRf1ZGwmpvEg4DSXH3clqFV/FX2BewChdGf9RF4bqtVb2HszugJPygnsv
+pYfSxWwNCOBu7mkgxov4G3uSJZN8XsJPh9DxnaPVv0eXyFvb0mwlPrJvnZh9vhR
ckCZ1fL2CffZiwIDAQABo4HbMIHYMB0GA1UdDgQWBBTIXRMI6xW7ezWOdN/Tw1VR
eOFK0zAfBgNVHSMEGDAWgBQ/s6oT4YaWs+ONIOy+cHHQG/hnmjA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDgYDKgMEAQH/BAQBAgMEMA0G
CSqGSIb3DQEBCwUAA4IBAQDc0qpidPrP60+zzaqpUrD+eg2W5AePttRtrTOmTq0v
pf+DoHXR7fzAgKZzc0ltDT+EtdTPB3Q+qr84WeT6ttJFB7OmC7BDRwN+RcF78YQQ
wwvXL8m+/5baG0vL+gXKItLk8PcykU+VBWxdvmxke8ttoanQnFsdOr1KUGniBvqJ
KzsuEvY/13nxNuzjbBJnsqOwiRaMLAIEDYnhymnQhn79FJ3I7wZC/Ea5iCXitbeK
a6vWH+zRErMozZ6fVo18SWwGlpNmJUOwdrCaWficNSmM26d016znmeoRNAtvz7te
KCqrmhODRNcBPGHIEN0N72Y9vu5ycNMnorD38bxQ4aw+
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e7:de:8d:6f:81:af:35:2d:99:eb:62:b4:41:d8:
dd:55:5f:5a:12:02:46:8f:41:14:fe:f5:b0:32:ab:
fa:96:2a:e2:ba:e6:3a:1d:89:80:8f:20:6a:40:4a:
5f:97:d3:5d:7f:e8:eb:26:f1:f9:1b:a2:a7:cd:54:
c0:d9:64:77:dc:ba:90:a4:b7:86:3f:8c:72:c2:ad:
96:6c:f0:c0:30:d8:e0:71:f5:ff:f3:8c:18:34:3a:
07:b2:79:32:92:91:d4:51:95:c4:bb:62:78:2e:30:
f8:b5:f1:91:26:9a:28:07:27:cc:57:d5:a2:1c:e9:
20:ac:fa:3d:db:3b:70:81:17:3d:4b:54:a8:fe:2f:
18:f7:7f:de:cb:4f:ec:70:c8:fa:a9:ed:64:41:36:
c2:74:a7:dd:e6:27:2b:af:79:ce:76:86:57:3a:2c:
d9:52:b8:bf:87:de:f1:5e:80:81:70:10:78:e7:89:
0a:d1:14:74:f4:f0:93:cf:89:68:66:8f:d4:2a:8a:
c8:ff:96:fb:f6:cc:ee:dd:a6:62:f0:73:43:a6:29:
7a:51:7e:63:e1:8f:d9:83:10:23:ed:1b:d4:26:2d:
40:62:c5:ed:c5:af:4f:d9:9b:87:5b:3a:7e:2c:43:
59:e3:f4:91:2f:ab:d0:04:a3:5e:da:ac:b0:c1:e2:
15:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:B3:AA:13:E1:86:96:B3:E3:8D:20:EC:BE:70:71:D0:1B:F8:67:9A
X509v3 Authority Key Identifier:
keyid:3F:B3:AA:13:E1:86:96:B3:E3:8D:20:EC:BE:70:71:D0:1B:F8:67:9A
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
84:9a:7d:63:f9:44:d8:2c:4e:b0:24:86:af:0c:ba:0e:29:33:
67:68:7d:a2:1d:46:99:b0:fb:9d:65:69:da:f8:46:67:d9:c4:
30:72:eb:57:79:4a:e8:2d:7b:57:d4:c2:18:13:19:d1:36:8c:
45:9f:49:1e:a6:83:c5:41:41:fd:29:ac:a0:12:c7:0f:6e:a6:
45:70:64:c3:9d:b0:22:2e:ed:c0:8d:6c:68:c0:94:d9:ba:e0:
2f:5a:1c:29:ed:d0:d6:ec:0e:bb:41:ce:1e:e3:93:c4:85:80:
aa:a1:67:31:76:80:24:a4:70:ec:f3:6e:a3:63:8c:71:fd:38:
65:1f:56:e9:75:74:15:3c:69:f3:e3:d3:9d:9a:9c:7d:f6:00:
71:98:61:68:13:7c:23:79:e1:84:68:a6:3d:ce:19:1c:0a:62:
48:d9:f9:4c:92:ff:b7:5b:e8:1d:e4:66:00:50:4d:38:c8:3a:
e3:e1:8e:ae:aa:32:30:65:78:25:b3:d0:eb:4f:de:ab:9d:51:
40:7e:6f:d4:15:87:cf:41:7d:be:3d:32:45:a2:f1:a8:7c:11:
97:90:a4:ea:d8:aa:c2:b7:08:34:a3:62:23:4b:a5:e3:9e:4d:
90:7f:d7:4c:dc:4f:c8:ac:b2:b6:de:42:fd:05:98:f6:33:90:
54:c3:6a:3f
-----BEGIN TRUST_ANCHOR_UNCONSTRAINED-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOfejW+BrzUtmetitEHY
3VVfWhICRo9BFP71sDKr+pYq4rrmOh2JgI8gakBKX5fTXX/o6ybx+Ruip81UwNlk
d9y6kKS3hj+McsKtlmzwwDDY4HH1//OMGDQ6B7J5MpKR1FGVxLtieC4w+LXxkSaa
KAcnzFfVohzpIKz6Pds7cIEXPUtUqP4vGPd/3stP7HDI+qntZEE2wnSn3eYnK695
znaGVzos2VK4v4fe8V6AgXAQeOeJCtEUdPTwk8+JaGaP1CqKyP+W+/bM7t2mYvBz
Q6YpelF+Y+GP2YMQI+0b1CYtQGLF7cWvT9mbh1s6fixDWeP0kS+r0ASjXtqssMHi
FZkCAwEAAaOByzCByDAdBgNVHQ4EFgQUP7OqE+GGlrPjjSDsvnBx0Bv4Z5owHwYD
VR0jBBgwFoAUP7OqE+GGlrPjjSDsvnBx0Bv4Z5owNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCEmn1j+UTY
LE6wJIavDLoOKTNnaH2iHUaZsPudZWna+EZn2cQwcutXeUroLXtX1MIYExnRNoxF
n0kepoPFQUH9KaygEscPbqZFcGTDnbAiLu3AjWxowJTZuuAvWhwp7dDW7A67Qc4e
45PEhYCqoWcxdoAkpHDs826jY4xx/ThlH1bpdXQVPGnz49Odmpx99gBxmGFoE3wj
eeGEaKY9zhkcCmJI2flMkv+3W+gd5GYAUE04yDrj4Y6uqjIwZXgls9DrT96rnVFA
fm/UFYfPQX2+PTJFovGofBGXkKTq2KrCtwg0o2IjS6Xjnk2Qf9dM3E/IrLK23kL9
BZj2M5BUw2o/
-----END TRUST_ANCHOR_UNCONSTRAINED-----
150302120000Z
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
FAIL
-----BEGIN VERIFY_RESULT-----
RkFJTA==
-----END VERIFY_RESULT-----
[Context] Processing Certificate
index: 0
[Error] Unconsumed critical extension
oid: 2A0304
value: 01020304
-----BEGIN ERRORS-----
W0NvbnRleHRdIFByb2Nlc3NpbmcgQ2VydGlmaWNhdGUKICBpbmRleDogMAogICAgICBbRXJyb3JdIFVuY29uc3VtZWQgY3JpdGljYWwgZXh0ZW5zaW9uCiAgICAgICAgb2lkOiAyQTAzMDQKICAgICAgICB2YWx1ZTogMDEwMjAzMDQK
-----END ERRORS-----