| [Created by: ./generate-target-has-pathlen-but-not-ca.py] |
| |
| Certificate chain with 1 intermediary, a trusted root, and a target |
| certificate that is not a CA, and yet has a pathlen set. Verification is |
| expected to fail, since pathlen should only be set for CAs. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediary |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:e4:03:84:57:5e:99:af:4e:fe:20:15:48:81:f8: |
| 76:01:11:a3:33:b0:2e:ff:3d:ec:69:be:76:8d:9b: |
| c6:9b:5d:cb:b1:a6:eb:84:60:8e:99:fd:31:c1:66: |
| 9f:bb:3d:bb:16:e0:c8:d8:f5:cd:23:10:8a:c5:96: |
| e7:df:ed:96:d9:76:eb:82:23:e2:8c:7d:00:a9:71: |
| ff:71:df:2e:14:b4:ab:3e:29:e8:11:c2:44:75:f9: |
| 9f:e9:cd:cf:2f:0c:db:7b:47:b2:80:c1:90:45:a8: |
| 01:6d:26:88:ff:3b:d8:54:7b:cd:ff:dc:aa:bd:38: |
| 49:b0:02:d8:80:e2:79:07:33:5a:74:cd:ce:8e:df: |
| 75:33:41:e7:5e:fb:25:c0:45:fb:48:32:78:47:1a: |
| 70:03:d6:56:66:32:6e:2d:35:6b:76:8c:a6:33:4c: |
| 1d:60:91:10:5f:70:f3:13:ec:b4:03:4f:cf:99:f9: |
| 8e:e8:99:85:23:0b:cc:3d:17:5b:ec:df:aa:eb:8a: |
| a7:52:67:10:dd:66:c5:b2:95:9f:72:2b:4e:fa:19: |
| 31:99:62:d7:60:fd:9d:9e:e0:ca:29:13:ec:e3:c6: |
| af:47:e0:84:73:ab:3b:2d:58:f5:d8:d1:0c:ee:f6: |
| 23:b1:5c:55:1e:33:40:87:84:f9:d8:8a:ac:ac:46: |
| ed:93 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 3F:B5:B3:28:77:02:A4:B0:9D:4B:DE:37:42:2E:E6:59:0A:D8:38:84 |
| X509v3 Authority Key Identifier: |
| keyid:77:62:DF:59:FD:79:52:7B:9A:CF:99:3C:7C:BD:87:CE:41:27:57:F6 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediary.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediary.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment, Certificate Sign |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| X509v3 Basic Constraints: critical |
| CA:FALSE, pathlen:1 |
| Signature Algorithm: sha256WithRSAEncryption |
| 0f:6a:84:9e:41:23:9d:77:90:68:4b:93:39:8e:74:cc:f5:3f: |
| 0a:1c:8f:d9:45:bc:5d:42:d1:23:11:e6:a6:2f:52:58:23:5f: |
| ba:ef:a2:3a:c7:3e:bd:24:a3:47:d3:5a:f7:00:37:0d:a4:c8: |
| cd:ee:92:73:67:4c:d0:3f:63:08:c4:90:a8:42:5f:0e:cb:1e: |
| 96:ae:c7:16:5f:4d:69:e4:3c:8c:a9:47:7e:ad:aa:52:dd:b3: |
| 77:d8:f6:bf:f3:e3:c5:46:ec:c3:21:af:52:62:76:e5:99:0a: |
| ba:a2:1c:54:62:8f:3f:0b:b8:c1:9e:e3:6e:50:4e:36:17:d0: |
| ee:e1:a2:2e:29:c0:1e:a3:94:a3:69:1f:4d:13:50:4c:44:5c: |
| 0f:c3:80:94:3f:6f:60:02:98:da:4f:3a:40:e4:ee:01:af:f1: |
| b3:7b:4a:2e:3a:57:3b:8e:9c:8a:0c:3e:4c:49:e2:22:09:ef: |
| dc:ea:fc:e2:04:20:5c:8e:a5:82:a9:0e:83:b3:ef:cc:09:ff: |
| a9:bc:fa:47:0f:61:3f:7f:d6:df:ec:57:b2:da:16:70:42:8e: |
| 68:28:f5:4d:cb:fb:85:16:e4:78:3b:5e:8a:96:f0:73:d6:f7: |
| b0:ce:4d:18:6a:b9:1b:99:33:01:15:ce:90:c2:13:8e:14:e6: |
| 0e:32:84:28 |
| -----BEGIN CERTIFICATE----- |
| MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkA4RX |
| XpmvTv4gFUiB+HYBEaMzsC7/PexpvnaNm8abXcuxpuuEYI6Z/THBZp+7PbsW4MjY |
| 9c0jEIrFluff7ZbZduuCI+KMfQCpcf9x3y4UtKs+KegRwkR1+Z/pzc8vDNt7R7KA |
| wZBFqAFtJoj/O9hUe83/3Kq9OEmwAtiA4nkHM1p0zc6O33UzQede+yXARftIMnhH |
| GnAD1lZmMm4tNWt2jKYzTB1gkRBfcPMT7LQDT8+Z+Y7omYUjC8w9F1vs36rriqdS |
| ZxDdZsWylZ9yK076GTGZYtdg/Z2e4MopE+zjxq9H4IRzqzstWPXY0Qzu9iOxXFUe |
| M0CHhPnYiqysRu2TAgMBAAGjgfowgfcwHQYDVR0OBBYEFD+1syh3AqSwnUveN0Iu |
| 5lkK2DiEMB8GA1UdIwQYMBaAFHdi31n9eVJ7ms+ZPHy9h85BJ1f2MD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAgEBMA0GCSqGSIb3DQEBCwUAA4IB |
| AQAPaoSeQSOdd5BoS5M5jnTM9T8KHI/ZRbxdQtEjEeamL1JYI1+676I6xz69JKNH |
| 01r3ADcNpMjN7pJzZ0zQP2MIxJCoQl8Oyx6WrscWX01p5DyMqUd+rapS3bN32Pa/ |
| 8+PFRuzDIa9SYnblmQq6ohxUYo8/C7jBnuNuUE42F9Du4aIuKcAeo5SjaR9NE1BM |
| RFwPw4CUP29gApjaTzpA5O4Br/Gze0ouOlc7jpyKDD5MSeIiCe/c6vziBCBcjqWC |
| qQ6Ds+/MCf+pvPpHD2E/f9bf7Fey2hZwQo5oKPVNy/uFFuR4O16KlvBz1vewzk0Y |
| arkbmTMBFc6QwhOOFOYOMoQo |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediary |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:cd:be:5e:d6:3b:af:1c:51:0b:b8:31:41:16:86: |
| a1:04:5b:d4:c3:d1:e8:16:12:b0:7a:f8:d4:b6:61: |
| 9b:5a:51:bb:7d:a5:e6:cf:70:48:1d:4e:21:74:de: |
| f8:de:c7:8d:b2:e1:b5:a0:b9:4a:7c:76:b1:24:e6: |
| 6d:7b:17:79:28:99:85:44:d5:9c:c7:b3:7c:64:fd: |
| 3a:97:76:94:88:aa:dc:eb:c3:6e:ab:43:42:d2:89: |
| b3:cb:56:dc:89:f6:4c:65:e0:be:1e:72:01:c7:c6: |
| 50:e6:5b:df:a2:de:4f:43:9d:3d:e8:c8:25:2e:50: |
| 1b:61:0e:2c:45:22:f0:93:7b:d6:05:9f:a4:23:fb: |
| 78:b1:15:49:fe:eb:73:29:b0:eb:9f:e8:6e:3b:92: |
| 86:c0:d0:20:e7:4c:b7:69:7f:d3:0f:54:39:05:3a: |
| 46:9b:47:4d:fa:7e:8c:ce:45:a5:1f:2c:6f:f7:33: |
| 36:10:bc:67:d9:b6:15:86:71:5f:7a:7a:af:4e:71: |
| 59:1d:46:d1:76:96:d8:4b:fc:a0:b9:11:e4:5f:5d: |
| fe:f4:bf:c8:48:54:66:60:be:4b:8b:70:4a:33:e0: |
| ea:02:7a:cd:a1:37:3d:67:ad:93:f3:d0:a5:9e:f2: |
| a4:ff:18:3e:77:97:d2:2c:58:12:a5:d6:55:03:6d: |
| a1:cb |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 77:62:DF:59:FD:79:52:7B:9A:CF:99:3C:7C:BD:87:CE:41:27:57:F6 |
| X509v3 Authority Key Identifier: |
| keyid:AA:16:BC:F9:7E:AD:F4:71:D6:D4:94:D9:61:4B:01:38:B2:95:8B:84 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 4f:dc:80:b5:cb:13:5d:2d:af:b6:6d:7b:51:4e:81:36:16:d1: |
| 36:bb:5d:37:be:6e:4d:40:87:57:5e:db:a9:75:ae:46:e4:74: |
| c4:dc:e5:fd:bc:04:2f:ca:7f:b4:67:db:65:f7:d6:37:94:74: |
| a4:f9:8a:e2:da:d5:64:9e:00:4d:85:39:07:6f:e0:96:d7:2b: |
| ef:73:d3:a4:77:6b:e1:ee:d4:f7:54:ba:30:23:a3:95:2c:c8: |
| 38:21:0c:14:fb:f4:44:27:9a:f3:81:2f:89:59:3e:12:52:52: |
| bf:4e:7c:93:7c:db:b7:df:9b:fb:b6:3c:70:fc:67:07:a6:42: |
| 99:6d:95:c0:64:f8:99:50:aa:2f:b6:19:d8:63:80:0f:22:c3: |
| b4:d6:b0:09:9b:62:a0:37:0e:21:e5:ef:c2:61:ed:7e:2f:f5: |
| 7d:09:19:f4:6f:8a:c8:7a:0e:0a:44:41:9b:22:01:d4:7c:c9: |
| a8:da:d5:91:d9:a6:1f:1f:b8:4a:6a:bd:bc:7e:36:33:7a:e0: |
| 9c:58:c1:75:71:9f:14:04:ce:c9:1f:e6:dc:40:95:ee:ed:b3: |
| 6c:77:5c:31:9a:90:bd:99:80:ab:8f:ef:8d:a6:e0:64:ba:16: |
| 03:a2:21:5d:75:bd:d9:50:7f:d2:02:44:58:9e:b5:c2:1d:37: |
| 50:8f:27:21 |
| -----BEGIN CERTIFICATE----- |
| MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb5e1juv |
| HFELuDFBFoahBFvUw9HoFhKwevjUtmGbWlG7faXmz3BIHU4hdN743seNsuG1oLlK |
| fHaxJOZtexd5KJmFRNWcx7N8ZP06l3aUiKrc68Nuq0NC0omzy1bcifZMZeC+HnIB |
| x8ZQ5lvfot5PQ5096MglLlAbYQ4sRSLwk3vWBZ+kI/t4sRVJ/utzKbDrn+huO5KG |
| wNAg50y3aX/TD1Q5BTpGm0dN+n6MzkWlHyxv9zM2ELxn2bYVhnFfenqvTnFZHUbR |
| dpbYS/yguRHkX13+9L/ISFRmYL5Li3BKM+DqAnrNoTc9Z62T89ClnvKk/xg+d5fS |
| LFgSpdZVA22hywIDAQABo4HLMIHIMB0GA1UdDgQWBBR3Yt9Z/XlSe5rPmTx8vYfO |
| QSdX9jAfBgNVHSMEGDAWgBSqFrz5fq30cdbUlNlhSwE4spWLhDA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB |
| AE/cgLXLE10tr7Zte1FOgTYW0Ta7XTe+bk1Ah1de26l1rkbkdMTc5f28BC/Kf7Rn |
| 22X31jeUdKT5iuLa1WSeAE2FOQdv4JbXK+9z06R3a+Hu1PdUujAjo5UsyDghDBT7 |
| 9EQnmvOBL4lZPhJSUr9OfJN827ffm/u2PHD8ZwemQpltlcBk+JlQqi+2GdhjgA8i |
| w7TWsAmbYqA3DiHl78Jh7X4v9X0JGfRvish6DgpEQZsiAdR8yaja1ZHZph8fuEpq |
| vbx+NjN64JxYwXVxnxQEzskf5txAle7ts2x3XDGakL2ZgKuP742m4GS6FgOiIV11 |
| vdlQf9ICRFietcIdN1CPJyE= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:eb:e2:5f:c7:d4:38:fe:e8:6d:64:82:8e:c6:d8: |
| d7:a5:a4:ca:65:5f:55:b6:c5:5c:9c:f6:cc:af:d6: |
| 4b:ec:a1:5c:c3:55:08:19:1c:0e:99:4a:4d:b2:14: |
| 22:36:a0:db:eb:c3:1c:6f:d6:05:69:a5:5b:61:59: |
| 7a:fb:88:da:28:1d:95:c6:fe:31:51:06:ac:f7:41: |
| a6:10:08:25:7f:41:f1:01:39:48:27:c1:34:73:2f: |
| c2:05:b1:97:42:80:de:d4:3a:44:db:a0:34:8c:b8: |
| 5c:de:ab:42:c8:1e:f1:08:7e:10:3a:ee:16:8e:61: |
| ee:ab:aa:f5:7a:2b:ab:af:a2:69:da:f4:b5:95:32: |
| 17:bc:cf:ba:ad:a7:7b:fc:ea:9b:43:bc:ae:07:c3: |
| 92:15:ce:4a:fb:ee:33:e6:89:7d:09:88:f9:a5:af: |
| 0b:4d:c1:7f:28:30:d8:93:75:92:b5:27:2c:01:bd: |
| 52:05:5d:42:a5:dc:f3:1f:1e:b2:3c:a1:17:19:9b: |
| 30:ec:18:85:41:e3:72:d2:93:ef:a0:4d:0b:d4:8a: |
| fa:89:0d:b6:46:fe:bc:f0:82:de:99:4c:1e:57:1c: |
| 8d:71:b3:9c:41:ea:03:8f:a1:d6:f2:a4:9d:1c:b8: |
| 50:c8:c0:19:6a:18:4d:c0:7f:7d:f8:b3:af:c6:62: |
| 09:9b |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| AA:16:BC:F9:7E:AD:F4:71:D6:D4:94:D9:61:4B:01:38:B2:95:8B:84 |
| X509v3 Authority Key Identifier: |
| keyid:AA:16:BC:F9:7E:AD:F4:71:D6:D4:94:D9:61:4B:01:38:B2:95:8B:84 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 07:d5:33:48:84:04:40:42:f1:f2:ff:d9:07:5e:5f:bf:d9:72: |
| 07:6f:a9:6a:f1:5f:f3:59:69:99:41:cd:9d:37:65:cb:2e:c8: |
| 06:f3:0a:0c:da:46:28:6d:d6:06:08:20:5b:ca:ed:c9:14:6e: |
| 11:5a:9f:df:33:06:67:44:e7:63:ba:b2:42:53:2e:31:0b:ce: |
| ef:c1:74:60:76:96:0b:3f:da:9b:f2:a1:d1:89:99:34:f0:f9: |
| ae:8c:39:fd:3d:a6:be:7f:f5:82:f0:25:62:b0:b7:b4:bc:1b: |
| 51:c3:60:05:af:bc:22:b9:62:49:c0:27:12:72:c2:ac:d9:1e: |
| 17:ff:e7:57:f6:b2:f8:37:dd:76:1a:dc:e0:89:4f:b3:8a:74: |
| 0b:76:5f:48:fc:6c:af:6d:42:85:25:b4:44:ca:27:ed:2e:fb: |
| d8:df:1a:a1:82:bd:6c:25:35:62:cb:50:db:27:9e:b2:65:cc: |
| 58:fa:fd:1e:6a:2a:77:cd:3f:b4:6b:e6:71:ec:85:f5:7b:73: |
| a9:73:05:78:1f:26:21:dc:8b:a4:f5:e1:06:a6:97:13:9f:5f: |
| 84:03:12:59:37:81:17:21:2d:39:db:b7:b0:f4:17:73:90:7c: |
| a1:2f:53:c0:4a:af:53:54:2c:5b:9c:8a:e3:66:80:40:30:96: |
| e3:d8:b2:23 |
| -----BEGIN TRUSTED_CERTIFICATE----- |
| MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOviX8fUOP7obWSCjsbY |
| 16WkymVfVbbFXJz2zK/WS+yhXMNVCBkcDplKTbIUIjag2+vDHG/WBWmlW2FZevuI |
| 2igdlcb+MVEGrPdBphAIJX9B8QE5SCfBNHMvwgWxl0KA3tQ6RNugNIy4XN6rQsge |
| 8Qh+EDruFo5h7quq9Xorq6+iadr0tZUyF7zPuq2ne/zqm0O8rgfDkhXOSvvuM+aJ |
| fQmI+aWvC03Bfygw2JN1krUnLAG9UgVdQqXc8x8esjyhFxmbMOwYhUHjctKT76BN |
| C9SK+okNtkb+vPCC3plMHlccjXGznEHqA4+h1vKknRy4UMjAGWoYTcB/ffizr8Zi |
| CZsCAwEAAaOByzCByDAdBgNVHQ4EFgQUqha8+X6t9HHW1JTZYUsBOLKVi4QwHwYD |
| VR0jBBgwFoAUqha8+X6t9HHW1JTZYUsBOLKVi4QwNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAH1TNIhARA |
| QvHy/9kHXl+/2XIHb6lq8V/zWWmZQc2dN2XLLsgG8woM2kYobdYGCCBbyu3JFG4R |
| Wp/fMwZnROdjurJCUy4xC87vwXRgdpYLP9qb8qHRiZk08PmujDn9Paa+f/WC8CVi |
| sLe0vBtRw2AFr7wiuWJJwCcScsKs2R4X/+dX9rL4N912GtzgiU+zinQLdl9I/Gyv |
| bUKFJbREyiftLvvY3xqhgr1sJTViy1DbJ56yZcxY+v0eaip3zT+0a+Zx7IX1e3Op |
| cwV4HyYh3Iuk9eEGppcTn1+EAxJZN4EXIS0527ew9BdzkHyhL1PASq9TVCxbnIrj |
| ZoBAMJbj2LIj |
| -----END TRUSTED_CERTIFICATE----- |
| |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| -----BEGIN VERIFY_RESULT----- |
| RkFJTA== |
| -----END VERIFY_RESULT----- |