blob: 34c777c0e4df4f68c0bbf3ebe478ec90f43d6584 [file] [log] [blame]
[Created by: ./generate-target-has-pathlen-but-not-ca.py]
Certificate chain with 1 intermediary, a trusted root, and a target
certificate that is not a CA, and yet has a pathlen set. Verification is
expected to fail, since pathlen should only be set for CAs.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediary
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e4:03:84:57:5e:99:af:4e:fe:20:15:48:81:f8:
76:01:11:a3:33:b0:2e:ff:3d:ec:69:be:76:8d:9b:
c6:9b:5d:cb:b1:a6:eb:84:60:8e:99:fd:31:c1:66:
9f:bb:3d:bb:16:e0:c8:d8:f5:cd:23:10:8a:c5:96:
e7:df:ed:96:d9:76:eb:82:23:e2:8c:7d:00:a9:71:
ff:71:df:2e:14:b4:ab:3e:29:e8:11:c2:44:75:f9:
9f:e9:cd:cf:2f:0c:db:7b:47:b2:80:c1:90:45:a8:
01:6d:26:88:ff:3b:d8:54:7b:cd:ff:dc:aa:bd:38:
49:b0:02:d8:80:e2:79:07:33:5a:74:cd:ce:8e:df:
75:33:41:e7:5e:fb:25:c0:45:fb:48:32:78:47:1a:
70:03:d6:56:66:32:6e:2d:35:6b:76:8c:a6:33:4c:
1d:60:91:10:5f:70:f3:13:ec:b4:03:4f:cf:99:f9:
8e:e8:99:85:23:0b:cc:3d:17:5b:ec:df:aa:eb:8a:
a7:52:67:10:dd:66:c5:b2:95:9f:72:2b:4e:fa:19:
31:99:62:d7:60:fd:9d:9e:e0:ca:29:13:ec:e3:c6:
af:47:e0:84:73:ab:3b:2d:58:f5:d8:d1:0c:ee:f6:
23:b1:5c:55:1e:33:40:87:84:f9:d8:8a:ac:ac:46:
ed:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:B5:B3:28:77:02:A4:B0:9D:4B:DE:37:42:2E:E6:59:0A:D8:38:84
X509v3 Authority Key Identifier:
keyid:77:62:DF:59:FD:79:52:7B:9A:CF:99:3C:7C:BD:87:CE:41:27:57:F6
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediary.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediary.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Certificate Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE, pathlen:1
Signature Algorithm: sha256WithRSAEncryption
0f:6a:84:9e:41:23:9d:77:90:68:4b:93:39:8e:74:cc:f5:3f:
0a:1c:8f:d9:45:bc:5d:42:d1:23:11:e6:a6:2f:52:58:23:5f:
ba:ef:a2:3a:c7:3e:bd:24:a3:47:d3:5a:f7:00:37:0d:a4:c8:
cd:ee:92:73:67:4c:d0:3f:63:08:c4:90:a8:42:5f:0e:cb:1e:
96:ae:c7:16:5f:4d:69:e4:3c:8c:a9:47:7e:ad:aa:52:dd:b3:
77:d8:f6:bf:f3:e3:c5:46:ec:c3:21:af:52:62:76:e5:99:0a:
ba:a2:1c:54:62:8f:3f:0b:b8:c1:9e:e3:6e:50:4e:36:17:d0:
ee:e1:a2:2e:29:c0:1e:a3:94:a3:69:1f:4d:13:50:4c:44:5c:
0f:c3:80:94:3f:6f:60:02:98:da:4f:3a:40:e4:ee:01:af:f1:
b3:7b:4a:2e:3a:57:3b:8e:9c:8a:0c:3e:4c:49:e2:22:09:ef:
dc:ea:fc:e2:04:20:5c:8e:a5:82:a9:0e:83:b3:ef:cc:09:ff:
a9:bc:fa:47:0f:61:3f:7f:d6:df:ec:57:b2:da:16:70:42:8e:
68:28:f5:4d:cb:fb:85:16:e4:78:3b:5e:8a:96:f0:73:d6:f7:
b0:ce:4d:18:6a:b9:1b:99:33:01:15:ce:90:c2:13:8e:14:e6:
0e:32:84:28
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl
cm1lZGlhcnkwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD
VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkA4RX
XpmvTv4gFUiB+HYBEaMzsC7/PexpvnaNm8abXcuxpuuEYI6Z/THBZp+7PbsW4MjY
9c0jEIrFluff7ZbZduuCI+KMfQCpcf9x3y4UtKs+KegRwkR1+Z/pzc8vDNt7R7KA
wZBFqAFtJoj/O9hUe83/3Kq9OEmwAtiA4nkHM1p0zc6O33UzQede+yXARftIMnhH
GnAD1lZmMm4tNWt2jKYzTB1gkRBfcPMT7LQDT8+Z+Y7omYUjC8w9F1vs36rriqdS
ZxDdZsWylZ9yK076GTGZYtdg/Z2e4MopE+zjxq9H4IRzqzstWPXY0Qzu9iOxXFUe
M0CHhPnYiqysRu2TAgMBAAGjgfowgfcwHQYDVR0OBBYEFD+1syh3AqSwnUveN0Iu
5lkK2DiEMB8GA1UdIwQYMBaAFHdi31n9eVJ7ms+ZPHy9h85BJ1f2MD8GCCsGAQUF
BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk
aWFyeS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu
dGVybWVkaWFyeS5jcmwwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAgEBMA0GCSqGSIb3DQEBCwUAA4IB
AQAPaoSeQSOdd5BoS5M5jnTM9T8KHI/ZRbxdQtEjEeamL1JYI1+676I6xz69JKNH
01r3ADcNpMjN7pJzZ0zQP2MIxJCoQl8Oyx6WrscWX01p5DyMqUd+rapS3bN32Pa/
8+PFRuzDIa9SYnblmQq6ohxUYo8/C7jBnuNuUE42F9Du4aIuKcAeo5SjaR9NE1BM
RFwPw4CUP29gApjaTzpA5O4Br/Gze0ouOlc7jpyKDD5MSeIiCe/c6vziBCBcjqWC
qQ6Ds+/MCf+pvPpHD2E/f9bf7Fey2hZwQo5oKPVNy/uFFuR4O16KlvBz1vewzk0Y
arkbmTMBFc6QwhOOFOYOMoQo
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Intermediary
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cd:be:5e:d6:3b:af:1c:51:0b:b8:31:41:16:86:
a1:04:5b:d4:c3:d1:e8:16:12:b0:7a:f8:d4:b6:61:
9b:5a:51:bb:7d:a5:e6:cf:70:48:1d:4e:21:74:de:
f8:de:c7:8d:b2:e1:b5:a0:b9:4a:7c:76:b1:24:e6:
6d:7b:17:79:28:99:85:44:d5:9c:c7:b3:7c:64:fd:
3a:97:76:94:88:aa:dc:eb:c3:6e:ab:43:42:d2:89:
b3:cb:56:dc:89:f6:4c:65:e0:be:1e:72:01:c7:c6:
50:e6:5b:df:a2:de:4f:43:9d:3d:e8:c8:25:2e:50:
1b:61:0e:2c:45:22:f0:93:7b:d6:05:9f:a4:23:fb:
78:b1:15:49:fe:eb:73:29:b0:eb:9f:e8:6e:3b:92:
86:c0:d0:20:e7:4c:b7:69:7f:d3:0f:54:39:05:3a:
46:9b:47:4d:fa:7e:8c:ce:45:a5:1f:2c:6f:f7:33:
36:10:bc:67:d9:b6:15:86:71:5f:7a:7a:af:4e:71:
59:1d:46:d1:76:96:d8:4b:fc:a0:b9:11:e4:5f:5d:
fe:f4:bf:c8:48:54:66:60:be:4b:8b:70:4a:33:e0:
ea:02:7a:cd:a1:37:3d:67:ad:93:f3:d0:a5:9e:f2:
a4:ff:18:3e:77:97:d2:2c:58:12:a5:d6:55:03:6d:
a1:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:62:DF:59:FD:79:52:7B:9A:CF:99:3C:7C:BD:87:CE:41:27:57:F6
X509v3 Authority Key Identifier:
keyid:AA:16:BC:F9:7E:AD:F4:71:D6:D4:94:D9:61:4B:01:38:B2:95:8B:84
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
4f:dc:80:b5:cb:13:5d:2d:af:b6:6d:7b:51:4e:81:36:16:d1:
36:bb:5d:37:be:6e:4d:40:87:57:5e:db:a9:75:ae:46:e4:74:
c4:dc:e5:fd:bc:04:2f:ca:7f:b4:67:db:65:f7:d6:37:94:74:
a4:f9:8a:e2:da:d5:64:9e:00:4d:85:39:07:6f:e0:96:d7:2b:
ef:73:d3:a4:77:6b:e1:ee:d4:f7:54:ba:30:23:a3:95:2c:c8:
38:21:0c:14:fb:f4:44:27:9a:f3:81:2f:89:59:3e:12:52:52:
bf:4e:7c:93:7c:db:b7:df:9b:fb:b6:3c:70:fc:67:07:a6:42:
99:6d:95:c0:64:f8:99:50:aa:2f:b6:19:d8:63:80:0f:22:c3:
b4:d6:b0:09:9b:62:a0:37:0e:21:e5:ef:c2:61:ed:7e:2f:f5:
7d:09:19:f4:6f:8a:c8:7a:0e:0a:44:41:9b:22:01:d4:7c:c9:
a8:da:d5:91:d9:a6:1f:1f:b8:4a:6a:bd:bc:7e:36:33:7a:e0:
9c:58:c1:75:71:9f:14:04:ce:c9:1f:e6:dc:40:95:ee:ed:b3:
6c:77:5c:31:9a:90:bd:99:80:ab:8f:ef:8d:a6:e0:64:ba:16:
03:a2:21:5d:75:bd:d9:50:7f:d2:02:44:58:9e:b5:c2:1d:37:
50:8f:27:21
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50
ZXJtZWRpYXJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb5e1juv
HFELuDFBFoahBFvUw9HoFhKwevjUtmGbWlG7faXmz3BIHU4hdN743seNsuG1oLlK
fHaxJOZtexd5KJmFRNWcx7N8ZP06l3aUiKrc68Nuq0NC0omzy1bcifZMZeC+HnIB
x8ZQ5lvfot5PQ5096MglLlAbYQ4sRSLwk3vWBZ+kI/t4sRVJ/utzKbDrn+huO5KG
wNAg50y3aX/TD1Q5BTpGm0dN+n6MzkWlHyxv9zM2ELxn2bYVhnFfenqvTnFZHUbR
dpbYS/yguRHkX13+9L/ISFRmYL5Li3BKM+DqAnrNoTc9Z62T89ClnvKk/xg+d5fS
LFgSpdZVA22hywIDAQABo4HLMIHIMB0GA1UdDgQWBBR3Yt9Z/XlSe5rPmTx8vYfO
QSdX9jAfBgNVHSMEGDAWgBSqFrz5fq30cdbUlNlhSwE4spWLhDA3BggrBgEFBQcB
AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs
BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD
VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AE/cgLXLE10tr7Zte1FOgTYW0Ta7XTe+bk1Ah1de26l1rkbkdMTc5f28BC/Kf7Rn
22X31jeUdKT5iuLa1WSeAE2FOQdv4JbXK+9z06R3a+Hu1PdUujAjo5UsyDghDBT7
9EQnmvOBL4lZPhJSUr9OfJN827ffm/u2PHD8ZwemQpltlcBk+JlQqi+2GdhjgA8i
w7TWsAmbYqA3DiHl78Jh7X4v9X0JGfRvish6DgpEQZsiAdR8yaja1ZHZph8fuEpq
vbx+NjN64JxYwXVxnxQEzskf5txAle7ts2x3XDGakL2ZgKuP742m4GS6FgOiIV11
vdlQf9ICRFietcIdN1CPJyE=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Jan 1 12:00:00 2015 GMT
Not After : Jan 1 12:00:00 2016 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:eb:e2:5f:c7:d4:38:fe:e8:6d:64:82:8e:c6:d8:
d7:a5:a4:ca:65:5f:55:b6:c5:5c:9c:f6:cc:af:d6:
4b:ec:a1:5c:c3:55:08:19:1c:0e:99:4a:4d:b2:14:
22:36:a0:db:eb:c3:1c:6f:d6:05:69:a5:5b:61:59:
7a:fb:88:da:28:1d:95:c6:fe:31:51:06:ac:f7:41:
a6:10:08:25:7f:41:f1:01:39:48:27:c1:34:73:2f:
c2:05:b1:97:42:80:de:d4:3a:44:db:a0:34:8c:b8:
5c:de:ab:42:c8:1e:f1:08:7e:10:3a:ee:16:8e:61:
ee:ab:aa:f5:7a:2b:ab:af:a2:69:da:f4:b5:95:32:
17:bc:cf:ba:ad:a7:7b:fc:ea:9b:43:bc:ae:07:c3:
92:15:ce:4a:fb:ee:33:e6:89:7d:09:88:f9:a5:af:
0b:4d:c1:7f:28:30:d8:93:75:92:b5:27:2c:01:bd:
52:05:5d:42:a5:dc:f3:1f:1e:b2:3c:a1:17:19:9b:
30:ec:18:85:41:e3:72:d2:93:ef:a0:4d:0b:d4:8a:
fa:89:0d:b6:46:fe:bc:f0:82:de:99:4c:1e:57:1c:
8d:71:b3:9c:41:ea:03:8f:a1:d6:f2:a4:9d:1c:b8:
50:c8:c0:19:6a:18:4d:c0:7f:7d:f8:b3:af:c6:62:
09:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:16:BC:F9:7E:AD:F4:71:D6:D4:94:D9:61:4B:01:38:B2:95:8B:84
X509v3 Authority Key Identifier:
keyid:AA:16:BC:F9:7E:AD:F4:71:D6:D4:94:D9:61:4B:01:38:B2:95:8B:84
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
07:d5:33:48:84:04:40:42:f1:f2:ff:d9:07:5e:5f:bf:d9:72:
07:6f:a9:6a:f1:5f:f3:59:69:99:41:cd:9d:37:65:cb:2e:c8:
06:f3:0a:0c:da:46:28:6d:d6:06:08:20:5b:ca:ed:c9:14:6e:
11:5a:9f:df:33:06:67:44:e7:63:ba:b2:42:53:2e:31:0b:ce:
ef:c1:74:60:76:96:0b:3f:da:9b:f2:a1:d1:89:99:34:f0:f9:
ae:8c:39:fd:3d:a6:be:7f:f5:82:f0:25:62:b0:b7:b4:bc:1b:
51:c3:60:05:af:bc:22:b9:62:49:c0:27:12:72:c2:ac:d9:1e:
17:ff:e7:57:f6:b2:f8:37:dd:76:1a:dc:e0:89:4f:b3:8a:74:
0b:76:5f:48:fc:6c:af:6d:42:85:25:b4:44:ca:27:ed:2e:fb:
d8:df:1a:a1:82:bd:6c:25:35:62:cb:50:db:27:9e:b2:65:cc:
58:fa:fd:1e:6a:2a:77:cd:3f:b4:6b:e6:71:ec:85:f5:7b:73:
a9:73:05:78:1f:26:21:dc:8b:a4:f5:e1:06:a6:97:13:9f:5f:
84:03:12:59:37:81:17:21:2d:39:db:b7:b0:f4:17:73:90:7c:
a1:2f:53:c0:4a:af:53:54:2c:5b:9c:8a:e3:66:80:40:30:96:
e3:d8:b2:23
-----BEGIN TRUSTED_CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOviX8fUOP7obWSCjsbY
16WkymVfVbbFXJz2zK/WS+yhXMNVCBkcDplKTbIUIjag2+vDHG/WBWmlW2FZevuI
2igdlcb+MVEGrPdBphAIJX9B8QE5SCfBNHMvwgWxl0KA3tQ6RNugNIy4XN6rQsge
8Qh+EDruFo5h7quq9Xorq6+iadr0tZUyF7zPuq2ne/zqm0O8rgfDkhXOSvvuM+aJ
fQmI+aWvC03Bfygw2JN1krUnLAG9UgVdQqXc8x8esjyhFxmbMOwYhUHjctKT76BN
C9SK+okNtkb+vPCC3plMHlccjXGznEHqA4+h1vKknRy4UMjAGWoYTcB/ffizr8Zi
CZsCAwEAAaOByzCByDAdBgNVHQ4EFgQUqha8+X6t9HHW1JTZYUsBOLKVi4QwHwYD
VR0jBBgwFoAUqha8+X6t9HHW1JTZYUsBOLKVi4QwNwYIKwYBBQUHAQEEKzApMCcG
CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw
IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE
AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAH1TNIhARA
QvHy/9kHXl+/2XIHb6lq8V/zWWmZQc2dN2XLLsgG8woM2kYobdYGCCBbyu3JFG4R
Wp/fMwZnROdjurJCUy4xC87vwXRgdpYLP9qb8qHRiZk08PmujDn9Paa+f/WC8CVi
sLe0vBtRw2AFr7wiuWJJwCcScsKs2R4X/+dX9rL4N912GtzgiU+zinQLdl9I/Gyv
bUKFJbREyiftLvvY3xqhgr1sJTViy1DbJ56yZcxY+v0eaip3zT+0a+Zx7IX1e3Op
cwV4HyYh3Iuk9eEGppcTn1+EAxJZN4EXIS0527ew9BdzkHyhL1PASq9TVCxbnIrj
ZoBAMJbj2LIj
-----END TRUSTED_CERTIFICATE-----
-----BEGIN TIME-----
MTUwMzAyMTIwMDAwWg==
-----END TIME-----
-----BEGIN VERIFY_RESULT-----
RkFJTA==
-----END VERIFY_RESULT-----