From 0f71594ae565ac5db56d906755526a74c992ebfe Mon Sep 17 00:00:00 2001 From: Alex Cameron Date: Tue, 24 Oct 2023 02:07:34 +1100 Subject: [PATCH] limbo, webpki: Add `eku` feature since this isn't supported in pyca yet --- limbo-schema.json | 3 +- limbo.json | 294 +++++++++++++++++++------------------- limbo/models.py | 5 + limbo/testcases/webpki.py | 2 +- 4 files changed, 156 insertions(+), 148 deletions(-) diff --git a/limbo-schema.json b/limbo-schema.json index 6bb246c..9135186 100644 --- a/limbo-schema.json +++ b/limbo-schema.json @@ -8,7 +8,8 @@ "has-cert-policies", "no-cert-policies", "pedantic-public-suffix-wildcard", - "name-constraint-dn" + "name-constraint-dn", + "eku" ], "type": "string" }, diff --git a/limbo.json b/limbo.json index 8b0c6f8..4a8072e 100644 --- a/limbo.json +++ b/limbo.json @@ -7,12 +7,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:0) -> EE\n```\n\nThis is a \"trivial\" verification: the intermediate has a `pathlen:0`\nconstraint, but the leaf is an end entity and is therefore allowed.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUVcj37euutOxm2igqjxoGqnXlxs8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARKZpPL214zjHJD2IDqIzmHgmRMB/+Hdm3u2Gur\n+O0ghdTk7niEBMY98t2Btqk96GjM5W1XO40Yjq8WRaz5fp4xo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUbUmcNvf4KFuPUIfFOX8/kYoIfzQwCgYIKoZIzj0EAwIDSQAwRgIh\nALS+UilfLm/KRF50/u72EPFASLfqK8k6D58QMB/5My30AiEAvOBdtgztE7cq47Nj\nAMHiLuPE/6GNIAuIn6nCoec/iJg=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUQVq52m5E2E/waq2yRAH7sDFMZhEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATfNoIQAku97oJFYxEDz86tPlICvOaDrhDkSMq9\n7t9BZE8TZP0fNlkxitugO8ecFvnyOiJUZgesZQzr7txkC36qo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUKM7G1VOOjr9bqwPhe2nefKQXCjYwCgYIKoZIzj0EAwIDRwAwRAIg\nEPdA2CidwrlFFP872wdDK5BECBfiNs+kdauG+LQBFWYCIDLq9hdmJ+5UfHiknlxg\nNDLX3ezbOo2mPxo5nYI097tJ\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUcEP7VgEKhUvpkFnOJY7vS3ZsJxkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDA0ODk3NDU5NjIyNTQ1NTQyOTc0NTc3\nMDg0Mzc1MDczMjMzNjczNTQzNDU1NzIwNDcxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBCuhNDEIo0SeGz9x3wwSO9MGXKyWIzJlXKwfTgkKEfW8gNy5rSUULvC4FSSDiBFC\nhBDrZq9oRClCP7Jku5bUxxGjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFG1JnDb3\n+Chbj1CHxTl/P5GKCH80MB0GA1UdDgQWBBSVPAcaQHQca1GtxLpa8qqtcS/n6DAK\nBggqhkjOPQQDAgNIADBFAiA8SMPjM+1AeRi/ZBxeW72IPqapSHt7uzZQkJRy0th2\njwIhAIhcUhcZ4cBiA5GZ8hRi5G38onbjZQF6QiSazm3aBQhC\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUAcD7rr/7CK8kL2pi8LD23lkJxR4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDAzNzMxMDc2NTcyNzI0NDMyMzI2MjQ3\nMzI5Mzc1NzYxNTY5OTI4OTk1OTU5MjA5MTMxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBIZKGLRtotlR9vvfAk0hyKwMePG5oZT8woPphRhezpsF3MU4KNIHlc0fhHTHqMzb\nfJnSbrCam0vDxxHD6rSjYICjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFCjOxtVT\njo6/W6sD4Xtp3nykFwo2MB0GA1UdDgQWBBSrEWAsW4OvLW2Rxj2CeUGe7+nQETAK\nBggqhkjOPQQDAgNIADBFAiA+ZtgqZQ/UENXrx4c8KL+Yn1nvhm3ij1sVHfmpCFwV\n0AIhAJYhCiMUCWl7yiHbKy/oc1bkA3xIuYliZRpyNylPQgln\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9jCCAZugAwIBAgIUb5pwgE4/6Zrd2XIIgvehP3LrgwkwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDg5NzQ1OTYyMjU0NTU0Mjk3NDU3NzA4NDM3NTA3MzIzMzY3\nMzU0MzQ1NTcyMDQ3MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATO\nT9UBDX/0yqTM1cblF04kSDtYfINgktvRXYq5uQkq3J3STaqFXgO3ttczMgYwjXBq\n6HSHNgnejCOhEoQYJlW6o3IwcDAdBgNVHQ4EFgQUv8nW/Y/wzIJt9IOyAFC91jMM\ncrcwHwYDVR0jBBgwFoAUlTwHGkB0HGtRrcS6WvKqrXEv5+gwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSQAwRgIhAKhyxBsdcNrlz8lMSsqDlt6/g3Kc/7SUj6vgqAWQoWKfAiEAmE6NXOG9\nrz9EjhZKNUnb21YEcxi6Vng5+9xIzcBcvs0=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9jCCAZugAwIBAgIUWIFddnBzpriJaCdQYtHP2k4KFDkwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzczMTA3NjU3MjcyNDQzMjMyNjI0NzMyOTM3NTc2MTU2OTky\nODk5NTk1OTIwOTEzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATw\nTXdiphFw619w0z1p/zuNDPA5wjJDrte5cDk0DFDaNAurJAAVp3tOa60+N+LlWwC2\nJFgfoGElKYU/495g2xnQo3IwcDAdBgNVHQ4EFgQUcnXS5pQQW14Wh8Gi864gjwi4\n9L0wHwYDVR0jBBgwFoAUqxFgLFuDry1tkcY9gnlBnu/p0BEwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSQAwRgIhAPbEvaN1tUq5yAoghubHMPkHDDEGmFyBA9iOtFTkviAjAiEAvGkFQgWn\n9xP59WaHDGplkR4X0eDJ4R0iOM66OEgjhLo=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -30,12 +30,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:1) -> EE\n```\n\nThis is a \"trivial\" verification: the intermediate has a `pathlen:1`\nconstraint, but the leaf is an end entity and is therefore allowed.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUXi3n5KEEguDuIhm4RIcP68vI1KAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQI2WOOCo6NaNzkuu4uqJpEsMGvWDyhePlkn5u4\n72NY4piwLqrq40KaOEtH6I9fbMm/wSuOgYUjDYtqasfqIEZGo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUviWpqsRfVntKZKgIGDve7VhYYBQwCgYIKoZIzj0EAwIDRwAwRAIg\nR0Az5mwdfR9aYmVvj2i7PCttPqMweFBN0OfWIuuLEuYCICnuMTUsBXja4hQLzd/0\nbLnwcaUFrEur0vWya2yjU24f\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUHRrhNIt12Po6OW+63TXLYng3N9wwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARZMT3cL1NSUu3v1jTHzmVIg45HgkdirXkCL10+\nWjE7FdUsXqjrY6yf0psTWTyhAu8utT5ciVqQF+tx6Z10AVuVo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUpL6Jm7zRC8nnGqh5GkStvqm4sSgwCgYIKoZIzj0EAwIDSAAwRQIh\nAJ6LQWpA6HweOpxkblckWuHT2uErIuJs8p/o2AR0dNAjAiBOp8xXvyV6NE3eoomQ\nhf+55yPH8aIVLy3yUGjjEpCz1g==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUJStaIswIw6kn3/OgMmuLuB/ZgdUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDA1Mzc2Njg4NjY3Mjc4MzM4MTg5NTMw\nOTA4MDE2Mzk1MTY2NTc4OTY3MjI1ODQ3MzYxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBHnD6NhbrbMogeysSntXzkg7TOLVqO3Plxlbm7ovhH0U7sN4rxTil0NgSCpN13k5\nJfiiXuHguxZOW+9EgppsrDejezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFL4lqarE\nX1Z7SmSoCBg73u1YWGAUMB0GA1UdDgQWBBTJIUvkDT7b6HqcuRQ3p9QPndVqtTAK\nBggqhkjOPQQDAgNHADBEAiAnlkiV+mMI+udMXm5nbONZ7N467jWYcFDGrvS2XlXs\nVwIgbLW9Kga15oMlqV87X2GnZ+ISb9/31FSCWzsFbDAfyfA=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUF0xE4YzgpSmhif4jA9Iw2yNi3CkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDAxNjYxNjAxNjk4NzM0NDU0NTkzMjA4\nMjMxNTcwNjgyMzEwODQxMzE3NTU3MDIyMzYxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBDU/JOy35ZplweZ+HuLzJP4RTWNA85IOx3wsJ8SEkdwv3uUeCvZnPG5TyNLrJ+IC\n/TNtNEqv1Bc37I6DNsYQRFejezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFKS+iZu8\n0QvJ5xqoeRpErb6puLEoMB0GA1UdDgQWBBRQEXvRCMl++ytDpYp5l4s2d9hrPDAK\nBggqhkjOPQQDAgNIADBFAiAA8IK69tn34bRNbVD+jU3sgLe51QQpC6wGuWb6s94M\nOgIhANhavekchx/ymI7DWRk1Ni4zrFN/fIAkKkNznl901ReK\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9jCCAZugAwIBAgIUJZo2qqdjA8xuMroqwPZayJZ7yGQwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTM3NjY4ODY2NzI3ODMzODE4OTUzMDkwODAxNjM5NTE2NjU3\nODk2NzIyNTg0NzM2MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQJ\niBavgaUAowTnnSzC71qt3lGiZe3p5soVSycr+AQItbA0Ws1Xw0gZWl976B4kZ21D\nK0wDxtrOOzzttwz4eZq3o3IwcDAdBgNVHQ4EFgQUHupJbgsZTsBEgNrZoBs59yrE\n6TIwHwYDVR0jBBgwFoAUySFL5A0+2+h6nLkUN6fUD53VarUwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSQAwRgIhAIBNBby3pQZSmYi26NBjwgBydS5uxVOUojtUiPuOzpWBAiEApXBMN8WZ\nmQ16eYAax9ZLXYzSdxAor6vbZkVFcChkErI=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9TCCAZugAwIBAgIUSFjTSqI3cwqc998B/Sv7OwwZDbkwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTY2MTYwMTY5ODczNDQ1NDU5MzIwODIzMTU3MDY4MjMxMDg0\nMTMxNzU1NzAyMjM2MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQv\n/OaSkEqQH3i2dQVRsXjTqKrU6b6ksR+Grm9N9OdpAH3CEE/ahJ7P03skQjJeg8QY\nsoz1ojtBBNyjbuw83nY/o3IwcDAdBgNVHQ4EFgQUO5oIrMRdF865hnFagXQVvwLo\nNxowHwYDVR0jBBgwFoAUUBF70QjJfvsrQ6WKeZeLNnfYazwwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSAAwRQIgGSJzcImStU8tEiX6hofM2pD+PbYoOy6OSywWQ7doNcQCIQD/rCmz9JLJ\nlTXQ7HaWvZwyakS/9pFMinV/DSJOahilfw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -53,12 +53,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:2) -> EE\n```\n\nThis is a \"trivial\" verification: the intermediate has a `pathlen:2`\nconstraint, but the leaf is an end entity and is therefore allowed.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUcZawqlsX8faaGtQ3qxPM8NybZ14wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARR066dywhJcwpj2ifNXLt2si434x3DG3rI2LhU\n8y+aRNQjmOOVhhIxKforXLSj32EGBkkJ8hrqUReCOSaQy8Peo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUgPxgABvUficJD6st6QAvP2MZ2WEwCgYIKoZIzj0EAwIDSAAwRQIh\nAI6+qToQdvwCLQ+L7u/qyM5TZOWR/WQXWMk1vHjlN18+AiBsE9NCN5q5LAuf/79p\nlB1HyiQvIUQr8hGuHMIfoU78hQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUDaDA6pleUox1oUu+bx1RKPbkW28wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARD1KjxrHX2Mel2I7qUQGrx8lsOBchwNHFrQ6R5\ntp4BtX2S+cIbvSktvG0GnBQh+tY9hyWL/ItlsUo8RzzxnpXCo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUY4Gj3ZBpTKK1O4+B/wlnd8w0unAwCgYIKoZIzj0EAwIDSAAwRQIg\nTKwElOp6yc1fI/YdHWGTNu1GO5i+pF4EXJH2dpetMlkCIQDYybnb5MfEKzkJI90k\nOozbKgHwtRnwGAzZzX3h1BA59A==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUIRyFCAfzbLezuLTqJ8c56crJikcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDA2NDg0NzY0NTg2MTQyODM5MDQxMTUy\nMzM0NDAyOTU3NTY0NjM1MjEzNjI4MzExOTgxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBERTFDP379BGbo6NUTgm/62j+9BMo2eKAmwYMu9UbXz31k29hP9ylpOjscD68kNU\nZ/KlMADNzGfQcc9p02BeoaejezB5MBIGA1UdEwEB/wQIMAYBAf8CAQIwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFID8YAAb\n1H4nCQ+rLekALz9jGdlhMB0GA1UdDgQWBBSYJmeBvke3t2OVQS0Y4kd9pXtg/zAK\nBggqhkjOPQQDAgNIADBFAiEAxjzbBIEXLKDkky9FPaXl7kQsDgLTwE1qgeJnxVKc\nEkECIHVAfxyvBl8qyaJTs/bq1Ca7yb/QiB7tf2qx4Whb8OKp\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaWgAwIBAgIUC0sW/2iG9SHkmZTpZM88NAIaFM0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBmMTgwNgYDVQQLDC83NzgwMTgwNDY0MTMwOTIwNDUzMDM2\nMjU4MjIzNTEzNjA0NjQwMTM5ODc5MTAyMzEqMCgGA1UEAwwheDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi0yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n1Q5psEU2DA4hRIRLjU/pJeVYHBlZwDXDQa5YeqCyYaiCzy8z23w2plGIbFtq7lcV\nNFWudL9JKcl6NIZn8y2vCKN7MHkwEgYDVR0TAQH/BAgwBgEB/wIBAjALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUY4Gj3ZBp\nTKK1O4+B/wlnd8w0unAwHQYDVR0OBBYEFLOzwGrMFTftgSkKhhbe8DC89dRzMAoG\nCCqGSM49BAMCA0kAMEYCIQCur4uVSJt20SmtGE6+fxCjABQH7yclEymM7EQMycyd\nqQIhAIAcv6cz/fj5r7+mcgSqG5e1ZukKVZnGubB9Voo6MgI7\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9jCCAZugAwIBAgIUDxd1Vxdf5YJ6gZNd6NeI53Y3LGgwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNjQ4NDc2NDU4NjE0MjgzOTA0MTE1MjMzNDQwMjk1NzU2NDYz\nNTIxMzYyODMxMTk4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTIwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASE\nbZJlLGr6CE4CIeNrZBYl3P0A/gunb/wEHfinAJWUqbNlD+xHNQOGS1pocZIXB7NY\nTm/+Fd3MGFmgnFXl0vzIo3IwcDAdBgNVHQ4EFgQUI1Vig/Xufv3eHnoIuHknCybM\nlhYwHwYDVR0jBBgwFoAUmCZngb5Ht7djlUEtGOJHfaV7YP8wCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSQAwRgIhAMUv2dooB95VQiky3W4oqb2Hd4XA32g1dfbJkUhnU9F+AiEAiONutP28\ntvB+Sc99UfTu0gRmXQfO13MeO4/JSXGcOhs=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9TCCAZqgAwIBAgIUPU47mDywVvPLws+7btSxm8T3pI4wCgYIKoZIzj0EAwIw\nZjE4MDYGA1UECwwvNzc4MDE4MDQ2NDEzMDkyMDQ1MzAzNjI1ODIyMzUxMzYwNDY0\nMDEzOTg3OTEwMjMxKjAoBgNVBAMMIXg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tMjAgFw03MDAxMDExMDAwMDBaGA8yOTY5MDUwMzEwMDAwMFowGDEWMBQG\nA1UEAwwNeDUwOS1saW1iby1lZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCjr\nf092A93N44KQ7v2+DssYX17kNqncydo2+O+KlSPQjdiHnXSIS9ABXWq0R9+9wf+x\nr1yZDSNZ9eO8WPkgHOWjcjBwMB0GA1UdDgQWBBQHztpzlYNXzkDzbELzWk5Wzw6F\n+jAfBgNVHSMEGDAWgBSzs8BqzBU37YEpCoYW3vAwvPXUczAJBgNVHRMEAjAAMAsG\nA1UdDwQEAwIHgDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJ\nADBGAiEAtMmx/MqlLDvdcluIR9QCRIWxSML9dHD3ZmvyH5hb2SsCIQC4D1LCt6/u\n6uOpumrIegeP1SnzjVxSLgk0lXKWTGnYsg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -76,12 +76,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:0) -> intermediate (pathlen:0)\n```\n\nThis is, unintuitively, a valid chain construction: [RFC 5280 4.2.1.9]\nnotes that the leaf certificate in a validation path is definitionally\nnot an intermediate, meaning that it is not included in the maximum\nnumber of intermediate certificates that may follow a path length\nconstrained CA certificate:\n\n> Note: The last certificate in the certification path is not an intermediate\n> certificate, and is not included in this limit. Usually, the last certificate\n> is an end entity certificate, but it can be a CA certificate.\n\n[RFC 5280 4.2.1.9]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUDf9wjMk6o1d9ZdiwomBjwOIh8lswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT5SAKHrYG+axZU2dboXZOBYt3HtneJNF2H0Z6s\ngtheb0UAz3h+OQbNJ62rWl6Ug1k90aGbeOm4DWmOFIOkGBevo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUaYen/6TXCdBUxU6Y6RRuEHR72+swCgYIKoZIzj0EAwIDSAAwRQIg\nC7gGfSS9/yyIbGBBeG1Q6jVU0Pef50Q1QczM3H0ST38CIQDi/NcKPPPQQMMAFxsB\nyWi62AJ74PoHZGQpDtfWNN6Wxg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUH9IOKhwFCiLmSVeHFvWquGieqY0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATq/UgSIzhW/MsS99k5/14TYHLUAqH2PSdQv335\nBBSYimvRalNYNlKhxRapEw1U+7les5kK5zh3ly/wLSKYdWhKo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUJlnfOKxtLUvKP1WZvrWmS5PuYuowCgYIKoZIzj0EAwIDSAAwRQIh\nANXqvS2ZjrfHCvnOGU7FFDDxGBmJ11P+B9Tfl+/yOLpdAiAax36Ct4Z99uKh+T8o\n9jmOWJW6+Y8NshLhDbnnQjGBwg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaWgAwIBAgIUaFwLJyr/7vKV8B3ZllYPWhStlz4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBmMTgwNgYDVQQLDC83OTkxMzM3NDUyOTM3MDI0MjEzMDEx\nOTE4MDc2NDQyMTc5NDc5MDg0MTExOTMyMzEqMCgGA1UEAwwheDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\ncz3vnaxbis1vVg5FxkmXW6HSrGZKK/9ShAmytxOd3m8nzjx/nyIpctLKpSGr3VY9\nQBOM+8NXocy9Dt8zsgr9zqN7MHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUaYen/6TX\nCdBUxU6Y6RRuEHR72+swHQYDVR0OBBYEFHdSXY6xv1ukPfQJHkM/lwlJ+kjcMAoG\nCCqGSM49BAMCA0gAMEUCIAD7hej21ylH/NlPHSt4nukh4wLuPDZxSHmQEO1zuQDw\nAiEA6U6aLUrHOmeRyhlPELNFnCSZLmhcbeMRCpnFA9fRx0M=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUPwAFUjOlCPH3L1kjnUsAtONdA40wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDAxODE2NjMxMDQyODgzMzc0NjIzODky\nMTI1NzcwMDgwNTExNzc3MzUyNjQ4NDAwNzcxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBM9TD37p7FW/eb3yraSErIffkcB/+3DeT45yhGN7pLLuvBDTCXPjfZD7Mq7m3OCh\nKUfBYFMx57FSt/K9L77VwaSjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFCZZ3zis\nbS1Lyj9Vmb61pkuT7mLqMB0GA1UdDgQWBBSibjRsYGecrWeB6y0oWQczkz4uUDAK\nBggqhkjOPQQDAgNIADBFAiEA5gvaIv+eAG2f190v6PFDBqm2Ny2rndoZROWsT3PM\npfYCIDotSqxq1BmjNEdDrz278233s1QwsdUzdpgmunfi0vx8\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICTDCCAfKgAwIBAgIUOcbDnFBNKc3WFz48iFHuE92OKocwCgYIKoZIzj0EAwIw\nZjE4MDYGA1UECwwvNzk5MTMzNzQ1MjkzNzAyNDIxMzAxMTkxODA3NjQ0MjE3OTQ3\nOTA4NDExMTkzMjMxKjAoBgNVBAMMIXg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tMDAgFw03MDAxMDExMDAwMDBaGA8yOTY5MDUwMzEwMDAwMFowZzE5MDcG\nA1UECwwwNTk1Nzg3NjgwMjg3MjU4MTQ1MDgzNTc4ODMyMTg1ODM1ODcwMTYxMDQ0\nNjA4ODMwMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRobGVu\nLTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT2iuVBp29CQtSUkghfZ2nYFS01\nR2XmELBQfWWK7qIDQx2SIj4x8zebZtREcpLcMqtCBJprJ07Rx7dKA7bVLSwCo3sw\neTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtl\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBR3Ul2Osb9bpD30CR5DP5cJSfpI3DAdBgNV\nHQ4EFgQUAxxAxIJ9raxZ/Hbqeq+jfGeF7X8wCgYIKoZIzj0EAwIDSAAwRQIhAJF4\ndG3V0cLLtOZzJCYZRf4cWWn9ef6R9AK+JiK3r+JaAiAxSzLIja+7MxxReNH+wxaO\nhSpyuouQBftxIz609Yr5yg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUSTIZMNXCHQ2nJHLD9CmnTRzeO/8wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTgxNjYzMTA0Mjg4MzM3NDYyMzg5MjEyNTc3MDA4MDUxMTc3\nNzM1MjY0ODQwMDc3MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMGcxOTA3\nBgNVBAsMMDM1OTY2Njg4MjA5NTEzMzE3NDU0MTMyODI5MDUzMjMzOTgzMTIxNjA4\nNDQxOTQ2OTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdpe4+6D3lRWQUgsY8Pg+5OG0\ngrZoD+onzhLgFKRV0TreUhWTeu6F+RVfH6O2uPTtoc1RgHxftcoyaDx93PwKF6N7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUom40bGBnnK1ngestKFkHM5M+LlAwHQYD\nVR0OBBYEFE7IROnaT96wz1QY41KY5hQlhvlzMAoGCCqGSM49BAMCA0gAMEUCIFbK\n5A7VUfvMsbbtRnZ8xToQ+EBZRN8fmLPZ+3Jihn/2AiEA/ca1cK262sR8ATnGH0Qf\ncwpuwOiXk8MT+ykw0DoNBvg=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -99,13 +99,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate (pathlen:0) -> intermediate (pathlen:0) -> EE\n```\n\nThis violates the first intermediate's `pathlen:0` constraint,\nwhich requires that any subsequent certificate be an end-entity and not\na CA itself.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUHmptV3mLTfJMasj9rZ0ntBU9kL0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATkHKJ/FaQnNXo2WYLuW1sw01irK6K9Cwt0KNXv\nThYoKz0c44mowXej7CN3P5nigBQ6/JQolAhNvdXqSKGCDz8Mo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUYh6SPLaXqxo9ghSodi91TOKRU7kwCgYIKoZIzj0EAwIDRwAwRAIg\nb2czAPcLl18UMmS2KUqdrhBbZfPbmD/ULFEpUFKkOmsCIDiEsVaeyrsaNPY/rvF2\nyJbfsNIvOXa8NJrM08vJb8Dx\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUFVfNbR2nLFOkTTuMhan7oAAR3lowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASVKAfwhcUnwqLnvjk3HD8dY4kclIyfUWzpQLg0\nuzXUf7QHfrKFDfArsHGQ2rmH435BYz7JFQBVyF8pce7QDtq9o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUHziE5hMyqalSvV+6+Tvhc3NDZ2wwCgYIKoZIzj0EAwIDSAAwRQIg\nK55IuqSFmp808OJiaDuM7Zd75gN2sUs3SVcaoqHUR4ACIQCkkP06CDXvuK9H8VwO\nuv1i5PrC6ROwZE8iJTHcglAp5w==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUOtgcBtAHnWvXli28JYZ1uqaU94gwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDAxNzM2NDMxMjcxMjEwNTE4MTM0NjQy\nNDM4MzMxMTc5Mjk4OTk2NTY3MDkyNDcxNjUxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBLAtt6vJrjwuR4nhljDUdLJYFBexe/ZZDTKYiEor+0cSik8Uta4frgYjzLiZIZES\nAFk+pqmF+qJozWJ0RQy2xgmjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFGIekjy2\nl6saPYIUqHYvdUzikVO5MB0GA1UdDgQWBBRq0wdQX17aT07PAqeO7WdW2seIxjAK\nBggqhkjOPQQDAgNIADBFAiBlWRg/Nbmqs0MWDyhWKsmX34/vRsOreUPFhw3lHBIt\n+gIhAM9poQ5adFu/1sb+Fbc7WVb4py7tGGuDxtMqZntR50mV\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTDCCAfOgAwIBAgIUcP4XCwGW48YkrIEMQ+zxbJqkC8EwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTczNjQzMTI3MTIxMDUxODEzNDY0MjQzODMzMTE3OTI5ODk5\nNjU2NzA5MjQ3MTY1MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMGcxOTA3\nBgNVBAsMMDMzNTk0MDg2NzEzMjg4NDU1OTkwMDM0NTE4NTk2NjI1NTg3NDY4NTc3\nNDY1NzQxNjEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETv2BYHq+SoVZO3sfYo3T+d9O\nCNKIwqmsSgM7Mj72b6+4NrJrfOuPDe8UjsRsypew7rr7/IbyCDf7/Tc6KgasiKN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUatMHUF9e2k9OzwKnju1nVtrHiMYwHQYD\nVR0OBBYEFCg0dgI1r3rCs6DGv5G4lVi/eNUBMAoGCCqGSM49BAMCA0cAMEQCIBRF\ndrTLD48z5gHtHZu/wSTDV5Kxe0sGECdyo7PgBOFZAiB7BQuyRx/k8KqXIo2iR1Ur\njVA27vZSmMbhc9huIO32vQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUPQkrQva2SUQWDd2tXhxW1Qr2odUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDAxMjE4NDY4NjYxNjgzODI0MjM5NjEw\nMTE1NDAzMjY5MzA5ODMwMzI0MDE4MTMwODIxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBAVEsC6GxYymVxtZiZ2grPb8Vl5oeARfF1CfDbAFBqZ2kI4gbEmbyrTNheeJz7lO\n6/sGwQZe3Uz8YJYof2PMFt6jezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFB84hOYT\nMqmpUr1fuvk74XNzQ2dsMB0GA1UdDgQWBBTfNekfoJTBZerQgK4K5p/PC5mddTAK\nBggqhkjOPQQDAgNIADBFAiB3cMyuDkWUlV+z7+dohXmkHE67eTcBL0jSUjc1WOXZ\nXgIhAJL+c/g3jfPUndpKVhwQzuEjhd0FYxd6ToZ8EvLmbDfX\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUPNEMd8xPriL5nsZRREu2zH5upCEwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTIxODQ2ODY2MTY4MzgyNDIzOTYxMDExNTQwMzI2OTMwOTgz\nMDMyNDAxODEzMDgyMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMGcxOTA3\nBgNVBAsMMDM0ODQ1MjkxMjM0MTkwODg0MDA2MDYyNDE4NTQxNzk2Mzc1MDg0OTgx\nOTA5MTQxMzEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOYT3nU7JGyoOjbXzpIC8LCbf\nkE07iAEJWX2QpZPRBYO4AY82gmIABd6Y4fKk/+2QYB9/BcOR8kJITu2dd5dm9KN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU3zXpH6CUwWXq0ICuCuafzwuZnXUwHQYD\nVR0OBBYEFBQymhu5RZDnvAhkNl+iKShlJ7yoMAoGCCqGSM49BAMCA0gAMEUCIDvI\nczJoM2Un4n501LMwIAGDBOrmVvS/PkmbWBU3ogzBAiEAgVI4W0CQwoXZlUx1teXg\nQ1Gfn9mI4o6HvcE8CQUbTno=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9TCCAZugAwIBAgIUL1RkVqRO/Uodgm0ypQYdxr2RbkcwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzM1OTQwODY3MTMyODg0NTU5OTAwMzQ1MTg1OTY2MjU1ODc0\nNjg1Nzc0NjU3NDE2MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARN\nS6rp37gs7wIC631aKrfddS+ia2KoTTYOSUufN8DnNHHWHnyvRnZks+qYvcrPA6gs\n7M1IWuUwM9SGwdF/57CFo3IwcDAdBgNVHQ4EFgQURASozQvKXvmnBvwLyLoopIl5\npAEwHwYDVR0jBBgwFoAUKDR2AjWvesKzoMa/kbiVWL941QEwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSAAwRQIgXhaTtLkoQ3RKDbo4Eh5eODu1lA8r/4CoFyh/vaTxcQACIQC8jbmYtrT2\nbpEi3cj8Se2ejHEKUtR9KqLxEECwnkFAcA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9DCCAZugAwIBAgIUcoS3OHlZSOSoDm9LMb9zV8J5koUwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzQ4NDUyOTEyMzQxOTA4ODQwMDYwNjI0MTg1NDE3OTYzNzUw\nODQ5ODE5MDkxNDEzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3\nSboRQEQBWblR8xTMW3pN6AhCXiMFnIOTCOF60IZUghMlmwadEVmJWp3Pz5p6yMZ7\nJ8ggIgsPUcAFfwmv+JnDo3IwcDAdBgNVHQ4EFgQUWBGu5BB4li2yGs5aYT31ARyx\nG04wHwYDVR0jBBgwFoAUFDKaG7lFkOe8CGQ2X6IpKGUnvKgwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nRwAwRAIgf0NqHIaHpRiC652gmaBhDjs2HhEWaIkVr+1acwTOVvoCIHBv6Hr/QEcH\n6hcQc6Ko9y12vLVtNwo4I8Yu57x2fn26\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -123,13 +123,13 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:1) -> intermediate (pathlen:2) -> EE\n```\n\nThis is a less straightforward case as the second intermediate's `pathlen:2`\nconstraint seems to contradict the first intermediate's `pathlen:1`\nconstraint.\n\nRFC 5280 permits this as part of supporting multiple validation paths.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUBOLmiDatYNqyCCohL3aBrOf1qJYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS0v40HvsZ4mfMRmPP887FcXhUkMHbnrZQANfrL\nM0SgUTm6ey0i5itvDXkN8fWNmE58WQ6Gx+22I8zsjsbTv46Co1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUxlkeQ9NDb7iudxlD9d/g0uUCLHYwCgYIKoZIzj0EAwIDSAAwRQIg\nTB9P0UQXx5TZIMAvG4hIOTVekjzzgWXkEc/VVAlyLnUCIQDjqQ4GC1AP33XP81MX\ny43b1VX09AKEtrHMqaFeTCm5xw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUP/vVP0tSomSW+KGRe3Uyte0lmSkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQbNuxZM7hpg6w9lbDNJ8R3NmY1LWNtpKmR5if5\nKQ7LHpFrguYqz7FE/lAWU83kTn7JH266IUHKR+gPE6KjnyfXo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU8d8m5cxrAdwiISCdgCX2rFuopn8wCgYIKoZIzj0EAwIDSQAwRgIh\nAJGx/3EyGC403LiE6JIXw9OHRLxK5nPthKFlWSRxS2A1AiEAqgp2L39yuv1KaC8B\nsCWp/8zNHjuq0JuIMeNXB8KvkFA=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaWgAwIBAgIUTowhnGT7dldnlsOb3QyLLOjLbsEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBmMTgwNgYDVQQLDC8yNzg5NjAxMzY3NTAwODAyODU5ODM1\nMDk2NTQ0OTQ4MTUzNDMzNDYyNDQ0MjUxODEqMCgGA1UEAwwheDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi0xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\npjay1e5yvAenTXE09IyUPfmHs1r73Y1ede/6hm6Uze/6JriShjhFt4+UpUyZeIgu\nftzyaXyk6zeX8SGzbANoFqN7MHkwEgYDVR0TAQH/BAgwBgEB/wIBATALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUxlkeQ9ND\nb7iudxlD9d/g0uUCLHYwHQYDVR0OBBYEFKTyyvOPfvCzM5aOd1VQKfoi4CUOMAoG\nCCqGSM49BAMCA0gAMEUCIFV0QEPWOt2om8Ecm1fXZpOQwamrZP2UgJ6j6HnUzjvX\nAiEAl3VEZGsqA4kQfdGhkzPMqONOGRB2UwV+voOpM1xg1m8=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTTCCAfKgAwIBAgIUA3bu5hbbcrsb4hqxDh1IP80nCNEwCgYIKoZIzj0EAwIw\nZjE4MDYGA1UECwwvMjc4OTYwMTM2NzUwMDgwMjg1OTgzNTA5NjU0NDk0ODE1MzQz\nMzQ2MjQ0NDI1MTgxKjAoBgNVBAMMIXg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tMTAgFw03MDAxMDExMDAwMDBaGA8yOTY5MDUwMzEwMDAwMFowZzE5MDcG\nA1UECwwwNDQ4NDI2MzEyMzc1NzY3MjI0MjIzNzY2Mjc5MTg1OTYzMzM5NTg0MzQ4\nMzE5NDI1MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRobGVu\nLTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASErG/CbN4NjkJZCGTTHxGt6Dp2\nP9XjYIr25/9bkiNVpJxjvPAjDSqVA089eyDbBiuQ2DeRLs6zDFhwGG6M4LFCo3sw\neTASBgNVHRMBAf8ECDAGAQH/AgECMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtl\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBSk8srzj37wszOWjndVUCn6IuAlDjAdBgNV\nHQ4EFgQUNmUDlQtqcttCT4nM61jeMLgsqhYwCgYIKoZIzj0EAwIDSQAwRgIhAJeh\n8KgELv+VfDqSYdustHIYM4mKmGqjix/RJDGb63tNAiEAyrtf5qTuhtNSjxI5j/uy\nxPDWoDRDzpjtHmoMiSQHCe8=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUGf7hWZ5rmhlb0Hmzv8uuYzrhI/kwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDAzNjUyODI0ODIwNjE1NDY4MTkxMzMw\nMzYzNzYwNjI0MTMxODMyMzQ3MDgxODMzMzcxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBH1/K9AXzBPQB/uR793lIfy/KIxQNM6HGVj4+p/wNliYDeN6GAY+d1pQSODfbnD3\npy5y53Q87VdUa2yPUX0X1aSjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFPHfJuXM\nawHcIiEgnYAl9qxbqKZ/MB0GA1UdDgQWBBRxcWxnu1kiMW/Zuviw1jfnL7QtMTAK\nBggqhkjOPQQDAgNHADBEAiA55CRFfal41srofF8QWxZ6s/b3sI2k55CxnvvwQIQY\nbQIgY2DNx60WV9XbQvQvq2YvZIVj1uPldg5BK+1GA3czJcQ=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUZNJBg/D6HogESQxz/zQ3PZJszoUwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzY1MjgyNDgyMDYxNTQ2ODE5MTMzMDM2Mzc2MDYyNDEzMTgz\nMjM0NzA4MTgzMzM3MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMGcxOTA3\nBgNVBAsMMDE0ODQwODc4OTMxMTA2NDc5MzAwMDg3NTUzNDg3OTE5MjUyNzI1MDA2\nNjA1NjE4NTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbKe1/v7yLQ++9rrgAiUnmbd6\nGt62Nw6PMe7nM6J1gRNCXLeJ3b2siBL+U2+FFDF3UO71K6KrqrGewQsMmUYCnqN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBAjALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUcXFsZ7tZIjFv2br4sNY35y+0LTEwHQYD\nVR0OBBYEFMA1On4PDu+n1WoNCi9evcWXK0NBMAoGCCqGSM49BAMCA0gAMEUCIQCC\nOYBVxdTGDgVPHwdSHKQsxbx93M+qd/0IZ2wZzYY0zQIgVbYhnSBNhgu8499+rrpc\nhj5Miz7UrUTrfYj/ZPYNpnI=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9TCCAZugAwIBAgIUYBsgz2gcHlP1z/BZc9TbG80yHxowCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDQ4NDI2MzEyMzc1NzY3MjI0MjIzNzY2Mjc5MTg1OTYzMzM5\nNTg0MzQ4MzE5NDI1MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTIwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASZ\nmqO7T+T/VspoGiIMdYvHOcV8pMchhn0vQaS0qhN69b6j4bevszNlX8vDRfcvgq15\nuAcrQ2i2GMr03Ykn4B8yo3IwcDAdBgNVHQ4EFgQUjV+ot+vLoxgGAnkrQYCSUNSi\njJEwHwYDVR0jBBgwFoAUNmUDlQtqcttCT4nM61jeMLgsqhYwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSAAwRQIhAIouRafnXrUfrgXbm+ctMEz/1tuMSQJQkdUCK2U2pJYAAiAfoUPGMz62\nNuwwp6SjJZTj8tufIXxQiJlr9fbpNSBx2g==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9TCCAZugAwIBAgIUOtMcPUhCY7T4foWdZZj2YsL1klQwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTQ4NDA4Nzg5MzExMDY0NzkzMDAwODc1NTM0ODc5MTkyNTI3\nMjUwMDY2MDU2MTg1MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTIwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARm\nXrhuC6H8CCyCIRz00iOTJnbYzq7ECm3PNGzZV7X/NA8eDxQ2GaQk/qu9SgbDC5oj\nQEGxp+RAww3i46ieiTKOo3IwcDAdBgNVHQ4EFgQU4AIwqp+LAyiOHKGlZ53ICSFw\nmIMwHwYDVR0jBBgwFoAUwDU6fg8O76fVag0KL169xZcrQ0EwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSAAwRQIhAKNG4nfwpuL55ykMYSjWFoxefCPmFDwjTpYCR4b8FZeuAiAu8JRjzCLD\n8vGZ6CSzChZUKa5XBZISx0OSpb2kn5GX1g==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -147,14 +147,14 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate (pathlen:1) -> intermediate (pathlen:0) -> intermediate (pathlen:0) -> EE\n```\n\nThis violates the second intermediate's `pathlen:0` constraint, which\nforbids any subsequent issuing certificates (which the third intermediate\nis).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUcnfuVcoDejN8Luu701qIFmbymTowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR75OQOmAo7ttZiTdXYSfL0WdDZY4jEwA6oi1u9\n6jzPcs5KJJumMgq7IvcwPNBYniF0l8o5IMUJxzHGW/dNxFfmo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU5jnbtjWctcOS0dxiZt0r7N+djSAwCgYIKoZIzj0EAwIDSAAwRQIh\nANGXj//ban8jY0rrZLUHinRWKDqDwpIIsZmvZxM1bmFNAiBHfuZ8JNsPaap6yery\njmz/XKHw3Z6uPXQuoP9OYBdCGg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUERqHWf1YfFAZELkUtvq8xL1rMmIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQwF+VvRURKlw7Ms4ttQkiAqLysYwvHPVBu6DrY\nxu7QXizvWVLNw3kkOpRSK7nyqia/vw7OIpBOUSkIdOT3+Wgio1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMFytRjouReKiRWwCa+IPhsOf6v0wCgYIKoZIzj0EAwIDRwAwRAIg\nYE32v74hhOgDXJePggzsDy7qQityM6/+9vnQnglE4l0CIH80yOtg9zR4JljsOBYc\n86vcQr57asAqBJAaEoPAtdvp\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUX3R2d0ZqolLstsd0NNP+yokdpI0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDA2NTM0OTk0OTg0NjkxMTc5MDc3MDcw\nNjE4NTI5ODU1MDkwNDA1MTg1NzA2MTMwNTAxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBIOfDZbVvSf0910lUmv1IYB/4nK9pIhZl+kUK206NRHqF2Fu6rrn3FwvHv41BSSx\nULEQrR+dulf3hRvcL6yLp7CjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFOY527Y1\nnLXDktHcYmbdK+zfnY0gMB0GA1UdDgQWBBSu6mWijPJMw1I/54WDDDxTgkjprTAK\nBggqhkjOPQQDAgNIADBFAiEAzFYn6Am8QvG6L/63O9cz8EaTAy2POSqMvznH5mxi\nkigCIFTm5Jy217dX8DGTJrQbEElWcY4wp1LyxC9V+ofOVqkS\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUYYox0SxquR74AZKLlGL8se1kaFIwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNjUzNDk5NDk4NDY5MTE3OTA3NzA3MDYxODUyOTg1NTA5MDQw\nNTE4NTcwNjEzMDUwMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMGcxOTA3\nBgNVBAsMMDU0NDk1MTMyOTUwODIzNTU1Mzg3OTYyMTYxNDc1NTg5NjQwMjU0NDk2\nNTgyMTU4MTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXeOrA7BWdI8ZhOFi90Vra8r4\nH3y7XSkbAsW+S6Ac01trL0HSz1LcXis4Pbg7wT2AAk3jjtz4U0n8nGSGdXSsP6N7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUruploozyTMNSP+eFgww8U4JI6a0wHQYD\nVR0OBBYEFMsRdx70uOqliNZRLRCXa/8duPjuMAoGCCqGSM49BAMCA0gAMEUCIHMA\nOQPmnXZUC5g3wNPUVuWoliwAUczPOA3GuI5fOZWiAiEAuhVG+Ymt0HbwK9CbSakY\nVai8rYulrZSlexnE5D5A614=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTjCCAfOgAwIBAgIUXwjvRM3WsIaz9ZWUx8J4HTckeEswCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTQ0OTUxMzI5NTA4MjM1NTUzODc5NjIxNjE0NzU1ODk2NDAy\nNTQ0OTY1ODIxNTgxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMGcxOTA3\nBgNVBAsMMDU1Njg1Mzk0NzI4NzM3NTE3MjU1MzI4ODE1ODIwOTU1Nzk2ODY0ODU3\nMzA1MzAxMDEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEu8pV+Yq1Szk7KKsIyOynAqiD\nqfQ7IogI6+TCcyqSzD/HKgP1j9uM785dllmpUvH2wpvIGNjudk+/yx9UzPH9b6N7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUyxF3HvS46qWI1lEtEJdr/x24+O4wHQYD\nVR0OBBYEFBKFyLCehlU6iDs1kelzH4g0i7bgMAoGCCqGSM49BAMCA0kAMEYCIQCv\nAit9C9dk2RHBwZpomh+ooHt95TlF56hYRIoDBz28CAIhAI8iV3g2GgYII/0tlJaX\nbRD03KS5WGNed4vjOBL5V8Rt\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaWgAwIBAgIULJJN1b1F67WWSwCtVN+dBgEzN0swCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBmMTgwNgYDVQQLDC85NzY0NDQ1MzI1OTY1MjYzODEzMjM5\nOTg5Mzc2NzI0NzYwODQzNjI0MzUwOTg1ODEqMCgGA1UEAwwheDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi0xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nFJdoj2eXOpmTdtD0/Aj2/GAIQf1A0+lIDkAAxUHCllUhq3fCH3TGjdmVfzZziF4c\nGjPS9IjeRpMh+2gtFGOl46N7MHkwEgYDVR0TAQH/BAgwBgEB/wIBATALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUMFytRjou\nReKiRWwCa+IPhsOf6v0wHQYDVR0OBBYEFGvbYxEI0JyCwNv+rlzPH1Wjnt+IMAoG\nCCqGSM49BAMCA0cAMEQCICQCXYpeY0g5/Pg8yEvAvT9uc2yBpvvigGSUYu5oNxED\nAiBUmXmqCaYLYdJeKTyoT8+CDY7kQr/GtCjdE1IbnXkuiA==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTDCCAfKgAwIBAgIUT+X1bZ/sFpAi6Gz+E7k9CFSgL2owCgYIKoZIzj0EAwIw\nZjE4MDYGA1UECwwvOTc2NDQ0NTMyNTk2NTI2MzgxMzIzOTk4OTM3NjcyNDc2MDg0\nMzYyNDM1MDk4NTgxKjAoBgNVBAMMIXg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tMTAgFw03MDAxMDExMDAwMDBaGA8yOTY5MDUwMzEwMDAwMFowZzE5MDcG\nA1UECwwwMjU0NDU4MjgzMDkyOTgyNDUwMTgzNDYyNzUzNjQ2NjI5MTE1MTU2NzM4\nODE1ODE5MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRobGVu\nLTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARWG+/fgoT28sRfb5l21ci9U27Q\nRral0cw7+mRoCy0HnfRSYHAIwEbZCd6MfDIDD+rHXIUJJ/ONVmJZgb5BZ8QWo3sw\neTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtl\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBRr22MRCNCcgsDb/q5czx9Vo57fiDAdBgNV\nHQ4EFgQUnUZSdvMwMNOGKJ6raO10TteRkFkwCgYIKoZIzj0EAwIDSAAwRQIgTAzd\nEO00uh/muM5WtYCPo8HbhjYF8Sy8zVpHmslbXccCIQCujhnuzfcBRVE2tqN73sdr\nmmV7Y+Ar4jrMYL9afjd9tg==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUB/Sn9ijJrlcPqVzhJfs3yv46s6wwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMjU0NDU4MjgzMDkyOTgyNDUwMTgzNDYyNzUzNjQ2NjI5MTE1\nMTU2NzM4ODE1ODE5MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMGcxOTA3\nBgNVBAsMMDQ1NjEzODUyMTM1ODk1MTIwMTc3NzYzNjk4NzUyMzA5MDQzMzY4NzM4\nNzM4NTcwNjEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPtm+eIY19bcKRq2t5wo9MPOM\nO35aV/AkkYv7iH5FeEsRpsMTRfifBWLUeydQxuiG3GiwPdpZERktqFTHIuZoaqN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUnUZSdvMwMNOGKJ6raO10TteRkFkwHQYD\nVR0OBBYEFHrIqfaqn9NUvr7vFvTCqaz1xCEqMAoGCCqGSM49BAMCA0gAMEUCIFgW\nri0/FZamR133Uv9ktLwOdwQMrHpFhiFqArNt7bGKAiEA9au0LAts3mm1Iu8R2W2o\nR+kifYCu0pMquTeaBozyCyE=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9jCCAZugAwIBAgIUMtVvFxOpL8eCb7RXbalIh8a/7cAwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTU2ODUzOTQ3Mjg3Mzc1MTcyNTUzMjg4MTU4MjA5NTU3OTY4\nNjQ4NTczMDUzMDEwMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQs\nOGWn8jGjJtC5xUDljkuU3u8n+Qo5ZHkHghWvA4ZYQdgt14B6GOjRIegQmcczqLBF\nSCA+N2zTDls+h0v7yOrSo3IwcDAdBgNVHQ4EFgQU0hStInI7N2YF9s9v8ddLIfVm\nfoYwHwYDVR0jBBgwFoAUEoXIsJ6GVTqIOzWR6XMfiDSLtuAwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSQAwRgIhAJHcpAEMrEDsGFgVhNEHUtGDguCqsq4ivzYxJsdcR+IcAiEAlBf0UBNv\njaqZ4EfjCoUkxflO6V6/uRyIqIbqqLvzl9M=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9jCCAZugAwIBAgIUeVlGusz7oo+wf0PV2fIN86HW/mwwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDU2MTM4NTIxMzU4OTUxMjAxNzc3NjM2OTg3NTIzMDkwNDMz\nNjg3Mzg3Mzg1NzA2MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARh\n7u67PIYiKzUuyQf3BiSXCImxDcqe0EIh82neHzhlJebeQnHk7S+K/pnQE/fsFh0y\nRsDKSBloRLSB5NsqbgQ3o3IwcDAdBgNVHQ4EFgQUZJXW8Ik92SVajknOHFAe64X/\nOCUwHwYDVR0jBBgwFoAUesip9qqf01S+vu8W9MKprPXEISowCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSQAwRgIhAJZDvBIUyAAH9Z88WfC+sWUDDCf8fam8673t9ip0xeFxAiEAnixIIum5\nh/rp8LAGNsv+tGYPGGnUpCRDp9SWdVM8bbc=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -172,14 +172,14 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> ICA' (pathlen:1) -> ICA' (pathlen:1) -> ICA'' (pathlen:0) -> EE\n```\n\nThe second ICA' intermediate is a self-issued certificate. Self-issued certificates\nare certificates with identical issuers and subjects. While this chain trivially\nseems to violate the assigned path length constraints, the [RFC 5280 profile]\nstates that self issued certificates should not be counted.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUZJpeoK0CsqFkoslkMrqGtu63oS8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARgYAHsjAEFI4hfRVMRZS3kwIVwxozDPPLe7QkD\n1UHwn98OtbcE0KFnGFipMrJJKuTJOFaxSFN3dbK5zwSBw+5To1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUclHqbcXheQsfLp+vWC7lrykgHUIwCgYIKoZIzj0EAwIDSAAwRQIh\nAO0ai8HVgRfsTfQ1xNDdLiTDDep6QXJ3+0VNTvQsjlpRAiAG3nq8nHKwLNbpDO4+\nSEKOQ2hvfvfodxg8SKtal2fdXQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUHn1aB54mKvlwuQ9Ki0y/KygGYqYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQbina5eCgjsL2rCo92cjyr4TCLCLWasyAtBN1S\n9KfDKveqbrbAslagieZvqMQv3XEXiu+bLUnb7fHftx95DHuWo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU4k6yzpP8LXvBvFcZA8M/56DYrWAwCgYIKoZIzj0EAwIDRwAwRAIg\nR2dPfZOGGqbQV9ZbPFggBR1ejlBYNUxMSPEXGQeaedECIFcX9OYlkZxD0/0r0LXV\nv6iSdtNFHdkNut+u6dOWndFa\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUEiDbKQ44IfO56jbLtrOiveqHt9UwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDA1NzQzNDE2MzUwNzI5ODQ0MTIxMjA3\nNDYyNTM2NTA2OTA3NTAxMDY4NzIyOTE2MzExKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBAAPJW9MHzjNT//bTNvqTtl8b/+/qungY4UxxvKDZGdNnVe3qvw6iIUera1jKOVW\na2C0F3cn/mtyKL+N+t2POIWjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFHJR6m3F\n4XkLHy6fr1gu5a8pIB1CMB0GA1UdDgQWBBR/Qv/EGZswCBHe5i2Vb3UJrnj/YTAK\nBggqhkjOPQQDAgNIADBFAiEA0DZY35TpFnEsE5c4OckSEiLn90MLoV86goq8EzSf\nm0ACIGgTnDzisoiIE0VmORUtY28PDrngu+SjZbLR9ge5LY02\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTDCCAfOgAwIBAgIUFUpL4mQF6Qps08zWPZDzy/BE9CkwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTc0MzQxNjM1MDcyOTg0NDEyMTIwNzQ2MjUzNjUwNjkwNzUw\nMTA2ODcyMjkxNjMxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMGcxOTA3\nBgNVBAsMMDU3NDM0MTYzNTA3Mjk4NDQxMjEyMDc0NjI1MzY1MDY5MDc1MDEwNjg3\nMjI5MTYzMTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEs+K0OfPUEN3xG9a6vqdLuQSL\nL706X5YeWnF5poKzXcq+D9hUyxGVdXzXp5yL1LhxQe7Qsp7Awj+vaxxDrCrQVaN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBATALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUf0L/xBmbMAgR3uYtlW91Ca54/2EwHQYD\nVR0OBBYEFFqQRfC8aGlF3hzSaUgRGjDBBFHVMAoGCCqGSM49BAMCA0cAMEQCIFnV\nqFWpYB+CNu5zXRAekn/GBuzCL73A9pPLQNaHtyT/AiB4/uwc+UPoahX3XD4f2geR\n8gbjKBmM4/o+YppbSsR2bQ==\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTDCCAfOgAwIBAgIUBZ063Cnigv+Xsq9q7dprEdpc66IwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTc0MzQxNjM1MDcyOTg0NDEyMTIwNzQ2MjUzNjUwNjkwNzUw\nMTA2ODcyMjkxNjMxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMGcxOTA3\nBgNVBAsMMDEyMTU0NTY3MTc5MDIwNTE4OTk2MjE0NDg3MzIzNDg3OTA1ODk0MTM0\nMDYxMTYyNTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOU1o6qAsYfY0dWkyhbtGLlih\nCwSimI4uxi5JcLn87CwNr771J7q540kRUuzi8mnbOBRy1pV0wVaIJ0wHKkXuQqN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUWpBF8LxoaUXeHNJpSBEaMMEEUdUwHQYD\nVR0OBBYEFNrpaPnKPw3sOBAE39ptq1fK8qnLMAoGCCqGSM49BAMCA0cAMEQCIDjc\nWwY0mUo/1v1AdlWhZCDAC7TRk0uDrxibisvcCmHqAiB0F8Dglf/3gMOH/ezD+7g3\nLJ2MFY5ISGsMmQQ8iIOLnw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUULn8c6+yLxUKZ/nqTNOKzSPEhyEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDAxNzQwNjUxNTg5NzI0NTgxNDI3MjY5\nOTY2MTY4OTA0NzQ3NDg5MzMyMDgxNzExNzQxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBNGsbEeKZKjhrJJQqJ9U8onBU8Hvsq9JwZhASoYuUm5WDGlES05MEqXU3p7mNm9e\nhm6p+YWz0Mp5qDnWRHjrscOjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFOJOss6T\n/C17wbxXGQPDP+eg2K1gMB0GA1UdDgQWBBTcwCSWZTaJcCg3IHTIYpTkHVefCDAK\nBggqhkjOPQQDAgNIADBFAiEA6Q+eDSPBJ2yn0EAG0MzIY/A25KMIm4hsftUBKyxE\ntNICIAT3cDlheOIHZkaFJ8AeokdumDMZhdLYMw8h5gu9dX8h\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTjCCAfOgAwIBAgIUWiHq64z673cHvOWaomLH0ATsA44wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTc0MDY1MTU4OTcyNDU4MTQyNzI2OTk2NjE2ODkwNDc0NzQ4\nOTMzMjA4MTcxMTc0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMGcxOTA3\nBgNVBAsMMDE3NDA2NTE1ODk3MjQ1ODE0MjcyNjk5NjYxNjg5MDQ3NDc0ODkzMzIw\nODE3MTE3NDEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKs8LdDCsBTA6Gm1R97CgOfmv\nUYTWY9nrJeRJv0jy2EdkWq+UDMdMRFl/FWvqBjeqJQVz0+dtShvztNs3N3RB1aN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBATALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU3MAklmU2iXAoNyB0yGKU5B1XnwgwHQYD\nVR0OBBYEFFWI49p4+cyrP0zTL65pvg/4r31oMAoGCCqGSM49BAMCA0kAMEYCIQDO\n5vJvcFG2ViG1U+8Cca+O8qNnmHF77r9KpkdqxMv8MwIhALXo9uU97/3m/o2BwsQL\ndLKbazvEtjUnFPRYQ/C906Xy\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUDGh+MLDxnDB2KQdianVxQ6zo5sgwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTc0MDY1MTU4OTcyNDU4MTQyNzI2OTk2NjE2ODkwNDc0NzQ4\nOTMzMjA4MTcxMTc0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMGcxOTA3\nBgNVBAsMMDUxNDU2NTU1ODM5NDM1NjE3NjYxMzg3MTE1MDA0Nzk0NjM1ODQyNjM1\nMDM4ODExMDEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExF4Fn/05QGQMEPh3NBef1F/Y\n5udZFVYbQ0kZWbGSAMr80TBpyMjjve5ssQ7hJBYcw0rvyko8DARGviJwI+RMsKN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUVYjj2nj5zKs/TNMvrmm+D/ivfWgwHQYD\nVR0OBBYEFLgQTID5NzA8l7I+gR96nPCnp8I4MAoGCCqGSM49BAMCA0gAMEUCIH3i\nrLLWm5Og8bqUx+be/SpRzlwT10Ulo9wV33CLjQEGAiEAkV5F6MiEv9YmM3Q1fxsW\niog6+lGrRgkTMmso5u7Ec7c=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9jCCAZugAwIBAgIUFOd0YZxJ9StZiMUyRAX3AtkMLzEwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTIxNTQ1NjcxNzkwMjA1MTg5OTYyMTQ0ODczMjM0ODc5MDU4\nOTQxMzQwNjExNjI1MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASc\nEX2JGDX+aVFtizWWz9R9p+C7x+w3w7eeZF27vXBhtckpooAEvOk6IQe/5E4Gspez\nBjNpCX6hbVlt0II6t8/zo3IwcDAdBgNVHQ4EFgQU8rpVeheOujw7CTukQ47U9Ekf\nLZEwHwYDVR0jBBgwFoAU2ulo+co/Dew4EATf2m2rV8ryqcswCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSQAwRgIhALFU+DEHEWXgF11mRmG4JQ0Xmrd2+PhUlYGrGUnqPfOuAiEA6eWjaqXO\nU8Iql/b6BFZ+K8AG08sOjup0sobh1YM5tcE=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9TCCAZugAwIBAgIULQ0rFW4clV71GO46M0PEeIIzMl0wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTE0NTY1NTU4Mzk0MzU2MTc2NjEzODcxMTUwMDQ3OTQ2MzU4\nNDI2MzUwMzg4MTEwMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR+\n7m3T9umb3FxtxUJ4ma2MfIo7V8UM03oNZi4/4ZYOd1F9Zl443ac7611Kvtb6675P\nEF86V+rKivwp+tFoMdIdo3IwcDAdBgNVHQ4EFgQUGN2estsRXoo4tdWhZKv6Vv1f\n0iAwHwYDVR0jBBgwFoAUuBBMgPk3MDyXsj6BH3qc8KenwjgwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSAAwRQIhANgw2FST+aCytCintj5ESA1oQBq+XpEHciRGvf1qm3LcAiBVHCpQyZP4\nVrlnekmgALJjVdJcve1VPwHssGfAWIDIZw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -197,10 +197,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is invalid solely because of the EE cert's construction:\nit has an empty issuer name, which isn't allowed under the RFC 5280 profile.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBcjCCARigAwIBAgIUcibU8tya2F6KU/JkKIpoUqgTN0gwCgYIKoZIzj0EAwIw\nADAgFw03MDAxMDExMDAwMDBaGA8yOTY5MDUwMzEwMDAwMFowFzEVMBMGA1UEAwwM\nZW1wdHktaXNzdWVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qwvZfwB41oj\n13HOm5zDaGRF2DC9nOm4KgVok1Q+gToiwFOnsUWOXDrykukp6dwsH+FBJsUO3nVe\n0GSygPaymKNXMFUwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0R\nBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFNa/InZ4L5+eTTZQ4wWf4bhU4qm+\nMAoGCCqGSM49BAMCA0gAMEUCIF6iyZ8hPfdtVJVhdx3DMq5/2CUdDJ4Mxh92z94e\nj6bEAiEAhMNYapVtQHSfZo9hmQXhvjtZAHX34LZloltVHBRzcJk=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBcTCCARigAwIBAgIUSo05I/IH823ig84zabU1OdiJ04IwCgYIKoZIzj0EAwIw\nADAgFw03MDAxMDExMDAwMDBaGA8yOTY5MDUwMzEwMDAwMFowFzEVMBMGA1UEAwwM\nZW1wdHktaXNzdWVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaXAqC5L5Uzf2\nsdn+jwfcK7TX1bYfVhz1H5yDNL3hbIQL50YOx25NCaI14SBtZ+FzIXaJWhoVpF12\ngqSGu7LAuaNXMFUwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0R\nBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFNgM366kzBCSIxAvx24iGHt/no2E\nMAoGCCqGSM49BAMCA0cAMEQCICEmSmTODKF8XUog+RB/mIU5eHnZ5Z4c1T+4TvU/\nCRAFAiB9d40nHm0LJKqj/8qZOFiFcodsvFFOss8v630OWDqiNA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpTCCAUugAwIBAgIUFztOIKpyjnfuGwUv4rZY/B/JoCMwCgYIKoZIzj0EAwIw\nFzEVMBMGA1UEAwwMZW1wdHktaXNzdWVyMCAXDTcwMDEwMTEwMDAwMFoYDzI5Njkw\nNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAEhMutlIr6qNBVQQxMWlrOgRS/shZ+e/5M17rHBA3Wl3aE\neXoPkpFOMlncxeU+dU78gbjLRMvTMHtomvlzhD9is6NyMHAwHQYDVR0OBBYEFIlj\nB+KUfH6jrx13jYHIKPt5lKCMMB8GA1UdIwQYMBaAFNa/InZ4L5+eTTZQ4wWf4bhU\n4qm+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1wbGUu\nY29tMAoGCCqGSM49BAMCA0gAMEUCIGnmG+6I3PhYLEEVk8RLJHlD6kwWDD8hu2th\nQGh8Fpt/AiEAzKk2D3yL3Djwp8w600JXpU+Ifn2udSdp6Gr/nvgm+Fw=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpDCCAUugAwIBAgIUT0dIsihJGuIVLS4UDDwkEWZHSRswCgYIKoZIzj0EAwIw\nFzEVMBMGA1UEAwwMZW1wdHktaXNzdWVyMCAXDTcwMDEwMTEwMDAwMFoYDzI5Njkw\nNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAEZW8Ze2Wjv9kj6OcH0sHGy+GvbH9DQeACK5tlHeA03k3L\nmcNGCwrkdoyqyeIhixd2uIDTnp0evoCq2Txd6jjgI6NyMHAwHQYDVR0OBBYEFIMH\nSMRCMRtwdi81tI1dGbmw9iQXMB8GA1UdIwQYMBaAFNgM366kzBCSIxAvx24iGHt/\nno2EMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1wbGUu\nY29tMAoGCCqGSM49BAMCA0cAMEQCH0yl/bgonscA3mPdggRgRAH1SuL3XCs9qHLk\nVEPjl/0CIQDdkPKWmewKDfgx8SspPDp570hABLahEUjjq46ew6bHuQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -218,10 +218,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert has an extension, 1.3.6.1.4.1.55738.666.1, that no implementation\nshould recognize. As this unrecognized extension is marked as critical, a\nchain should not be built with this EE.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUJOBk5mykG4E6WoQYNDNnJvxuZc4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASLvkIrpMU/JX2Hk+IYrcEzkQOlfExWrN2nP/V9\nKh3tGW/Q+MnFcmiv45kfsM+LLfgCzotzZCRiA1Vv8tMFfdXCo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUBaSdUOjkORu7/+tcndKRnbIrZbEwCgYIKoZIzj0EAwIDSQAwRgIh\nALGapIyjqQbh7j9z5hf7bvUeeXPJBRWtKzxfN/yGOJsRAiEAyMbpNhXKfVIbrOi7\nPk8l+zh1zJiL9+7D3XfkPBQMkYU=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUAR9w9MZ5JgLSyxm6vMtoesbBIUcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARtkXCUoWbhBB2K8IzVwyJgZdADTVBoCoWNV+EX\nVxSSOeOqAG3lbAOhOPltlUV5q9I+yNGwN1e+IeZ5N5tX0l+/o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUdDsr9CI5NM+DdfJmqov2QHy43lEwCgYIKoZIzj0EAwIDSAAwRQIh\nAJdMOJ1Wf/97u9iGpVScwUkb6VLKyLxnpLMjjx9LNbKSAiAF76krXeoFs8TvVN9c\n5DT7MgHKQxUL5CAvRvzRkGbuHQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBvzCCAWSgAwIBAgIUHh8jf/2f++A9GwNHoxzxD84W8v0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEUd5htj3aGOvvHVI9ZPiDjxrgLXJUDmIL7FM0JJc4\nI0CdYlHgEoWJB/mNw98ZOUnQ7IszwjlXFILFnhcBh5Mp5qOBhzCBhDAdBgNVHQ4E\nFgQUZZmKkbMp+d52VNa62N0C54dXtoYwHwYDVR0jBBgwFoAUBaSdUOjkORu7/+tc\nndKRnbIrZbEwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhh\nbXBsZS5jb20wEgYLKwYBBAGDszqFGgEBAf8EADAKBggqhkjOPQQDAgNJADBGAiEA\noLr2QLe9e26lcPPiGzKatJokbKrhSR8pyFO5ls14jNUCIQDpnB5w4ALqAlc0x8Zr\nx3vyc6WcLN78/N9xNnzwEyS7Eg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBvjCCAWSgAwIBAgIUOj+UcmQnh15O9VsUOnr5Ne4CHREwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEVsuPMqjdEmG4CNpsthHCT5QLxH7fo1CTlOtWM4oy\nshGJMKJxYCbj9LW6AE322GQ38KvmXwPsjIw/W88sMuzuj6OBhzCBhDAdBgNVHQ4E\nFgQUlnUPnQEHk5yJfnq3e7oytbaN3P4wHwYDVR0jBBgwFoAUdDsr9CI5NM+DdfJm\nqov2QHy43lEwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhh\nbXBsZS5jb20wEgYLKwYBBAGDszqFGgEBAf8EADAKBggqhkjOPQQDAgNIADBFAiEA\n0gfslBc1U/GvgfVmVdo/NPQJGxmYLVuOcxd6p+FzHOsCIENJVsjsVzoR6J3Z5Rei\nI94oPa9SpfGVITBW7FFiYaQf\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -239,10 +239,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root has an extension, 1.3.6.1.4.1.55738.666.1, that no implementation\nshould recognize. As this unrecognized extension is marked as critical, a\nchain should not be built with this root.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIURaaMVV3Lx+jCoiDOq7o46gkiDwwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQFYqdvqaXd5LqrGmyLhO7SByoSBaSsPkh6LMSc\nijm00OalahHS/zEplUVilqQdNTOLkhneUaqFrtIfahNnKTEwo2swaTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUzL+rdIkz2q1SVnWaG6uC76u1m+0wEgYLKwYBBAGDszqFGgEBAf8E\nADAKBggqhkjOPQQDAgNIADBFAiEAzD3TpBMn75/awgri/5jAfLYqHtgN625DE2T2\noZr2bewCIAdNdUy1IY8XqztewMhsCKaDlSqSevy2APqa904V1S31\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUGTMejRVlCwNZlhOwBNzig0YmQuIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARkhId5Bz4Te2b4AjlN2qTz97APNLSwYWlxTcNa\n972DPKE1PgFh5/RvOXwJK9+braIhiGF3r1zPGFaX3087x0Bho2swaTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU7y6qMiSzfwzVtitH+Nd9fHrNjjowEgYLKwYBBAGDszqFGgEBAf8E\nADAKBggqhkjOPQQDAgNIADBFAiEAtyWITotfbBcgCrtiUT2AJb1BjMDeok6E1cUu\ngJWfK1ACICF1WEtl8cZ9HJCnFnG/Ga96PQsJjhtny8n55dbneuEQ\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUUHid0elxnf6VtqcZLS0+h/+pbgYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEzLgvSlzlPJLQPZvmXnMUvcd6pvASGYCju3i6y8Po\n/bfcXzF0TyEH5iyrI3k76uBoBCtQ/C5MG/8d/60nO8RUdKNyMHAwHQYDVR0OBBYE\nFKqz+JuhHFyg+rXmfMq9xHTetrAVMB8GA1UdIwQYMBaAFMy/q3SJM9qtUlZ1mhur\ngu+rtZvtMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIGz4kPNpuRhbBYfAVk8f/bOmrPbD3h77\nYiskRRWgRJlLAiEA1SBSxCid1ZpUBMEwxwQZhjRmoiboiUsOAjF06cGaMpg=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU6gAwIBAgIUFp0et3Dpqu7D71OhpBgFZUueGlUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEdo8KnmSFqxQNbWMmg8ku3vwnvrls3AbqdOTFqPt0\nTg/56+BpttKKxicou6MAvB+FIkzIXcKLLHvzOySe/CwkPKNyMHAwHQYDVR0OBBYE\nFItNKANL6fSjJawZgprJiyPHlA24MB8GA1UdIwQYMBaAFO8uqjIks38M1bYrR/jX\nfXx6zY46MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIGnnhWTbBrdQjTbu8KGcIrr/YEkfwSoT\nI/AAhGftC0uBAiAfhgrrKlhg/UcVV3CfqWvJaq4BI7DGkSeA1enbbnLd/w==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -260,12 +260,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate (pathlen:0) -> EE\n```\n\nThe intermediate has an extension, 1.3.6.1.4.1.55738.666.1, that no implementation\nshould recognize. As this unrecognized extension is marked as critical, a\nchain should not be built with this intermediate.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUJ3/wC5d0zQz++v2A22atd8fQp4kwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASvA3/FWZyCpp27HQIs5GIOa2CRF3DBlHthjfRt\nXRezcZLYzBa9nMCq+yeLQVa3KLSlRAWKqRP+iWagfjkemdtso1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUqx2M0eg111boqQ1FDkpdIrZvMFswCgYIKoZIzj0EAwIDSQAwRgIh\nAPjl+bnWnVIehSd5cKNfVA41w5rQQn0sG0ZmOYbUgOb+AiEA4LrDCv8bX/W0QeQu\nrJtFzF9LEP+4x7v6xZNHrp226J8=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUD3BfTVou7h0fr2lGIgs9HV584t0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASAHf3ASB1LYsFTLb1roA6DJ644aia+I1aSddsK\nwsTpBfScvBOF+W4KapGCD1TqKuEea5DHmscp0rD5W6v4yt2bo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUG+CyYlXdtZ24iH7hxP0XywJYJMkwCgYIKoZIzj0EAwIDSAAwRQIh\nAIJYaur2UTiTPR9TFCoWYOce5Gr22hp+PrCYqPkCUHPIAiBlEoWX6BnMrJicNa+U\nmVeJ32PpAtZNRqfGkYKJn8Ltng==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICFjCCAbygAwIBAgIUeecieCE1i+eMz7sa7oc9nFBY0xQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDAyMjU1MDM3NDU1OTUzOTI2ODE4OTYz\nMTc1OTE5NDk5ODA0NjMyMzc2MjExMzExNDUxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBGQ7/9VnJruwDF8l7EFAouPmiCGBVUPPsu6pv40dskFPqlQvFAt2tAt/tdaTOOlc\nrz38/xiwrKrbDH7368TeXF6jgZAwgY0wEgYDVR0TAQH/BAgwBgEB/wIBADALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUqx2M\n0eg111boqQ1FDkpdIrZvMFswHQYDVR0OBBYEFCuzSoiwu065ZWHyqfNXFI1XEeTo\nMBIGCysGAQQBg7M6hRoBAQH/BAAwCgYIKoZIzj0EAwIDSAAwRQIgE+RJ3f9rxtLP\nV/Z+TBI0b6F9T3Ees6eHOntn4Zh1UmMCIQDUZy3kN2HifHODRhalTCwYhqhYdfCO\ngnIsSM9Osn437w==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICFDCCAbugAwIBAgIUCoaQBPdBjHWOx7BTMPVxy5qaOvswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBmMTgwNgYDVQQLDC84ODE0MDg0NzAxMzM3Mjk4NzU4ODA4\nNTc4MTY3MjM4NTczMDc2MjQ4NTA2NDQxMzEqMCgGA1UEAwwheDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n8DVp6Jn+G1Xe7kZttgfLsl0CxKo0NJDoekCi4fjX2FAQ7or20lTYlUcm1mzonNZe\nt1Pry3ea1hmSmMGdz6qiU6OBkDCBjTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1Ud\nDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQb4LJi\nVd21nbiIfuHE/RfLAlgkyTAdBgNVHQ4EFgQUu85tC9/2vR/o9FYQpiBzkp5BGi0w\nEgYLKwYBBAGDszqFGgEBAf8EADAKBggqhkjOPQQDAgNHADBEAiBaJnn8pb0M+3vZ\n6mDa3lSm380mUKew8e3VGwOnQPnZQgIgOKAbTqjip0FLMA29CYAuu1QRo2RZeh8p\nxfP6YWTWd6o=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9TCCAZugAwIBAgIUZxx1Mh69rCx1fusKGH8QFlKqXMwwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMjI1NTAzNzQ1NTk1MzkyNjgxODk2MzE3NTkxOTQ5OTgwNDYz\nMjM3NjIxMTMxMTQ1MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARS\n4/i3yAe5XLXBBNS4q84RPEh4agtUJ4TAHnP1l0VlmPxlM/HWko/uwyzhptEMbeuL\n2Hkok/zx46kicDUABNPUo3IwcDAdBgNVHQ4EFgQU8VGwgh6mgeDz+nOl1JFOtMsf\n44owHwYDVR0jBBgwFoAUK7NKiLC7TrllYfKp81cUjVcR5OgwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSAAwRQIhAIJZTRjktvcONtvp8pcGF0lHeF1A519q3nf0AxQBtEHvAiA3NaH/Ugaj\nbFDEDGZ2EM35p7ZzWkIj28OjW5v8ISM6Mg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB8zCCAZqgAwIBAgIUTAnI20mloLWA2bCYeP6qF8OylKwwCgYIKoZIzj0EAwIw\nZjE4MDYGA1UECwwvODgxNDA4NDcwMTMzNzI5ODc1ODgwODU3ODE2NzIzODU3MzA3\nNjI0ODUwNjQ0MTMxKjAoBgNVBAMMIXg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tMDAgFw03MDAxMDExMDAwMDBaGA8yOTY5MDUwMzEwMDAwMFowGDEWMBQG\nA1UEAwwNeDUwOS1saW1iby1lZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDIF\nQxKAk6YNHXt3LEben2ZJ7xMgiOeKPZ0lKikIEmXuf9CciK7CXKnDYQles3osspl8\nh3T2N5pgckxO/po3DtWjcjBwMB0GA1UdDgQWBBSmmlVJW82mB+Q12ksl6I1l2UYA\nuTAfBgNVHSMEGDAWgBS7zm0L3/a9H+j0VhCmIHOSnkEaLTAJBgNVHRMEAjAAMAsG\nA1UdDwQEAwIHgDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNH\nADBEAiBOgnU3Q6JlUttRCIjzvw0cI/eqgRwAp0uIn6Md/G5qcAIgZn32hKUWNZSx\ncofSFLElHEyHjaT8OpD3hym4lHXNgKs=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -283,10 +283,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert has an AKI extension marked as critical, which is disallowed\nunder the [RFC 5280 profile]:\n\n> Conforming CAs MUST mark this extension as non-critical.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUJbO+zM0t7VDSaDtZAr4r40PxtTAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARixKqcHoW2P3LcvhpVtDW/KjYv86RZhntveJit\nazcAe5TKk8jzE6VezY1DyyhnSlHjUjQAfgCuAuuCRG8rY10Xo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAi\nBgNVHSMBAf8EGDAWgBSSPbyCr1YnfoK2e1jVlHx6eS87SjAdBgNVHQ4EFgQUkj28\ngq9WJ36CtntY1ZR8enkvO0owCgYIKoZIzj0EAwIDSQAwRgIhAJ/EXMpBlYdV27Fd\nEZVib81Jlwlt50LrOHVpuyzrpijFAiEAle0zLEzAIM1+apwQPg2aV5xD85TMTYjQ\nC7lBIGszEwU=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUL2YY8j8x0Vr6kLVAvIVh0xyIBNcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQK0PVC9qNyqK0NuWrkTIEt19/9wT4++UKGgH9L\nfKYlC41vu967gsqkaIIFEdnPedcEsj9uc1CpXlcwFDaTXA0no3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAi\nBgNVHSMBAf8EGDAWgBQIB214FwKVaHvIZ6JcraKPEDAWBjAdBgNVHQ4EFgQUCAdt\neBcClWh7yGeiXK2ijxAwFgYwCgYIKoZIzj0EAwIDSAAwRQIgdQ0afti9LHUqLWlW\nQXw2/r/siNW3HD+VUZidqUMNZ5oCIQCWBrL7MQ4hmxitBEjnfF09h8A1wAE2OkcZ\nI1QMBPuqvQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU6gAwIBAgIUKZ9CUEL2O/zH/+Q0Ydxfw4FJbtQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEcgxBpawnDymuYJ3inJTwDgzKpRnytQMPf5MRSsAo\nO36ynicZKknB0d2xBT4meFWL5FkbugjUdifyz1MVfmQKiKNyMHAwHQYDVR0OBBYE\nFABaM2i9j/JBsknZWioKBBXwI08jMB8GA1UdIwQYMBaAFJI9vIKvVid+grZ7WNWU\nfHp5LztKMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQD+jYuTvtlMx4B/9q/PDvEfzn/4PI3r\nSlCI/XeATaFN6AIhAKnrIFapUcuTUA79lvW3TDlvN5n6/1ynYPVCEoCzhsqP\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU6gAwIBAgIUNKd40r7yZT0QQr+AuMpDyJ8+VrIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEBW7XwPGLDFwd/IMwjhcfftJ1QP+eLBJOFlZ/Dv6G\n9E/0HyfpgESE1DyTn4dzDrzCuc3ZGQ+L7BVu0w7egZtH26NyMHAwHQYDVR0OBBYE\nFC28y212K1DPU44LfXmB7A82oRORMB8GA1UdIwQYMBaAFAgHbXgXApVoe8hnolyt\noo8QMBYGMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDd1KszcM0qnBrJXV6n6IN6qW5gfOas\n+62LsHMtEIrXFwIhAKxobPDa8VnDYsDl8YhBMypbUCfyOTmVt3lofrdv6tEg\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -304,10 +304,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert is missing the AKI extension, which is ordinarily forbidden\nunder the [RFC 5280 profile] **unless** the certificate is self-signed,\nwhich this root is:\n\n> The keyIdentifier field of the authorityKeyIdentifier extension MUST\n> be included in all certificates generated by conforming CAs to\n> facilitate certification path construction. There is one exception;\n> where a CA distributes its public key in the form of a \"self-signed\"\n> certificate, the authority key identifier MAY be omitted.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUBnELOrf8IGgws0h/VwEPFIkUHKkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR6fNFoeBS8RA6pu7H1bmgmEpN+9fHnPy7tvG4O\nYViPynYwNYynwBWtDneWrl3y0ot6FcpnrriB1pPYFbl8O6ySo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUi6PHj2yljaXjE9N/1EWqIGLp4PQwCgYIKoZIzj0EAwIDSAAwRQIg\nDFemD0UyRYshSLQxGx0+0jOAwOdraj9hYkRd/CHBgnICIQDOVmIWC3C1ylHDC/Xb\nGSB4JghcFXws4PhkKzVAFst4iQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUZXd2G2PMHewZAI1To6T7/zwdPsgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARnt0FppObHHzAAcREGELDqblxxuRZvnW4u2Xei\nuVT1BovGHxVAMcUJw2YCTMCzKYRZQrQAA7R0t1G/MqJkywCIo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUVdB7Rt4LD75qdlABE93NyqScvSEwCgYIKoZIzj0EAwIDSAAwRQIg\naHuwOY1Dw8Hfcw7cbc4U+qy4H9N299SBXqIfaRZIRoICIQDyw9zddBwTiPW8rAf9\nnF+0XJVTQ1tdxS/BgYJeotF78w==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUU0hjnRpGyN3TafgLM06MHfP5zv0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEmMrRUaUbl9FcbFBpBDKFbDqyFnGhKu5FjHOJFf4x\nQ1t+342zGxMu5ttjMJ3ZH0TLBuRnYdNZF9YUxXoULrQHdaNyMHAwHQYDVR0OBBYE\nFFHpZywcpuwW6zmuzvOG13XcAx+IMB8GA1UdIwQYMBaAFIujx49spY2l4xPTf9RF\nqiBi6eD0MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIBAAtbvMBW4rWQUdjixPx3OcNv6byaQD\nj5juoAGUSsHKAiEA1vnSZ8i3T3VzbKdb8JePc8U3JkLibeb10PSKEzPZisU=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU6gAwIBAgIUWG+4+8uNhe61Dcdcfp58ho9GHDwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEItLcVV03dU4XV0aP0XBPBnHTdcZtnRd+17YN2IKg\nOBwjrtVHNnQse0fS0OUrUJ9FRK0IXlfs/aKYhmGFPpx4qaNyMHAwHQYDVR0OBBYE\nFMKMNCnHVNBGaOkzruNvnT7tEKx1MB8GA1UdIwQYMBaAFFXQe0beCw++anZQARPd\nzcqknL0hMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDRwUQYe6NNaB0wZjZzgS6lB79swyTs\nJVDy5BCyNCdHjgIhAMZOOjwPEsH6b8/yRub2+D334qxAGVJ1QAWof6Fq1rSy\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -325,10 +325,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root is cross signed by another root but missing the AKI extension,\nwhich is ambiguous but potentially disallowed under the [RFC 5280 profile].\n\n> The keyIdentifier field of the authorityKeyIdentifier extension MUST\n> be included in all certificates generated by conforming CAs to\n> facilitate certification path construction.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIB3zCCAYWgAwIBAgIUbPKztw6cyCpJMi6Kee2PMHhODC0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDAyODQwMjM1OTgyNjM5NDg1MjA2Nzk3\nODc0MTI4ODAwODY4Mjc1MTI4ODQ5MTAwMjAxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBJxXjWWY4XpkzDzc/S7x5iAnbW1apmVrYerv9XIBpMBP2AGP4WhpUnw4WIwT0UiR\nhcPKOeCWfLRj7oWogZ62KUyjWjBYMBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBTaLgc30WmQ\nWoyBh04hkU8M3JeJwDAKBggqhkjOPQQDAgNIADBFAiEA6AYhPdRUOqck4p/Eywgf\nkMCO8zJ5s0oJJSy5ajHhJ4UCIGk3s0T8aupQOinvKyHshFCYUI7oujvOZJJiAXyA\nY5l9\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB3zCCAYWgAwIBAgIUSvEUDo/GnEiBHvSnifQmGhtr2h8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDA1ODE4MDE1OTQ1OTA0MDM5NTg4MTUx\nMTY3OTA3ODM3NDQ3NzIxMzA3Mzg2MzA2OTQxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBB2rheT680Mtu3sOwgki7rIkG7JdULA/iTgC4FuYXjla9mUecTRddDzoxe/IRc0f\nnD9nfxDl+bGbR5mwCtsbuxWjWjBYMBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBQnmotcKMlX\nrkLW8QGJ7F0TtJUr9DAKBggqhkjOPQQDAgNIADBFAiEA+mBomEvyGTYjjj0vqvc4\nPwXnsOu98pV3bdQ9iFmCKrECIGizJYMhdTxCb4ZSaJQs9xmziIkT7xDofPHqwDCW\nSNWo\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9DCCAZugAwIBAgIUZcWsFIUPi+C699MmMhZDiWrZyswwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMjg0MDIzNTk4MjYzOTQ4NTIwNjc5Nzg3NDEyODgwMDg2ODI3\nNTEyODg0OTEwMDIwMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARI\nQMe5pF2QJR9jxroASmIZSO3n7UL9o9ah67IiemZ1ySeeo12MK4CRbHWEkXOezouS\n+PdX+OFle/NiR6QQCCTro3IwcDAdBgNVHQ4EFgQUk6IIujpV13Qlawy+o7v1DFvH\nERwwHwYDVR0jBBgwFoAU2i4HN9FpkFqMgYdOIZFPDNyXicAwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nRwAwRAIgRxhJU6R2wDArYy6Mp8fOwE8tACtBN3y8j2tSeqBrXQoCID++4f8l6NKt\nG+6dRS1i8zmaxXE2/2xcvk+gki8o8q3X\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9jCCAZugAwIBAgIUAld6ve1EatjvjX7yAeEn9R0XOiAwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTgxODAxNTk0NTkwNDAzOTU4ODE1MTE2NzkwNzgzNzQ0Nzcy\nMTMwNzM4NjMwNjk0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASF\njdHztuw3dKQhfoa85GdQc88nr1cDX+zW5eZszEnd/RN8L6mPHNxzKjcG7xi9sd3Z\ngAunK28ZbidQkA/ZZ+qYo3IwcDAdBgNVHQ4EFgQUVNiYUZK/ZrYA0foUt/dQaavg\n7aYwHwYDVR0jBBgwFoAUJ5qLXCjJV65C1vEBiexdE7SVK/QwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSQAwRgIhAODNNSysOMCoLtQl0gDaWljM9GWJRZBrGM1AfMWCxYuuAiEAkFbPSV+7\n+AvVnI5UnSf86xJwXnWm0R411JcJopcFycU=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -346,12 +346,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> EE\n```\n\nThe intermediate is signed by the root but missing the AKI extension, which\nis forbidden under the [RFC 5280 profile].\n\n> The keyIdentifier field of the authorityKeyIdentifier extension MUST\n> be included in all certificates generated by conforming CAs to\n> facilitate certification path construction.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIULWA65+u7HrAA9/FktLq670ciBQowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQPF+RcnEv7Xvp8XNkyMOYC/nqnO1gPSZIK3M5W\nqvvouoxYpCJoei1PtBEBJRfwLnlFx+nzsVbGBI52CGRtW9fKo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUbjg7wEg43Tvfx7H4IiFZIUEdZJwwCgYIKoZIzj0EAwIDRwAwRAIg\nHWEzSeDzYAw2Pc85McWGwL2GF2clKNPn5pyDbJUqelwCIDuGgL6iNHvkY2XHttiH\nM6BKTyPIY5F8Rtom63VwKtrQ\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUSaaShEjzk/fP5m+p95Y1rkmQMnwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT2MYrmXQRsmWDLJ7ENp1G7sWSk2ti2v1UYc5VP\nBnoitlR82XOm38XyzXvsOVMWa/vy/er9rkWkior+o4exPSTCo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUaD2smuTnNdPn0aHv1QktovY28eUwCgYIKoZIzj0EAwIDSQAwRgIh\nAJiqQcJIRMaVkRZOwH/syiNwK1obS95yT9sSQJ1uWqcHAiEAmanrVYAI5x6OScuX\nlFC0Rfats2DNpWwLvFTNUCCoSiY=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB3zCCAYWgAwIBAgIUM1JerjgrQCeUIfSLXn1DkwIYv5QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDAyNTkwNTA1ODc2NTcyODI2ODAxODE5\nMTUxNjcyNjU4MTkzNDY5MTgwMDA2OTA0NDIxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBGhj+bpw3Wfyg2G5OBRWt/agTwZLXKofA904lcVyMywRnWI/fQ0nXuvjW+pxl3Gd\nmNU4Z/6A19tRsGTgdKY8poOjWjBYMBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBTdx0Z/Ch1D\n32JETZzx12/qXrbAmzAKBggqhkjOPQQDAgNIADBFAiEApMDRllx9uRu5UoQKyyib\nmZK4xxpehauA9ErEAs7+YrECIBuu6EG86a98bipa28SxUUjlA3eQ7eEfkYe62QEe\n3SrR\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB3jCCAYWgAwIBAgIUGq4g8WiwyxciX8Mjr4+VT4QFLSAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDA0MjA0NzEwMTMzODEwODM5ODQyNTE0\nNDk3Nzc2Mzg0ODgxMzAzMTU2MDQ3MzQ1ODgxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBMgzrgxouPh7Ijmn6iXJQLizyqFOuc9XI7tmHycT03BABmFHIkd5qGu6nxuFMs7k\n8eQcWiarCE4Jbj6N0ef65sajWjBYMBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBQiNkClPOEt\nSq0Yrjs5FeNKHx1sKTAKBggqhkjOPQQDAgNHADBEAiB9u3s6p5YrowowI+kbA4W8\n837nGopG0kUOGJOFBVrIhwIgGej82zGG0CI+1rNd2mOK3uzTn4blKx+zlaGhZ+6A\nwCY=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9TCCAZugAwIBAgIUF5gTYCg0sESPRgqtOnSs4CRM8VkwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMjU5MDUwNTg3NjU3MjgyNjgwMTgxOTE1MTY3MjY1ODE5MzQ2\nOTE4MDAwNjkwNDQyMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQp\nfE8sggILh6w2ICI0Ze/0JriRz+7wROJXJ/Nj4qgTLTfMEPmIbfkOiHHDBc3gGvY2\nCH6gQ6hqUaoL6BpELjCmo3IwcDAdBgNVHQ4EFgQUn6I2ysVpZ7V+JmN+TQf/TxGQ\ntYEwHwYDVR0jBBgwFoAU3cdGfwodQ99iRE2c8ddv6l62wJswCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSAAwRQIhAMe6fTyYvbHVRdm00+ewNXHm3917oKdV0H8DoZBl4NLqAiA+F7JOv2w2\nk0OMlbOEolqBasqg/VflQ4Lmtl2vYMSF8A==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9jCCAZugAwIBAgIUO794rcJxY89fy8OuabMEQMqXF9UwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDIwNDcxMDEzMzgxMDgzOTg0MjUxNDQ5Nzc3NjM4NDg4MTMw\nMzE1NjA0NzM0NTg4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ6\naMZTNrPo2VpHqukcnCDPAg2RC1Wzg2P1lW5HUVZqFxLUSAIetUPf5a/gnTkE5sD7\nHZFISR6x9Z6oZASruXido3IwcDAdBgNVHQ4EFgQUFZrbt+b1aNRV1rRrQFGfreSH\n4aEwHwYDVR0jBBgwFoAUIjZApTzhLUqtGK47ORXjSh8dbCkwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSQAwRgIhALFl990dXyWXs0q+Q4PYmWbv1orCB2wlJhNKCps5cqUvAiEAnBwMi4XN\n8f08cSDndTM+EoNfeoqBnwKX17zDYXLzJvM=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -369,10 +369,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert is signed by the root but missing the AKI extension, which is\nforbidden under the [RFC 5280 profile].\n\n> The keyIdentifier field of the authorityKeyIdentifier extension MUST\n> be included in all certificates generated by conforming CAs to\n> facilitate certification path construction.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUM5oVsH7jhF4eiEUp3EHkDUPp6mMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASOQYmhvSU2VV4vqUnT95GdANv6/u6wY3WFW2UN\nQKpGmDK3yys3iGnzVFKR4Fg8pMJMDLfbX5BPsgyIh38MtC39o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUeQe1Kv8ZWRsj7Nhp8vIGZS8t0CUwCgYIKoZIzj0EAwIDSQAwRgIh\nAMYPHAt4xoXVnwsfK7aALhCIJDNY7zTv8pR9zg9bsLegAiEA19npigLBdAlQtkv7\n4Q04W/75dokwmaOVJP9SIw98M9k=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUKdW5/JOb8ajt4iT5nlfuLSAVqZ8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARmDcNctLiElRYPhLTpamSwcZjxFR2n33dPA2z1\nEG8xOI9Fj+BTa4hWQc7W576rW+oXuXDSL31LJJbjx+60g3GVo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUwJPPa20CfiUbXCxSoIZfNVcVCZ8wCgYIKoZIzj0EAwIDRwAwRAIg\nbXdY7rr0S8fQ0YQkXTCLCo8U5kRhyJJaqi5hoPo7WKQCIFC46Ev2kqCc4fJI+Zgz\nHKv66vGgAdyhfhSUK++5hI4d\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBhzCCAS2gAwIBAgIUcUs+IB/BuT8TCT3C2tdqH5j9AIIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAE4MUKxbOTcOcflk2HNvZy56gauge/gTXmGmn0S79y\nz4mW9FVyaJiDdMrLGObKsgPxcULWmmxHeml1w0l3ezDMK6NRME8wHQYDVR0OBBYE\nFCiDxlsqwLWW1XF7xuwmGSCPaMM0MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYG\nA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQD6rbfc+Go/\nEPFU+kVytFocZl5P2mSI+5hmdz4x9d95GwIgP+Q9EVwBg/SfWT0x9nrXhXNaFEYt\n1JP1jEPqHvml78Y=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBhzCCAS2gAwIBAgIUW+3lZ8YrNOI+xPkK0mxeDmAKwMwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEA5rAs7Etc4sjJME1b+gY5f2nRAgXPjbUIPnFoFBR\nQATYwtFYLW7zCFrXQk2lqDdnyKearHNJKing2j0H00wSRaNRME8wHQYDVR0OBBYE\nFEkG1QCCDONuEd3VANKO2F7ZLqtPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYG\nA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQCrrcjTyNrD\nirZByEgxBbD91ar/RwsE2itcKZeqpbHE1AIgOD19RD8247/UnWgDWFq3tZTMlBoV\nJGfhjKqi6ujXnpk=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -390,10 +390,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert has an SKI extension marked as critical, which is disallowed\nunder the [RFC 5280 profile].\n\n> Conforming CAs MUST mark this extension as non-critical.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkjCCATigAwIBAgIULxLunVjfofagSD0vwsoo8Ywoob0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATSqEYZDzefd1HriEX1BM7gKUzyH+r6W0oZP9vv\nNJ5lqU0+QlGMyqhyB7CSm20gRFkUHAfYRGN+zgLUCwjjX02fo1owWDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAg\nBgNVHQ4BAf8EFgQUxqbQdWfB+wB9dXKxGP0QKiYkviIwCgYIKoZIzj0EAwIDSAAw\nRQIhAKt0wmrjYpIz90yLVHlUi/4vxHoNlEJpHTS2H5nUUakyAiBScer/6wSyXuud\nVY61Y5rnqpga1lMKttl/t71OXlFdxg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkzCCATigAwIBAgIUQDIiBqM9rJpgfSO1IjhkO2a5X4cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARSLbLUf9wuFPEeHY8C+JbE1Mn1ZYTu8QGUcAjy\nyaRsX1JKkbzjUNStHAN8fjByGKnSZB1Fo7wCqG0ltxXluzpUo1owWDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAg\nBgNVHQ4BAf8EFgQUB4T7QeRiNGeMn2QmDbFXspJDNVUwCgYIKoZIzj0EAwIDSQAw\nRgIhAPfC+edAUJTjjbzn/IIJ9OtcLVUnU9r+FlvF6XRffKvCAiEAuiOATo5Lb99W\n6NdJlcLMSnrWD/C9sJB9t5wZLEWl8So=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUKC1So0Ps2wIgcgPjFAu/C23o7WUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAE3pNvKfGM9Qb6F7pC4qmi+DgKSkLMfvw++ihKRPfQ\nD1mTDxjrlNafqGgvpjDYXdwdiZtjijLanY5InBa6f6H+MaNyMHAwHQYDVR0OBBYE\nFFz1lNtS/168jhAuDhPaiZk8hnoFMB8GA1UdIwQYMBaAFJxOKVnbj6J2hftA6JzI\nO7HsoN7qMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQCAMXlijSmHnBYEcxyGjW70jI1+SPjI\n/Use19+SLcUqWQIgJmNZK2eLzVb8FbZyIgpAriR2xq1KPm25lec5rIWzceE=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUdxTWJGeqTXr8mVEexq4DyjHv3s4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEbqCv00mrigUDH1aPARw9Qjghvq32s9UfYeFMLQ3E\n0DxXdJKML36EN9XgIXXxXnfrk8cnG60Fq2YLcYf/kCncT6NyMHAwHQYDVR0OBBYE\nFF5wMe1Tca/w+NDTOOQZAllu9OT/MB8GA1UdIwQYMBaAFMY6rm6WzfoOpJ8fBIvZ\nfQVKEGBjMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQDV0ZItEBqJjG41CYu0fL/tD20rWBw4\nAVxF9VJmvh+lpQIgIiK93Vs5NYsc2pwv41eUaBRvV6RPhSdMjp57NmkdWpo=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -411,10 +411,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert is missing the SKI extension, which is disallowed under the\n[RFC 5280 profile].\n\n> To facilitate certification path construction, this extension MUST\n> appear in all conforming CA certificates, that is, all certificates\n> including the basic constraints extension (Section 4.2.1.9) where the\n> value of cA is TRUE.\n\nNote: for roots, the SKI should be the same value as the AKI, therefore,\nthis extension isn't strictly necessary, although required by the RFC.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBcDCCARagAwIBAgIUNrraMAvSKTejM0kej9r5RkX0uTcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQTH1x+QyR26iDJekbsr7l3p5AhYkbNQvn3mFTm\nrkRlK7k9oD1Zd6pieCAWZo5gP1ftKnjmwrY1VbERVTzxomKRozgwNjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiA7Lr2ueAFx8JiQ1mKnM14c8H56nutNq+/kUQq9XkBw\nngIhAObyCTHvoSHFtA3oEimBfXrfK6WEitkR9l7AcJRLlAH4\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBcDCCARagAwIBAgIUGqfcmYhXA5fWFpfaOaZu97m4KIwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATB793JYyGkMvX/S3DEukdgxupK3Z4oxX8p/djA\n6zmfu/07R3iLKoB7VtVBEWo0D/aHyjMmDzvfFImQBRaARu9AozgwNjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiAHufJq4IgzAtW98Hb8JMsCKhMM4N5CtRWUr7de1kNy\nJQIhAP/+hZk8rxD9g94udEMfQkycH6qQj+KvLal2zCjaSHbV\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU6gAwIBAgIUQXms/S5fzl0nucYB57UDI8p0OBkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAErMV0dmJ7Ca4PUmshSAaMZeCnIexchj80fNhnDgh+\ns4i/UTR/IzCx9N7a235QdS3zSHZZJmQoCBsGr0J6IAg2SaNyMHAwHQYDVR0OBBYE\nFG0JD0B/AofOHhK3ZY7+Gknl9tyyMB8GA1UdIwQYMBaAFG0+6hiAxyy0GmRGei00\n8C4KGUsqMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDoV2UT//c3zzL2oz2tqLmPLuj9bznx\n1J5R2VJcnS1qrAIhAMCK6qdeCEdaBXFuRz+xJHc5oD6LJL0M34Yyyfw/O/8y\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU6gAwIBAgIUOys+jO1xQZTxtE5rbF53kM/tP/IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAENXJqEH20jhiJ/F4kMNHdJ+JruX0Nj5NJ8tXoT5QZ\nBSGOGYjrLtwezx5d12be2A9JjYK11eAN5PImTwHQPNCyq6NyMHAwHQYDVR0OBBYE\nFIBgGF6BZnpU9TpwJynBZ3VwWb53MB8GA1UdIwQYMBaAFB/ACKEsIVpvWLdoTChR\nZzldu7FYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIAEdsAB7BUON1d+7PJhdbwNfbi+uSF5Q\n0qYGSk1QpYizAiAkijTGiGNLqgV1D6r/GhBiA/5llRGRixvi4AE0/6G5SQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -432,13 +432,13 @@ "description": "Produces the following chain:\n\n```\nroot 2 -> intermediate (expired) -> root -> EE\n```\n\nBoth roots are trusted. A chain should be built successfully, disregarding\nthe expired intermediate certificate and the second root. This scenario is\nknown as the \"chain of pain\"; for further reference, see\nhttps://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUZZOa3QVDeYbdkGwiFjxtiQnpjHMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS6C0X0sOHtRFHCjZqFft7roZu3PwRogIKyiYo6\n+RIfwrMUy111aXG6o6Sdz4a1eamoF80GvXL6xMPecXC3el5yo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU2zpJV/iFU+9L3Ni1jo8aeu3SZw0wCgYIKoZIzj0EAwIDRwAwRAIg\nCCv121oGNs2l8iSnos83XWrd95PyzvrWxCV6HzKt/gICIAJtqHvEzyqRg0Xgx8hi\nsEK9xs+89tDjiUPwB9RfSGev\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBlDCCATmgAwIBAgIUL5AkmtEal7Kbke16pydpyHwmQZ0wCgYIKoZIzj0EAwIw\nHDEaMBgGA1UEAwwReDUwOS1saW1iby1yb290LTIwIBcNNzAwMTAxMTAwMDAwWhgP\nMjk2OTA1MDMxMDAwMDBaMBwxGjAYBgNVBAMMEXg1MDktbGltYm8tcm9vdC0yMFkw\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEe3OcleQKf4P3jLx7oMO3G5UCgK65u+QU\n6NfvEg4Q7fiC6IbXyd6Fw/kYMTHm4IqjftoH1E/D1j8gjXQJ6xsPrqNXMFUwDwYD\nVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5j\nb20wHQYDVR0OBBYEFGr1SzwkwFDcnHEW+vXIKaxgCvMaMAoGCCqGSM49BAMCA0kA\nMEYCIQCendGLNgspagbUVPy/tIEwLpz1Lg/ynhkUwUvkEbvR1QIhANDZFa9p6nDe\nR/KRqWXV7mhs46KAnAS+Sa3AYa4kh+kd\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUYdOoxA1e/aB1UgJuDlYuvGf4EnQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQLMl+k/SPeUv4zJRJfW61UfFuE+jb4tk4JygfU\n8wk+1/KDXjuL9lemtV6+qvpJCqk+H8g32Ypln+wiKXUrDZl3o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUBQNIAj2Xz3sOZqwcKItBNBJ7z9kwCgYIKoZIzj0EAwIDSQAwRgIh\nAM+okTZ6prmzU9JwT96AWz6H/1A+3idA7eCtSEO5AV9pAiEAvvg5egjt5R+2nz0v\nbO9KXbkdi317CXQXwcjp/tus1P8=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBkjCCATmgAwIBAgIUFSMv0SfHE5xk/4QgTs4VwRYoYJ0wCgYIKoZIzj0EAwIw\nHDEaMBgGA1UEAwwReDUwOS1saW1iby1yb290LTIwIBcNNzAwMTAxMTAwMDAwWhgP\nMjk2OTA1MDMxMDAwMDBaMBwxGjAYBgNVBAMMEXg1MDktbGltYm8tcm9vdC0yMFkw\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGB4r0iBta5baqTipaG/jJU+tM+zMJoYJ\nQC1XKGR08dB5vLU0rP/Yn0xMvOlbTSLH0PbjzNMNT0x1caqUZqQ9WKNXMFUwDwYD\nVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5j\nb20wHQYDVR0OBBYEFPSOcfMt7Wzd3Q0U6/7RV1LTdW//MAoGCCqGSM49BAMCA0cA\nMEQCIGmbp2YbhduAnJDAw2d20be+B3PEGCxRHy5n0RsDqhaxAiBaegtDtwGNOyh/\nBzeqlCxOnEz+B7vbCiT+QZH9pmppbA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIUOotm2FJKd7P6Wt89vbwEWgo7rJkwCgYIKoZIzj0EAwIw\nHDEaMBgGA1UEAwwReDUwOS1saW1iby1yb290LTIwHhcNNzAwMTAxMTAwMDAwWhcN\nODgxMTI1MDAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS6C0X0sOHtRFHCjZqFft7roZu3PwRogIKyiYo6\n+RIfwrMUy111aXG6o6Sdz4a1eamoF80GvXL6xMPecXC3el5yo3sweTASBgNVHRMB\nAf8ECDAGAQH/AgEBMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNv\nbTAfBgNVHSMEGDAWgBRq9Us8JMBQ3JxxFvr1yCmsYArzGjAdBgNVHQ4EFgQU2zpJ\nV/iFU+9L3Ni1jo8aeu3SZw0wCgYIKoZIzj0EAwIDRwAwRAIgPAI5WRQcuxom9j9W\nfwXjhlGmrpN37ovXSLDhtIyjREwCICmVKn7QCTByheb9KLUFyrtvlmx5VjnzSbT8\nxat7nzxo\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUN+CxOPSIGZBbU3QN+kcyHKQy8sAwCgYIKoZIzj0EAwIw\nHDEaMBgGA1UEAwwReDUwOS1saW1iby1yb290LTIwHhcNNzAwMTAxMTAwMDAwWhcN\nODgxMTI1MDAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQLMl+k/SPeUv4zJRJfW61UfFuE+jb4tk4JygfU\n8wk+1/KDXjuL9lemtV6+qvpJCqk+H8g32Ypln+wiKXUrDZl3o3sweTASBgNVHRMB\nAf8ECDAGAQH/AgEBMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNv\nbTAfBgNVHSMEGDAWgBT0jnHzLe1s3d0NFOv+0VdS03Vv/zAdBgNVHQ4EFgQUBQNI\nAj2Xz3sOZqwcKItBNBJ7z9kwCgYIKoZIzj0EAwIDSAAwRQIhAKB/Jhar9t/NwIzW\nAIPnyuOlRCpIBY4IpbBNUOVSEMtLAiA70p73JCAwu/0lxO4/2rbVNKKRv8hEKLeD\nEJMy/8fY3w==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUKSQZ9D47QDg1xnC2Velddm7vBAswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEYQfSWz3GmVgrKYdkUHOojXMnFcqIwWjb+tbJaoIH\nGoCbmI2ttpkEwcihDVbDYniDLGFZ3nePR6aPSmG7fW67LKNyMHAwHQYDVR0OBBYE\nFOMeDT0qxGTUKZdOTfFt4EBxvEYqMB8GA1UdIwQYMBaAFNs6SVf4hVPvS9zYtY6P\nGnrt0mcNMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQC/o3IotABNG4Nv5nz2TSi8MKIYAUsa\nmeRe1ZuRbqOIngIgMVA60BouHb7faX22IjdY/B+qx85Rt8LUYDGHhoFqiwQ=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU6gAwIBAgIUQ6nvGHLG1k7AQS1d5XivaLjCT8AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEb1PGqanM/LPGG7683C7wI2ohpFmqzf8rf1vq/Y/7\ng6zHNmgCre/p+TC1igRqS6yYGOXPPkNccDfm15vLIz5nCKNyMHAwHQYDVR0OBBYE\nFEBIT5M1Fk4Nn4/nNVXFpSd1MLBaMB8GA1UdIwQYMBaAFAUDSAI9l897DmasHCiL\nQTQSe8/ZMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIDEZ3kX8U90TCvt/IXRy7BiAj+oY2zE+\nmEpZXJ8R7XhFAiAKSwu/o/Oj7qbwoDfm81KNpT1lK0Qbh/v5csr6cVTxGw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -456,13 +456,13 @@ "description": "Produces the following chain:\n\n```\nroot (untrusted) -> intermediate -> EE\n```\n\nThe root is not in the trusted set, thus no chain should be built.\nVerification can't be achieved without trusted certificates so we add an\nunrelated root CA to create a more realistic scenario.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBpDCCAUmgAwIBAgIUPYtzwpkLweQtYKcQX+MYb/P2e+8wCgYIKoZIzj0EAwIw\nJDEiMCAGA1UEAwwZeDUwOS1saW1iby11bnJlbGF0ZWQtcm9vdDAgFw03MDAxMDEx\nMDAwMDBaGA8yOTY5MDUwMzEwMDAwMFowJDEiMCAGA1UEAwwZeDUwOS1saW1iby11\nbnJlbGF0ZWQtcm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMV90HBPlWC/\nx+e9XWPRX7jeFUorUaTCRf9aXYN3ZYdcdM/BKJm3h9C7bbU8Mey5snAottyfc6Ib\nrScYkncG5KejVzBVMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1Ud\nEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBRbguJ/mZ9fRWAdOv/Kz9RPWC8Z\nODAKBggqhkjOPQQDAgNJADBGAiEAseUL6zrkY89X5iDt1sgzd01TVkA8hTulAjeW\naSiWvg4CIQCPe8j3xPOlfNWlNyD5/GHI9/wrF5b946HQfVfFrKMpWA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUDdW/CR6hlH9WnQm7+sBnd+Y1z90wCgYIKoZIzj0EAwIw\nJDEiMCAGA1UEAwwZeDUwOS1saW1iby11bnJlbGF0ZWQtcm9vdDAgFw03MDAxMDEx\nMDAwMDBaGA8yOTY5MDUwMzEwMDAwMFowJDEiMCAGA1UEAwwZeDUwOS1saW1iby11\nbnJlbGF0ZWQtcm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABO9272xHvqEe\nrdjkWV6TZy1+sUP2ucjjmSPBYWfq1Php1LiDbMg5THqUa4lENt6kcbIk6loO+78n\nDcBt6O2chG+jVzBVMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1Ud\nEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBS0ma9Lysj3BTfAwrhxVUVeDIaX\npTAKBggqhkjOPQQDAgNIADBFAiEAkBTX2TIQtao/zYMa2GenpwhLFREW6nKbLg2T\nnR7+njECICvy5A3R0kBUeizu+bdtHb6iEEryvItl555WZY0vbpsd\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUaTjMVaWsK0hp9MjSqrT2auL8WcQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQH/5TyulkqV6A2Zz+L4fNIRO6YO4DUS+rlOZkv\nrWJpJWGOcceK/EcYB/vp9RlIcUZ8ATOoUxB2z8IGQpnqcfHbo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUHMdHDpS2nRogc9TmzCMhGaC/3gEwCgYIKoZIzj0EAwIDSQAwRgIh\nAPxS1rR60zaFtssCRSVuHTBsMxiqwMPCBIVNYr4X7JnnAiEAqV9U3CH6FakLMnq6\n7kcXhClOE57ki/YEFPJw3Opfsq4=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUdtJC0mLD9yVrtb92YFJ2srXLj1wwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDA2MDA3MTA2NzI3MTgxNjg3MDQ1NTU1\nMDMwMzI3NzUxMzMxMTkyMzQyODM2OTA0MzYxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBMHuLE/TcpS7hE/rbL1QywbkuJA/cTze/N/mtup9jqTh8Cj2Q6Tf/tzgbspUMZPu\ngBChHRzyV+XCVidpfujKx4+jezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFBzHRw6U\ntp0aIHPU5swjIRmgv94BMB0GA1UdDgQWBBRaunm+m7/ztpslVyC7Be5FCVGZ9DAK\nBggqhkjOPQQDAgNJADBGAiEA9bOjMbW4UFVUEz/NsOjOuQQVAfc9ahF7L2SGY1kh\nbtICIQDXR2QiT3IGMWuTqH8DzxE8g2ez99B+5AP5B8LHIW/5+Q==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUE7rvcJYFjM+4z16+l9guu0lDJUAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATyzeq+vSnVuMG71nD1IrQQmAz8wfaEon7vVKNC\nEZCfP5dBpQqhHhAZZKKjSRBvTZ17UdtrWNMHDGK1CgLpc3Hoo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUBzFDbCErwshD958WsERYPSP8rxwwCgYIKoZIzj0EAwIDSQAwRgIh\nAJB7KXHxQ/TI2Shrirc7LBUcMFGUMEROin3ZHsct+j/1AiEA6G1s0rms49oFTnF5\nl/qlYmG7TkLiqAOg+hjptB9Na5M=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUFshDxv/5vikVAEchjzDqQXyzBD0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBnMTkwNwYDVQQLDDAxMTI2Mzk2MjEzOTk5NTU0NDk1NTU2\nMTE5NzE5MTcxNjIzNDA1ODQ1NzQzNjI5NDQxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBLtGPd1xLpFWm8/MUTl6r3Gyjo5HtAcpl2/vTuko2J8o13TtTvelc5YQq2OWNyFc\nP9rm5uw5Vw3r4cY+7wRYW/SjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFAcxQ2wh\nK8LIQ/efFrBEWD0j/K8cMB0GA1UdDgQWBBRpo4k9QCSer555gzOPXY8OoFIY4zAK\nBggqhkjOPQQDAgNIADBFAiBut1Vv1XvFnlYLIX/sXhoHmoH022ReEIqDSX5nsirJ\nFwIhAKu1RMTlp4jX6z5dpfdIy3lbmsQC5q7EIUYbUPZP/deJ\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9DCCAZugAwIBAgIUDhBcvLkaePm8ZjFRP9qxuIXzR+YwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNjAwNzEwNjcyNzE4MTY4NzA0NTU1NTAzMDMyNzc1MTMzMTE5\nMjM0MjgzNjkwNDM2MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQI\ndIfkA3D+Z1HJceG0wUWgH7GNiGij7w821M+PVUClbicjwKCagqxCrIE8Q6OmSWUi\neh1+QD2cFLiy+YLK14Doo3IwcDAdBgNVHQ4EFgQU9Sm4QuDChcRW/LdDKmbz/xKl\nZe8wHwYDVR0jBBgwFoAUWrp5vpu/87abJVcguwXuRQlRmfQwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nRwAwRAIgf0qA0b2BmrNf/n4K/qS/owB+yOYowHGkFBe6dp63S+8CIHs2BLvbMug0\nP/Im2Oi0wx3cCUvVUBd8Z3urlGFxD2e2\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9TCCAZugAwIBAgIUXwjD6odYIds8EypWYY9AhlAYQe4wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTEyNjM5NjIxMzk5OTU1NDQ5NTU1NjExOTcxOTE3MTYyMzQw\nNTg0NTc0MzYyOTQ0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATi\nhUk5n2hHaLkowS0+EojNdgFLRq4T6167a9eXWd8Upvx1On4G017l15War4tzI4Kj\nehhj1xX7nBHwBpkFj2uWo3IwcDAdBgNVHQ4EFgQUVVJWMOyiSte5zFrZIYZd7zCX\nO+gwHwYDVR0jBBgwFoAUaaOJPUAknq+eeYMzj12PDqBSGOMwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSAAwRQIgDKT8jDWujUJXIwLKJsIwMtRVwyovVwi6vbBKgGfi0MYCIQCdZl6m60Zd\neRDxbXsn9fcPtbHk9HaK0yF8DD+Dw0akYg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -480,12 +480,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> EE\n```\n\nThe intermediate CA does not have the cA bit set in BasicConstraints, thus\nno valid chain to the leaf exists per the [RFC 5280 profile]:\n\n> If the basic constraints extension is not present in a version 3\n> certificate, or the extension is present but the cA boolean\n> is not asserted, then the certified public key MUST NOT be used to\n> verify certificate signatures.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUVLhq/RHKjVpj9Q/UHNPGj7Y38HAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARiYwQovP9W7d2v5NSfQX5GpCQBaX9cuEtPkHqI\nZta3y9Ha1fIQx2ekpQkctnw/DbTByoVP5xRQLpyIGjAm3/3xo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU7SbZzG98yaaFkP8oD/hMHUWfNU0wCgYIKoZIzj0EAwIDRwAwRAIg\nFCGevPGWHjKgQaf3ZcaUGYd6N710tuzUz/0O6VjDjrACIAiUYA4ri2GvZoUFGIY+\nEfr2vDRDayjzJ7pjNT0Yo8QP\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUINvWogPhgVAc9AsIEIyankEXMXYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQXltjJnIKHFsxLanzQqPPaIc4HXElN0OirP32X\nrHX67I/a8SofYX5ko65EXjz649zMKK9ELbZxMlROMv7PbKu6o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU/YCnftQN3UbtQv5zWFEOmDe4jjUwCgYIKoZIzj0EAwIDSAAwRQIh\nALsNb27R2WLhe8Z95xQfqGOZL+i5mSAGaQ8CVn4dDHuYAiBuN8JD7SD4mMztUDvF\niAKisU1r9l5Z4Q3J+iwsMQggjw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUWD0dIkjqLiYLD5RFTT0d7fk9AGUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBqMTkwNwYDVQQLDDA0ODM2Njc4ODE4ODMxMjgzMzkxNTIx\nOTQwODAwMDAzNzE2MDgxMDIyNDkxNjQ5MTIxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABP8KgCRDzx9bTwQ1D9xsLHPdOyuDtDLYs4iq+f5knT4n11Tpk0ii2Llqx0Uf\nlvxljSs5zt9IBLSnlFTsb2T8zT+jdTBzMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQD\nAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFO0m2cxvfMmm\nhZD/KA/4TB1FnzVNMB0GA1UdDgQWBBSUEdbcQYWKvt/jshPlWHm1hnp7nDAKBggq\nhkjOPQQDAgNIADBFAiEAwm4usp/Y+mZvU+CaYVm4AcP2hMazYG8EYaYaXl1HSksC\nIFtgEmWAO1EqbBy5dpyXtlKBszllRYvZLsLkkmMFqk9v\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIULZmjGHXfYhSUWzIEbCdZr0xBw1gwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjBqMTkwNwYDVQQLDDAxODc1OTAyNjUwMjQ5MzI0ODI2ODY4\nNDc5NTEyODM5NjkxODc3MDEzMjUyNDY4MzgxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABJf9Tjx2wZU3EdB8+iPDwkcIxZplj20exzQcaULpDNz2w7njc+8e9NsUSDmr\n026SC5lnooHAhz5K4ytgMaSpCg2jdTBzMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQD\nAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFP2Ap37UDd1G\n7UL+c1hRDpg3uI41MB0GA1UdDgQWBBSbjz4764E/TewrOUwNlfRHIrpa8zAKBggq\nhkjOPQQDAgNIADBFAiBLIAICB4Bd/uDfaBqBUP0xtZa4K1Qk7WEWuybE6NyCzwIh\nAPQr3PlS5ZlpJmt5rRMvA2WjTj5zk4Pg+p8nMUaj0S+g\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB+TCCAZ6gAwIBAgIUCfs4xNMokKnuJh+zMGqcb0oFj9wwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDgzNjY3ODgxODgzMTI4MzM5MTUyMTk0MDgwMDAwMzcxNjA4\nMTAyMjQ5MTY0OTEyMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgx\nFjAUBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAAQF/pzgqYt4fIIkkhfMvhh7HzoKtL7CPh4xkgWi1pwwmi58mwg8ZK5P5KPefLuU\nNr4xwSlEvRM6QweLhrqyYYUZo3IwcDAdBgNVHQ4EFgQU5LPOE74Vvxe58lzmdyHi\nM+PIG0wwHwYDVR0jBBgwFoAUlBHW3EGFir7f47IT5Vh5tYZ6e5wwCQYDVR0TBAIw\nADALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0E\nAwIDSQAwRgIhAPdvoiVPPAlq3txhS2J/GSV+TzEEr0cbHynn0AI4OYkNAiEA7GqD\n8O+joRrUsSbORNpQbsG5r6H9szCtbplIEUygdYg=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB+DCCAZ6gAwIBAgIUQGpLWvpMKSOuAwDJ5oe3q5zmmrYwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTg3NTkwMjY1MDI0OTMyNDgyNjg2ODQ3OTUxMjgzOTY5MTg3\nNzAxMzI1MjQ2ODM4MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgx\nFjAUBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAATiif3WmhhxjEXTpetjtl+UNoWv+JgQigPVCCBY3PmQSmAQzlGcx9wSdq2uMQlb\nhjvtctMrWFt63vt8XktW+09go3IwcDAdBgNVHQ4EFgQU2UZWp2ZFafeaUe8lrprO\nRecu0icwHwYDVR0jBBgwFoAUm48+O+uBP03sKzlMDZX0RyK6WvMwCQYDVR0TBAIw\nADALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0E\nAwIDSAAwRQIgJuOYPKFb8R1iuOYKZLxGl73j/CxU1CnltF0+p8ecZG4CIQDAKRxh\n6viVItJ6OScFZBZfdIb4xUT2UXLIDRSdbAvzQA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -503,10 +503,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA -> EE\n```\n\nThe intermediate CA is missing the BasicConstraints extension, which is disallowed\nunder the [RFC 5280 profile]:\n\n> Conforming CAs MUST include this extension in all CA certificates\n> that contain public keys used to validate digital signatures on\n> certificates and MUST mark the extension as critical in such\n> certificates.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIULDyYjw1lDXneop5DmruoCnIzH0AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ8cFh1gYeB6toQVBLgSVH6espgZ6CjKWQeZ+6C\nAhR9IpIGQ3Yuor9sdCQyUEaba8cDy8N0csB48q0yWFJEVoZSo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUUwh8xY6cKd8P+UwSFiAvNQSVkKgwCgYIKoZIzj0EAwIDRwAwRAIg\nbiaUkM6jGBzQgwjG7RgQc3IAmKbmZ8n/KscvJgGO10cCIA0mBHeq7Dq7OqNANgxU\nWAZ4ifFTBYS1+dX7qcwbeJ/S\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUeKMH/DEuqwxLWybIZKkxLZzPkOcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT1XUyAua42oT0siz+a4qcJpJ2+41T/Auus0I0E\nwjC22QHv22KkekeN5NcUcmprzHCbq8zCg0lyyj0Oqdgfw+S/o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUBylGFpTdS1RD4ynZxzX1XGht6KEwCgYIKoZIzj0EAwIDRwAwRAIg\nRLdes3L1e2mH9Kwro0jcsW0ZX0cXL7UrnNHdjyHXI/sCIEvJn9nxllobGvt5VlDn\nIk2YgjQ6tDWwWNRxxYB1WYDj\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB+TCCAZ6gAwIBAgIUSnFaH3qh0Bc8vlzdY5V44eqOHy0wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjUyNTQ2OTI4MzczODA1NTMyOTYxMTkxNzM2OTk0Nzk2NzM3\nMDM4MTkzNDY3MjAwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgx\nFjAUBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAATtfm/lcbIB4+J8iuZbbnwhZPFZNHFZFjHL60RbKqEdQh6W2upU56WbPhYTtSHU\nj9YCLZDYV9E8iULND6oZowzqo3IwcDAdBgNVHQ4EFgQU1scgPiZl2COwDzjbxkka\nod2G8pswHwYDVR0jBBgwFoAUB9hzYAW3x20m0nk99ZQWhJFLwjMwCQYDVR0TBAIw\nADALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0E\nAwIDSQAwRgIhAOI0ahVe2kM2V9S39rl2Co72edBvom/bhnOgNgWaZaSIAiEAlblU\nr5PPR/byLXGh5hGYjEgOsc4WmQShq3SwbMaDNZM=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB+TCCAZ6gAwIBAgIUKzYjiR7olZNXZz6DdXAEdnCH5KEwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjg4NzE0NjA5NTY4NzUzNzA3NTkzMzIyMTMyMTM0NjI0Nzkx\nNzU1MzEyMDQyMjE1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgx\nFjAUBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAATgDTN/A6dnUH6oku+xjthx+qCf5nKhJXhCyLiQeHjEja02ZaSfg9/ToXZW/THP\ncJ0rrtBNtwrnvbhcibGZDkG8o3IwcDAdBgNVHQ4EFgQUFrYa58TvncKSZ5MkSyYA\n8haAsnAwHwYDVR0jBBgwFoAUamD6lTg7DJZQMGZkvXPZ/rYKBUAwCQYDVR0TBAIw\nADALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0E\nAwIDSQAwRgIhAImRoLjWeRBeZ4ikWl5SeZgPFWI2FmsL51yC3NP9cEwaAiEApIKq\nQHzwLp6PYqCHhorXnaztdE2t5V2RaQO/kYDr7Oc=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -524,10 +524,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root CA is missing the BasicConstraints extension, which is disallowed\nunder the [RFC 5280 profile]:\n\n> Conforming CAs MUST include this extension in all CA certificates\n> that contain public keys used to validate digital signatures on\n> certificates and MUST mark the extension as critical in such\n> certificates.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBfjCCASSgAwIBAgIUPzbPGxoaER/77PQMYtg2iMQEzFcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARkMQn/QBcFnhDRqpMjf7zQ4bIxN13/I5KpZ5y8\nJHS+WMqE+XosNksqz2GaHbqr/T6R2GR47WIv+l11VpV+rUSoo0YwRDALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFKtERUSQBNoQ\nxe1JDBPGBWfzSBH+MAoGCCqGSM49BAMCA0gAMEUCIQCk+JJ8UeHdPFBeUCXyEbxr\nRfn23MGAby4dXIDFJrtrvAIgdPKuVAIs/+eyCUMLTIMyc+2RGf5YZMxk3vaxEqeT\npZs=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBfjCCASSgAwIBAgIUJlHgPRvOCUC0CJvZZDNOgW8hEVAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASSfHtgGIlKTVLTTuLAiZ5oC+ZezWc0Y1kyTPL/\nHXrmzvaW1pM6itbXpgl+DEmkg2wbK+pabX9sxrohrlALRwHgo0YwRDALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFFNNMHEGFhRi\n+bax2hqKX/T3jKL6MAoGCCqGSM49BAMCA0gAMEUCIQCur5rGfF7YwXg9906+MaYZ\nelzwwd4f1WVe8/8SeISSIQIgKEkN5H4ewN0X1ldC8dzaF8v47K3ytwYdrBcYhYkM\niSM=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU6gAwIBAgIUKFKiCq8CqC2m1z1eQ603sk511iMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEGd8lHeU94ZfNYIahtnOKT22pUURnXeDtkbMXyCZ6\nhdkvqOdHt/S5CuSXL8FcRSZY9dq/FlOewRtf8m/NPfCN6aNyMHAwHQYDVR0OBBYE\nFJoBwNS/fjB3FLjuiCEJh/395TU/MB8GA1UdIwQYMBaAFKtERUSQBNoQxe1JDBPG\nBWfzSBH+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDGUAmrdhsVxTY+5HFjFxegXD6WKg8D\nWV3FbRu4okCgVQIhALDfprKPNwsTq5SoOavBKLfkAF9sshGOQfKj/j6rtygt\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUGB7stw4uekE0Kx9agKhiNlQkEXwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEnmOz/7oYeh2baEPgF4xi9RExUVl1SNgnegJc6OFJ\n26xHIp4rHEWUhRCeVww0K6LOgjh3J9lf02X3yNoAiEX8MqNyMHAwHQYDVR0OBBYE\nFL/5Sj2aNHi2sC5NcoOu6mSaqEi+MB8GA1UdIwQYMBaAFFNNMHEGFhRi+bax2hqK\nX/T3jKL6MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIDyVqWGvnV//JqPtVk8QhOITW/77gNNE\ncufaEdXtR74zAiEA68LJ/synkgIcqG+xJ1lajvcM8dvpr6pPaOK98Dl33xM=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -545,10 +545,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root CA has a non-critical BasicConstraints extension, which is disallowed\nunder the [RFC 5280 profile]:\n\n> Conforming CAs MUST include this extension in all CA certificates\n> that contain public keys used to validate digital signatures on\n> certificates and MUST mark the extension as critical in such\n> certificates.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBizCCATKgAwIBAgIUS8w3W0Xp0hIor49porkpJU1EcaEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS9z2wwYiWKzzzPJGpIt376kpaJtyPaUzDQpm8g\nEYsicpzZUgzvHjGHrjk6z1J0X1N2FDAwnKdA58dCbdfvHMQOo1QwUjAMBgNVHRME\nBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAdBgNV\nHQ4EFgQUJrhlF3SQQAdsfeMnB3JVdTTkLrUwCgYIKoZIzj0EAwIDRwAwRAIgQhyJ\nlKriYnGVSH3E4EkFND22ljvBBTObXZ3qZvmFCH4CIF63ss+LxZaihHQwx7TGRFNS\nhtvBUMAW9SUEeVVweQn2\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjDCCATKgAwIBAgIUapGTG1NVzB1rS8sdel15YiiOJIowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAStNpSoZPdLhhrCa0yh2qovxgDCa9l0wl987wYo\nHcQv8xAkWyUGlTe/JXY+n4ta2MSorXL7xcsZM+6C/fOtkS72o1QwUjAMBgNVHRME\nBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAdBgNV\nHQ4EFgQUNDwgPdO/IGcWWlo8tBibN1KQ6hEwCgYIKoZIzj0EAwIDSAAwRQIgfLug\nuAs12BTmWiP/tzeTt0BpDpTc/GBtKPStssq1NjACIQDNZOF4UUMP9BD/j/qsOa6Z\nvYdmNlm5dvmWUPMu7+L+xQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUZkkBAnmX+wzUG+HUdNkXJz+GdKEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAE7CACrTn8BOdlN+CTCjo+KVb5sHtDg7It7V2n/Q+i\nKW+TI2ctppAzZ1Jc5j0X0HWmpgFQVCXwi9M8OTpvm3aNHqNyMHAwHQYDVR0OBBYE\nFEwQmWpH8h+YTLGcWZpX2TKfP1H7MB8GA1UdIwQYMBaAFCa4ZRd0kEAHbH3jJwdy\nVXU05C61MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIE9PoSQhMMH1DXp9vrNiUT1TXS0ywyi5\nSDg2yp4bSv4zAiEA3osqJylXueQvH2DXOn2Ns7bkulFWGq7dKXAfqRU6UCM=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU6gAwIBAgIUL7dNzKqk0auzTHrzr5nLOhE7yocwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEbWJg/DkObUoS34vOwd+P+yzwdrWvdbIXSh7gkOhf\nvIqSy7e0dxUaTak3TJPo4ES381oPHzJbtDUIOwVIXfDLyKNyMHAwHQYDVR0OBBYE\nFILOhp6U501sw3So1+g05zsht+cxMB8GA1UdIwQYMBaAFDQ8ID3TvyBnFlpaPLQY\nmzdSkOoRMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDAn6TCBenDoPWpdiURFdnHiOgNK7s4\nGvssax+kRg31rgIhAIAPC1b7hz/0BxaF2UOmN8fHXx1hsSUZ/KQyem6iHKsG\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -566,10 +566,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root CA has BasicConstraints.cA=TRUE and KeyUsage.keyCertSign=FALSE.\nAccording to the [RFC 5280 profile], these two fields are related in the\nfollowing ways:\n\n> If the keyCertSign bit is asserted, then the cA bit in the basic\n> constraints extension MUST also be asserted. (Section 4.2.1.3)\n\nand\n\n> If the cA boolean is not asserted, then the keyCertSign bit in the\n> key usage extension MUST NOT be asserted. (Section 4.2.1.9)\n\nAlthough the profile does not directly state that keyCertSign must be asserted\nwhen cA is asserted, this configuration is inconsistent and clients should\nreject it.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATSgAwIBAgIUUrf9Kj5JsB0UFqLRIF+hiN2X390wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQTJlu7as2l0/SoaceWT2kP4lNqjOzV1Jjhg6/C\nAqA+sIl1Rt2Dxu//IeH3o+h4FjUXMEahSX1qn/sD2ApqXlybo1YwVDAPBgNVHRMB\nAf8EBTADAQH/MAoGA1UdDwQDAwEAMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0G\nA1UdDgQWBBQOi+C0KabhTR5sY5+hY/AQYUGuKDAKBggqhkjOPQQDAgNIADBFAiBq\nrsISmwsB8w6rbwhUOoJZ1JHDlL7elgj0HtQrBn/z5AIhAPfYD66DOEbSn/VfcQqd\nqQ0yT87D5ZB6+gGMaMXvl2xl\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATSgAwIBAgIUIRovVbGQ9NuG7JkPycVmyBMw1HswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQpJfy3hOz3zKSXDJUrodoGOqpCOj8sM1wUplZU\nLjJdrUC93Zjhyh6VdGLKLX7aA/CAwYS+hnvjMMgsGZ1pyt9xo1YwVDAPBgNVHRMB\nAf8EBTADAQH/MAoGA1UdDwQDAwEAMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0G\nA1UdDgQWBBQGXS4bqgIhukNOyq4juFbi7kvPdzAKBggqhkjOPQQDAgNIADBFAiB5\nSq6pP7LS7MjogcZzV3PELMlXV1LhHNj3sh4ira1JTwIhAOELIvkUGvu81YZXCur8\nsxlwH/GNwoPmHRulsTBpNC+E\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU6gAwIBAgIUSmu5kklMtnOxeEwZgE5QDW+N0hUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAE8dqvfLC8XaV54TCalKVa9Dhxsyr5B8TYA2mthmyS\nk06n/U07ug08yLZzkXOdzPs+udWc/0BnNxrIZ6Yyp0NK9aNyMHAwHQYDVR0OBBYE\nFB69xelJxwNH0PM8NgPAda88PzZnMB8GA1UdIwQYMBaAFA6L4LQppuFNHmxjn6Fj\n8BBhQa4oMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDz1pnx+Opx1FkDK2NHXW4l4cjH6ExR\nQrNWSzmWHrKwjAIhANohowfW3MKO4nVHhhvqkkS0ok2p3gzzHqg0jpkOlvtN\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIULXkdDdBLUJN8o74AUmFosGZQ7LUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEtE4gTVEBotigp9EtaAnSbtsiHN3W8L3BAWE4cCYV\n0JSfASLrlQ2OBGY1gIkzrQohVq7UbsqLKayHk5Hwn6Di0aNyMHAwHQYDVR0OBBYE\nFLoMTqcLRCnNTGQV+HhTZ1gppdlHMB8GA1UdIwQYMBaAFAZdLhuqAiG6Q07KriO4\nVuLuS893MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIEE+3ghNpOcW6bAvd/h5KDSp2RO7aitb\n7Wnkd+dWlQnHAiEA5EmcswTKq3eHpbEGv+SpwZMJzwa0TdmhmMYe1JVVSSY=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -587,10 +587,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA -> EE\n```\n\nThe intermediate CA includes BasicConstraints with pathLenConstraint=0 and\nKeyUsage.keyCertSign=FALSE, which is disallowed under the [RFC 5280 profile]:\n\n> CAs MUST NOT include the pathLenConstraint field unless the cA\n> boolean is asserted and the key usage extension asserts the\n> keyCertSign bit.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUPIKJaBJ09BNJbSU6jkm8GQY5nt8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ4jZZl1dHWt7D+XzikpN27e4u8NSfrgMqxhIlc\npqmUMFz2zmSmCRb/sezfpIA5heBj8FtAp0pGWwyh8/12J6V+o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUiQmFg1rMiH7UL0AR1IwMo4Cf9x0wCgYIKoZIzj0EAwIDSAAwRQIg\nPXIDeJzBQYsvrPbGuRkp6Zixl7TtAg5CXF6pzP+u/pwCIQCSj4wWYhChlUktKhle\ntoNPaXJLr1F0ORlsVRC3ZOZIUA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUTgxHn801idPZONR9BxnbTU7C6h8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASOgkiFn06aFOFg47NE/81PWDfNjOGLSNfc0ZvG\n+Zkw4CF8VPBQt/DmFKKPWz5AXUzCaz3jWUhCuJzQBERqD+0Oo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUPyvLIPOL7j8vT8yjSRIDjSWpDg4wCgYIKoZIzj0EAwIDSAAwRQIh\nAJgr7fOMVdSD1+9jxilcATjMBHqFuqyNDf4Lsvta+czFAiAiiKiSOTcqWfK3YXto\n8i9BrA64EBhrOtlK2qAUBCF39Q==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9DCCAZugAwIBAgIUSwLR7CeccZzNuux5EF50gW7wgNgwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzQ1NDUwNTEyOTIyMzExNTI0MTg5NTAwMzIyNjQzMzE4MjAx\nNTYzNDU2NTc3MjQ3MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR+\nSgC1678/t0zzMe76u5l5qhoK/IKay002LHih3QBk9j34vU0R1Y4wyv0tFYRM33/N\nmfV2vE9M6RxUv45KxW/1o3IwcDAdBgNVHQ4EFgQUEEkjpj5RG1UZxdI0dPH75/yV\nV8QwHwYDVR0jBBgwFoAU6/ZazDkd1KAaa1KNb79HoZww99EwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nRwAwRAIgeT0AXl+x3sBurfzw5M0fGPu64qkqY6PVmp7Ht4Kmzh0CIAQ2LJMY51K8\n3x9bGGG+/Ooxr25Ov8UFgk5zADQylqzD\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB9TCCAZugAwIBAgIUK0y7fwvoLqpXc/UAgzh6CZ+E8+kwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDQ1NTc1MTI4NDE2NjA5MDcyMTE4NTA2MjkzMDg0MzM2NzU4\nOTE3MDY4Njc5NzExMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMTAwMDAwWhgPMjk2OTA1MDMxMDAwMDBaMBgxFjAU\nBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASK\n9h+MBwuik7vDGj7rs1jyn+KIVaF1H3ZT6LKFZ9THV8GbopMsDB/DSgnhTics5T7T\nX3PeGRFxml41EdoPfAd8o3IwcDAdBgNVHQ4EFgQU4r9yHcwLlCaERMvEnfNOcU3I\nvDwwHwYDVR0jBBgwFoAU8ccBEGC9pq+P6dfat5eBPYixUPMwCQYDVR0TBAIwADAL\nBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSAAwRQIhAM+qre5dBMHWytwxCGBb4bieLL2GpWwn91F4IptNfYW7AiATozbCJbxS\nufqE7roEflNq74BimVCjVcCj0fhBXO4eiw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -608,10 +608,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe leaf has a BasicConstraints extension with cA=FALSE and a KeyUsage\nextension with keyCertSign=TRUE. This is disallowed under the\n[RFC 5280 profile]:\n\n> The cA boolean indicates whether the certified public key may be used\n> to verify certificate signatures. If the cA boolean is not asserted,\n> then the keyCertSign bit in the key usage extension MUST NOT be\n> asserted.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIURF6+B0lsxJVhW+DZVVB8Ho6bUrgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASLSuS1nJa1vlqCqvzg5w/J2b05BSGopRtHsaUR\nc6Q5BalfY3pji+vsZ9IPN4plgwixHiwQEs2xtcK6FUlZn7yHo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUr/++Jyy2e/oo5TjJCWFEBlz8TGwwCgYIKoZIzj0EAwIDSAAwRQIh\nAP4uw3SLU0PEV2pFPqnfRL3NH7ok+LducWWuYGZ+5RFtAiBecB1PibjDL2UId3mP\n3HSZA/hnbPgcFxN3E/l/l8ZzBA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUaRzM+6wGvnBliTrnaz9TkVbeAVYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARLHIfMjgaAQ+Hhx2ia2W/Izp7Mzxx1MOgLFfXl\nzryaJn897ofQGNKt1Wq7hiV1c2WervVp8C10OZm1u9raFWvKo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUjVqdi56wuufNtfbtWYUvLe5LJPcwCgYIKoZIzj0EAwIDSQAwRgIh\nANF1x0XZCAzOyE/qDzESjl2GWU+vagXJmnuETqLMGOEKAiEAj+v+S1lX8XwKOaRO\nokSHM7j9Aey+JDhOEI5S7OiWzxQ=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU6gAwIBAgIUGq7Y2/nJwcumh2PZgelMFmVqZmowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEoOsc3UStM0WopJtRAHJ2MWc/6VYpGGq9sbZbmjyq\n3BoBFpWOvISSeOc4PQE0NTLetWXzJB5J9W9OlL1UCI7oFKNyMHAwHQYDVR0OBBYE\nFEyLXqm0NV7V9Xsa2PUAf7W4neZqMB8GA1UdIwQYMBaAFK//vicstnv6KOU4yQlh\nRAZc/ExsMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgKEMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIEPTywGwicarh3XAMIdFiBnPMW0IoA/e\nHTAZShnDqrO/AiAfKpMpPi+OJ2yYGtubQ+wq3uU2gGd0Zv19Lq2dKDdOBw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU6gAwIBAgIUaNqtZzxRVvuKbKJq935j1bHVlMIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAERoJDP1VBPu0aBlpJF/TXUqjnyK48Vm/JuqeExPuv\nETZ5qN7J6cppB6qZ3Ud7VKapRaPayRd+IYqPUwvyvAYP9qNyMHAwHQYDVR0OBBYE\nFMOptGLT32V5N/FwAWcH+JglDhrHMB8GA1UdIwQYMBaAFI1anYuesLrnzbX27VmF\nLy3uSyT3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgKEMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIG1XdtsPmGJ6Do7Km8DrY4AqqlHD116A\ny0QMQgDXcD0/AiBaj31FFF7yoJrLehdGEs2Lw1jRejG7VWkoEY3UX6g5Dw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -629,10 +629,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName\n\"example.com\", whereas the leaf certificate has a SubjectAlternativeName with a\ndNSName of \"not-example.com\".", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUA8tYA77pGqrEgXLg+h0IGIb4rw4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR0BVQenL/hdx4b8dtCsH28nZIrOsfn86E1lJwt\n+fbrmAJ4ZiJgnt9X9AsxQf6CfH0dmX7NIPgUOTVl0XKtNgh1o3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUapqFtqPyDDAyRGic+t1fl/2m/GcwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIGQ6vjpk3ld2pxFakmnWq6wj\nRlMPcsUjTUb7OPSrvXghAiEAjn2rERxFVM3oAo2kHuMHd9te8KIooiW8Gk1WhP/8\nAhk=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVSgAwIBAgIUcMw0FDOQWWV7g2ijTFfhMGNi4ycwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQCWvpLIf8PNw2VnF8+mm7yJh0X96g7aTZyIDKj\nwUWzmSz3XQ7mrKoFdjDb+JiCqRrqG7vtJYUjMVvTady4jgxto3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUM/H0CGAqDjoMriCl9wMbUvPESo0wHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIC8OrZ57bpJ9y433djaB5S/Z\nHk04054YON1ybF1RY9gDAiBK9yulkfjsNjDM6bEDPALiGeQdMB97NCMKi2k/ljlv\nLg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVKgAwIBAgIUAwSWKNGjAGDd69f2A8lLL59zKfgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEuh8H4SOMiVwrnl75G42v6B6t8AVo5AqVMDOfOWYv\nLPZihilggi30aVOnOB6n2T9GojwT5h3mxPrr4zx5eG0CGKN2MHQwHQYDVR0OBBYE\nFEuO3LlmgxNSAeMHWGkagdnWsOe1MB8GA1UdIwQYMBaAFGqahbaj8gwwMkRonPrd\nX5f9pvxnMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBoGA1UdEQQTMBGCD25vdC1l\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEA5ARbIC3BUs9+AjTXqkFUJsNT\n7yS9YrcpQaiHUOe+sUMCIEGdpmEVzxwIM42A4tNi+1Vz5vb8FDrF6hRCb4K1FmA1\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVKgAwIBAgIUcrNJ4b72XngF8zlKfRMSdDngKcwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEWAZOrJNuvRBtavxmgP0pdHlgjJqVPct7sd2BhxwN\nwfIStUA7DSREmwZfRH4gJPE+UKmgVsX9PHG5T5Y0C25d+KN2MHQwHQYDVR0OBBYE\nFCK+o5QQkUBagI1AHM5yaQWiR2XtMB8GA1UdIwQYMBaAFDPx9AhgKg46DK4gpfcD\nG1LzxEqNMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBoGA1UdEQQTMBGCD25vdC1l\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEAm7PEj2yb9uBHoLKJ8GZYLzUK\nJw8hxnoDIWZmfINX3SkCIEg/5Z4pNF6MCyQxpGojjma6yu+vGwcmSfyCdzxhtgP2\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -650,10 +650,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded dNSName of\n\"example.com\", matching the leaf's SubjectAlternativeName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVSgAwIBAgIUZxGswwbbDygCQJgusnNQW1RwCLUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARd0SFeh74AYWHyS88WFhYcCKs9t0kOrBGZRDw9\n5bNcx1Kh3SDK8cHOiBarss42ReB/RJ5MHXOxNRxgCYp3GRs+o3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUiQlFe1i3gJ9wOCGJVC3z2xhy8gAwHQYDVR0eAQH/BBMwEaEPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIGbj36nQjaJRoQbo3RPXOHww\ndtGyB5/pws2AI+fhepHBAiAqpA3+P5bieXrz3ikWv8oHsLXZm8PC+prjOfnzCwhc\nUQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUIF0S2aa151yHGsK/wwIDpjSKEZAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASeHFh0bAyg4xSWpGWO8D1pxLKYvbllfYaznJAB\nyVaMFIG3fC4d28RhouwmpirXKi0ELKB6YNpjo0E+w1NlvA/Jo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQURfzPsRJ6TmT1efvBgx2Y3Qy2vTgwHQYDVR0eAQH/BBMwEaEPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQD2DXm+umDb+DXs04PEvELH\nkC92w0FFfGPxxWbhpTIgJwIhAPyWO1fag/ZtFiu0wW4z7zSXrqcYQ7/LmNyv08QZ\n8tdK\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUD8UJVW20RIaqoOHjQRR1EF7kj2YwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAENijQrtC6i5+cqWeNWwEemzzN+QgCLYBt5owHm214\nwDz/YunW/0MPR20KDaCvo2JfCXoALsQEAHArMnt9TQjrCaNyMHAwHQYDVR0OBBYE\nFHM2gMq/0EjTkDMD3AHB2n0YPYjsMB8GA1UdIwQYMBaAFIkJRXtYt4CfcDghiVQt\n89sYcvIAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIBd99PH72F+xexwu3rjcnD5PO754bMKv\nbpnHdA25UpUjAiEA4ccGVrN+v1m1vvHKckndpionSct6dikmrtoSLaaC4MY=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUGN24AyOXEPewGNGE0O8EDRvW/s8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEHz5Tn2rNYoXd/OL34Xg7JHDULt6uyNMwWqr6CfpP\nZl32JPCeYB91IMi9hxW78256hNFbmBo0TKIRoteNOXrcwaNyMHAwHQYDVR0OBBYE\nFHgg+2suMzGBgKjS+jzsmkLC0jovMB8GA1UdIwQYMBaAFEX8z7ESek5k9Xn7wYMd\nmN0Mtr04MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCICX//DTtIkQ3H6gUc1VS3bJa1vEfUWFk\nzQeCX648kWs5AiEA+n3MiaCZze62XCBTZY3+Vqji+pIh0PW+7PyDtGSpYsw=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -671,10 +671,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", matching the leaf's SubjectAlternativeName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUb2Z+O9a8ar/9jicNSUk9qhBL0d0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARzgpWa9w6u3WkRsI+Taplttry6ObSkvRFy1Txe\nfabEPEN+FIDYL9G7+NbtrZ8Y8p2WIfoq69SRrsDoedLZaNZho3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUPrDOSbOa+d+Wc/tmE9b2tDz7c7owHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQC+yGHRV0UuGEZoj/wZelbm\ncFg/oD2i0Hhj4hTUOwOkrAIhAJsILmWyV/o4sCEEAOHjc+3UUrzeihk8Zfit0sNQ\neM14\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUDmnVb59I7O3enPXS85Lr9JXpENAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARqLlj8YpIjk323cHQ/x+jmeBuT3clyklfED3fu\nW8Hw2pa+KWj0EpmNHad/w2rX+HRWEF1qziVF9kYj2mZbIGgKo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUowmtxlIVYbXu/hbDFto5ttLxDeowHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIFfxDNCyUhxPTDkLoEY/W3c7\nVjYcDQEnOhGAiQ3wYlBEAiEA1/Lkv9RIlZiBhMF19LsGTnweKqM/zastcOZTHC22\njG0=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUOGR2MR0T1wU2epejdogQBDl2WpswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEEAYPw9YQUdHbuILMkPdUl0Reqm83gj0hrs8QI09k\n1F8MHAYFbBZkyc8dqdPQCm3zSCmTj/yrFdjBfCLLczZryqNyMHAwHQYDVR0OBBYE\nFF1u1/WB7O/AQijHgyYEizrXIlPOMB8GA1UdIwQYMBaAFD6wzkmzmvnflnP7ZhPW\n9rQ8+3O6MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQDO9LKSnvxf2ZgA9iDAzx1yhpvMaoOb\nLgmRARBbx1hRSgIgY+KO9HCZ/XY6XN3dN97Oktnq204xtLhQ4TIFlA9NMDE=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUdU7fnCl1YR094IN4cRtGHxEcOZQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEg7P0DV8fI4eyiAMl9zLDMLavi9J430PI91D4/YB7\nRZ8NokXiMByf/fzCtAFf0W0/s8USFfURETKdsg92RXu0Q6NyMHAwHQYDVR0OBBYE\nFKIZ3b/ecNcr0e72VCEsuFZPYDEbMB8GA1UdIwQYMBaAFKMJrcZSFWG17v4Wwxba\nObbS8Q3qMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQDLjo4eD/Tn7IRF47wOuMfkQHLAVAd/\nvOAx3hRiD3wQhAIgFgZPTVnPGQSVZJUJ2BvtvJNs2LdlBuru0kaJWcqOR+E=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -692,10 +692,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\". The leaf's \"foo.bar.example.com\" satisfies this constraint\nper the [RFC 5280 profile]:\n\n> DNS name restrictions are expressed as host.example.com. Any DNS\n> name that can be constructed by simply adding zero or more labels to\n> the left-hand side of the name satisfies the name constraint. For\n> example, www.host.example.com would satisfy the constraint but\n> host1.example.com would not.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUC+P8BLi0c3Q+9hSaBca4O+XdkcswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQAL3oBFfYCXozIW/u5qwLFVAV9D7iOmeNRUJ6w\nBHYDHXFZoYmeosr7NZgI6tVkKeiHuZfgoQ4iZ4g+3bVqnv6oo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU/3F9WTOc8ndtjjIhlI2Jtb4sITAwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDAxOyDlJ3h1rOxUA1y8ZGz\nyjHNMnu6YkyffDY38KCyQwIhAO9XNpO5gX2w47v1A6GkReKfmRSU61YX1NGXseIN\nS8yy\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVSgAwIBAgIUQnbF4LONh3mBHbwt1CiEgtpHjaAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARQt9ff7yjtAQbWC0RcL1ilQQXn72mQP7PSlljH\nB8UElCqueMpKGVysmf1KnXDg1H3nT012dCxeZVVN/Qw+ySE7o3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUnw1TTFapv+g/fGbnv2XsfkwD33wwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIAVagAXl7PVV1kPOpUWP3K77\nRpj6bViDLBRJ+VAIx3sRAiBV/7WjsO88np4z523KyRIbEBkg3VvZ/9ozOj9DeApY\nEA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVWgAwIBAgITWP88EjGVcEpCI60GCa9MzxbgATAKBggqhkjOPQQDAjAa\nMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwIBcNNzAwMTAxMTAwMDAwWhgPMjk2\nOTA1MDMxMDAwMDBaMBgxFjAUBgNVBAMMDXg1MDktbGltYm8tZWUwWTATBgcqhkjO\nPQIBBggqhkjOPQMBBwNCAARcuFvyA39X2q0ghm+AHZwWtNcA88NBT4IShfd09P7R\nskz+8MO4PFadvQOad5nluKnAfZ/gzhvItrRgT6h9KZYXo3oweDAdBgNVHQ4EFgQU\nMCHM9GmrIyKPEFPu4vswy1J927cwHwYDVR0jBBgwFoAU/3F9WTOc8ndtjjIhlI2J\ntb4sITAwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwHgYDVR0RBBcwFYITZm9vLmJh\nci5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEAusfpjbtW03CQjos9v8En\nhGXoHSNCkip79gc1gdLknOECIQCrk4LsM3pM5lnQSCH9k3zlifHmsUA6z6DwkTja\ngVBobg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUWQUlopBU7bgiw/7aneZtJQEcG1IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEpeR9MhLEU5Wm+O5Q5GeEpVpkvw4gNVZnIa0mkMlN\nhAyfNkeOkc13+QqpDL71ZSlnRjoCtJIUZsEFyI8UqSSCZKN6MHgwHQYDVR0OBBYE\nFOgow1KA35Kp1242LFiUOHum+WC3MB8GA1UdIwQYMBaAFJ8NU0xWqb/oP3xm579l\n7H5MA998MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMB4GA1UdEQQXMBWCE2Zvby5i\nYXIuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhALlRm0QfvOUdkOcqT4Gr\nWQRmLM8F5ZvNAAcBViwK++wQAiEAg2bJlaTHMV5x+KGNhDYbO+4E+H6gONgbjbaL\nYbqdSS8=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -713,10 +713,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded dNSName of\n\"not-allowed.example.com\". This should match the leaf's second\nSubjectAlternativeName entry.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBuzCCAWKgAwIBAgIUOp2dALZvNu1MYf69r0SfUfQmm+QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ/EU6Sne8My1bM28MGFMctqkGG4Zj97MZhz8GK\nFS/ERSXK7GafdkVNeUtB0hmUZXK2MCJLQd62wVGnSEFl3ieqo4GDMIGAMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBRxofn5KO/fPNE3yGk7tyHmxyXpTzApBgNVHR4BAf8EHzAdoRsw\nGYIXbm90LWFsbG93ZWQuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgauza\n7gttOA60YL3drZ2/WRC6XXyt45W824EySKaGqHoCIA92e1t1An+AMqc9fdRudvPB\nCULgiC4TFkBfc0VYUenq\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBvTCCAWKgAwIBAgIUCUs1Ytpr/Ui0wMzf4eyFSARjQjUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASMmWNM3iLroq7R4xGrclBnXPxNy2ZHOujGky6a\ndLp/Th3TCjlgm1J1rn5jab1GeadCS3BQTjVnoJ0LG85Cdewqo4GDMIGAMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBQenSSl8MCY6ZMQFBzONWByR2HVODApBgNVHR4BAf8EHzAdoRsw\nGYIXbm90LWFsbG93ZWQuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAO1r\nDcXDVsb2b2KxAwYWje/mHAheWclOWrqmQAo/DFYXAiEAgOLpy3fbLUjCPLIGI6Ks\n0qvuA9cKG+MfqhdQprXvd6g=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwjCCAWmgAwIBAgIUEbk3V6rnWEK+MjDghRpLbKEz0akwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAExE4rzzHdCh156e3bsbfFSMLLlur6tKEIS2V89AwB\ni6JRuwLZHbcL+Fuq3jHucn83v4brV13zGpqHWcjxRgH5E6OBjDCBiTAdBgNVHQ4E\nFgQUBUR+FfDeIWg3wiSeNbOuKVCoLIYwHwYDVR0jBBgwFoAUcaH5+Sjv3zzRN8hp\nO7ch5scl6U8wCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwLwYDVR0RBCgwJoILZXhh\nbXBsZS5jb22CF25vdC1hbGxvd2VkLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cA\nMEQCICNFf2KvHMSQurdiTbJNljJVV+jUZSSQXUtuwU1PH8/QAiBKrFe/Il6ah2Ea\najfN+5MBUObBvJcRz0aw3hHAsBjubg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBxDCCAWmgAwIBAgIUVlbfqIADnZgqUmAKtjMKyxrUfXEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEdRMGxRDmJwfsr1yPVzHvCoSIWLs96RP4S4GRrLWf\noi9wJbA/kje59N2OOZROKkVNCYv24Ksv7D8S6IxI+dMmsKOBjDCBiTAdBgNVHQ4E\nFgQU49kgH3b7aI5X9npsQ8SxjiS0WxMwHwYDVR0jBBgwFoAUHp0kpfDAmOmTEBQc\nzjVgckdh1TgwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwLwYDVR0RBCgwJoILZXhh\nbXBsZS5jb22CF25vdC1hbGxvd2VkLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kA\nMEYCIQCmvq3IR7F9mbLkGpGMGyH5TU+y2AkDY80g6EpZToXg3AIhAPQfn6jvIHEC\nQ09tD4+I4pybnzJCCV4noPXSV3uIS3b0\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -734,10 +734,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted iPAddress of\n192.0.2.0/24, which does not match the iPAddress in the SubjectAlternativeName\nof the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUS5ZTFzvjB9+zriV3mP0llL6sfiwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASUpirHC/KY329yOPV2d9HRRu3ZaJrqsvp6Ox4+\nlomKN4ucBSC5jF1scJNmeBlUktODXuzbdX2V6JYCgIA4caKqo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMZp1MVlHplxrKuzgT+uACO3dpy0wGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0gAMEUCIAHjEHM5NdamYw5aY6EUIGRiJapx\nZ11ORO3AMeHooFmeAiEAjuiC8C89Py7lkGU9X0wPB3C8BT52gbLfdzx4vj+3LBc=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUFVXf+16XqjKLi/xStqHLIfWRlOgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATcxFT0nhDOyL9QHbc2DcoYS/mtI+ej9dp07/XK\nBZJFsNvM3pDdIBVubW+JZZlMo60vFuuagrLQ418sf0y40BgMo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUjFqyCe1aITn46uwzik1x9Y0o9UIwGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0gAMEUCIQDwtNyG+rgiN2K9D7hmzkdBoWny\noou/32mDKEz5VEBlaQIgY9J32TDyCh4Se4cY2Wav0jHcT1rDevKO5u0s+/U1pTU=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBoTCCAUegAwIBAgIUDJ2GRs4Qy7G2nPYuvTGQDKgh480wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAELRv6RKEkfGsnKRDAZIjxPZhjlCdn0hk1qGBZcHvd\nzfOU6tgW1IdL6AdlnaPvpeJTmzW6QsPOQkUIeloP2pXmnqNrMGkwHQYDVR0OBBYE\nFMyn4hegKAXcVwcg/rGz6aM9zASTMB8GA1UdIwQYMBaAFDGadTFZR6Zcayrs4E/r\ngAjt3actMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaHBMAAAwEw\nCgYIKoZIzj0EAwIDSAAwRQIgC0ifiZiSddAnqVvUIst6sy3NgfxAUtPlyU43dsI+\ngyECIQCTOtD4syfLDVVoowZtyXbqLzvVNQjcvXXyGDbdBn1lJQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBoDCCAUegAwIBAgIUZHVmHvKEKZfm0MwYOst1rvlP+NswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEVhMVKjvLSLlq+Rs40QK7M0+fCRRWvwCmP8NRIAIp\nEhniGNwcOAafdACDECoiF9LiME2el8qZRK+0EzeJsBI/HqNrMGkwHQYDVR0OBBYE\nFPi7eXc31FzO1z8spKko7ch2fqU5MB8GA1UdIwQYMBaAFIxasgntWiE5+OrsM4pN\ncfWNKPVCMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaHBMAAAwEw\nCgYIKoZIzj0EAwIDRwAwRAIgBfw/60CJDp+egpHkyj/tfI8WENE6GeIzh2G8s8aW\nhUsCIB3648jomeKreTqORv0zOY0/blDk+Yrpo5PYtzF3UoLN\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -755,10 +755,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded iPAddress of\n192.0.2.0/24, matching the iPAddress in the SubjectAlternativeName of the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUJAW4nqyWYtul27voSZz9gqPjNQ8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQzEbBC2+2MxxLYnllzB5LjaJ9m1ak9yo7jrpW2\np6tgBYFCDIEuuWI/JqvWcbBrbXK+vG3oaoxG1O2A83dpZuWOo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUR1/tz0rJeKHUyTdqEzsQQqZPmKEwGgYDVR0eAQH/BBAwDqEMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0gAMEUCIQDNYhKWsuCOxTjnYDi4kVwaJbCc\nMJTO4Wdy7G5egfEUNQIgCg9rYLbBs0J2KEYzP+qD5lXcvc8es/lT436rKDKyEOg=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUATpR2hx/P4FnEFlrVduuSVXb/SYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATHMWyjwqolk6a73JVPmS8fHP2Dk1ppF16bdSJ2\nt5tAnAjJz6BPieiijU/qJKdGmrPeXHvJSePC6NpwdYQ22BXMo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUNcv6yRBh38+ENWgppBJknbSz9MowGgYDVR0eAQH/BBAwDqEMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0gAMEUCIQCaWUs5iWqVXnfh7pQqQLcQa7xS\nXcLDGgt+bYPW1NK7WQIgOSC7DiQgBn17ntHvB+xaX/8QLieGLaFkt1vKz5eJvMU=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBoTCCAUegAwIBAgIUKRJTtT5PS8f92DLok2mYIo+/C+8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAENdK7loTib4ueCNKDMgT9RViySCKIxdEG+0bHrKFe\nGRINNn+c1Cw+NvVrkIrq6Kb8cdoXHguGIdrbOBptDfda6KNrMGkwHQYDVR0OBBYE\nFAI15vIjyHJaURrb+9ZcFDwKLJ4JMB8GA1UdIwQYMBaAFEdf7c9KyXih1Mk3ahM7\nEEKmT5ihMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaHBMAAAgEw\nCgYIKoZIzj0EAwIDSAAwRQIhAPQg1lCQu1GU1TP5MbNITQz6XZigsfQHeex8qcb2\nLOGkAiAOlmYSQiMxlNWHaRcBg1VKGSWqcf004hyX3o7tE5Sy3w==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBoDCCAUegAwIBAgIUGzbZhuJWa3mNqXaueWG+xzBfKGEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEpWGnaEfGaBtc0AXplHektVez4h5b50caxNxanvZP\nw3/fGaXbmMrqC7BOKV1gmtq8o0duR2bb3L+S+sqou7W4sqNrMGkwHQYDVR0OBBYE\nFIlxB35/kaZh/86ZyCMgy3z5+knyMB8GA1UdIwQYMBaAFDXL+skQYd/PhDVoKaQS\nZJ20s/TKMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaHBMAAAgEw\nCgYIKoZIzj0EAwIDRwAwRAIgBk71IAsvZWy1i1lyQpaLWrwOF5cOOBoQro9sPcqK\nnFQCICE5Dmo++O09bDihsFsHcMesHTHHNAZQwuTTO3SOICaV\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -776,10 +776,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted iPAddress of\n192.0.2.0/24, which matches the iPAddress in the SubjectAlternativeName\nof the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIUKSomRz5VyGgI0xJGQUND/bwFPmEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASionzJJUjdKwBM8o8ooGexH/i7kqfUAFPenFIW\nqNPLcbGHsY7s3E/lp1G4ttr53RJUWNg2RRq6Fr4mela6LieKo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUXdcAt5BNPnDkn3xVi2WnCZt9dKswGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0kAMEYCIQCQktbMKai1sK78M7i6N8VeaQgV\nSBgc+8jL54FoNogZwwIhAILn+ATgBbM6LkG1jQqQjqTkCOsB9jDT74GgDH0uwSmA\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBqjCCAVGgAwIBAgIUDE6GCy68E7mAEVmsuQu3SubuSFEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATQaOqKopYiJplQEBhTi5KgblXhnKNEPjza0jVY\nAdnAPRbmlnFFFPYw83rxR1z3vRl5SnPPDg2rrsEeFtbKFYNho3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUJUgrWnA4bedsmXnu2WeQ0Tdn0DEwGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0cAMEQCIG9fAn70DT5Zsad8RdaUCFkT1ayF\nXZgdBYev2M5G2pjgAiB+ot7et4xdeOpmadp/YBhG+/EbzbNS8fRuDeb49o9aWA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBojCCAUegAwIBAgIUA3pUkZuT6GQP6PwmYoOYtIVivOgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEbqwF5Y0LJIULru7vP+lE0LH9+0wUHT/VIVme+Rk2\nWRyYHsMPTlldehelq7KhEEnrhdrJLCpuoEPnYOQF6clKY6NrMGkwHQYDVR0OBBYE\nFLeRCQ5j5PSpBFgYrC9E1NTOBI61MB8GA1UdIwQYMBaAFF3XALeQTT5w5J98VYtl\npwmbfXSrMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaHBMAAAgEw\nCgYIKoZIzj0EAwIDSQAwRgIhAOOdN5O5OARE2FAYClcWVn3Mu6NKaeEHUdFKctQu\nPxmcAiEA2B6FGZuqNcaeLr4n+tGnDfvh/tvzPnepI6Gdmiedtys=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBoTCCAUegAwIBAgIUMzE4LJf6HZxgWZwdjaaDWbsgY0EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEvYqkeJ3Mf5Nv0Fvav+y0b8+FrZgfOl2nRzuCePyS\nr+2cbX2kgw8L/Ok9vCgPavHrgQKCGXrYFW3jZPMC/sHD9KNrMGkwHQYDVR0OBBYE\nFIHCzQUHeUGLE3Ih5T8SA/KZcqDHMB8GA1UdIwQYMBaAFCVIK1pwOG3nbJl57tln\nkNE3Z9AxMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaHBMAAAgEw\nCgYIKoZIzj0EAwIDSAAwRQIhAJuKvvjSUr13W0wvxCIja5bJGCsJKbrUrlZZ1x3X\nzMK6AiBJzg7zKmQ05lxtdTbhi3vo7CnEbDbKaqH2FYzo6c3uBw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -799,10 +799,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted DirectoryName\nof \"CN=foo\". This should not match the child's DirectoryName of \"CN=not-foo\".", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUcqtCpYi0y7xmJ3M389REb+vaQ2EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATw7LdVOHo3sn7hj91oqzULwhvV1xbP4i4TTjf/\nSDCVIbICLumpZY3351R+QDZKnBVIm9X1astW6AJDxKw2+dNpo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMKxDDybeU6XsgCVhceCWrt+9r8kwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSQAwRgIhAO2tcQhL/GNBRPpI\nXyc5JIzaz62D/5RwgVFAqInqEaI+AiEA7S1KUnH4zeuMoXWpOtHTIoCnJEBxWVSW\n8knDuZ0btzw=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUULUxihnZyg0wkl/7Lk9RjMab/cUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATYtQM5ovoYu19wVIfQybqvlkpx6slEfFa8UMeN\n/iX8AJgEeyUJ4T1Nr+GCZLjtrbVSoMsb/6D9FNrqpWPNJM+Po3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUqBHYBs3luysk07O9h0q0JifnyewwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSQAwRgIhANZlhRErsSEKWI3e\ncHpIA8woYrjQYXATD3G0lUfEU7SxAiEA39YVYZLq55InTYKyV7ToXgpECWcgz2uA\nxd/k90hLVQI=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIUPDWHbgpSyZdlYRmQSPuMV29XY1EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjASMRAwDgYDVQQDDAdub3QtZm9vMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAE5xHq+b6gmPQpixQpFk6cYgttI7U5NaiZOUhnNseSc/uUtwyS\nQlHdttAHJDpTs6yGkCDw3RicqAqRj/T7t3TQ96N7MHkwHQYDVR0OBBYEFHwuPgn1\nT+urICUmhGrsqMYR3GRgMB8GA1UdIwQYMBaAFDCsQw8m3lOl7IAlYXHglq7fva/J\nMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMB8GA1UdEQQYMBakFDASMRAwDgYDVQQD\nDAdub3QtZm9vMAoGCCqGSM49BAMCA0kAMEYCIQCjsqaV//2THyzGAGSid9su5+4c\n5WOJU5OpDJ516v/mvAIhAPvZ0pBstI/ISFvr+SucxEBw2zkyzECOMxwV8f8NneDQ\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqjCCAVGgAwIBAgIUXU0UgWp6+iUodSAC7kiDSz1vm6swCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjASMRAwDgYDVQQDDAdub3QtZm9vMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAEHgxg4RTmqaQG4aYf0zIM5owNqgW99MUmB0X7LGRBHXv1sYGf\nhq1t10boAn0vc43sfMH4+5Q202Rf22a1xqIkK6N7MHkwHQYDVR0OBBYEFJh9M5YI\n6kf2KA/YG92SGDAcpSkLMB8GA1UdIwQYMBaAFKgR2AbN5bsrJNOzvYdKtCYn58ns\nMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMB8GA1UdEQQYMBakFDASMRAwDgYDVQQD\nDAdub3QtZm9vMAoGCCqGSM49BAMCA0cAMEQCIH1TQ/Db2ncs4DivztzrWz+y7gl0\nkl0SbV4ZqK1Jv2FpAiAEvQcnqTQc+q/6xMLveXZRaKJ1gSYR7jZmLmc4YlThaw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -822,10 +822,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded DirectoryName\nof \"CN=foo\", matching the leaf's SubjectAlternativeName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUax7GV+OEtp9y9P2edh8PPJMfLjEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT1SU/iznqDzvVLwpn6WHmnkXjZauQV5ufbxyxK\nDPDQFgWbTnbOd8s+Goa0mEX3OpI565gD5ERogn23be9p8Pkno3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU4qygiQAXOQkNF1YKJUCPvyBVNW8wIgYDVR0eAQH/BBgwFqEUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSQAwRgIhAJwyKveVMNaQnM5i\nJI939Ol3ZrDYXFtz7PA9JpBsyzSAAiEA95e+Wsi1aPwMH0CMTY73pNi4px7Qc/KQ\nrRdWGFr2YOU=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUNfIaYNdJ4zS5I03SjgEYzr2MW7EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATbrqv88G3kCbUyKBJNAUmHfTyDCl+6vLUggiB3\nfmH4/fP/b0+7QwVWtpECqwQNqgiHozxmPSh3YfcSQNN/A3Kno3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU6VLWnWwWS/CNPGe6+K6lXUF8jR4wIgYDVR0eAQH/BBgwFqEUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSAAwRQIhAOhEtaMVUdFjSsvg\n9uNT2clb8ubrEpcJ1gWvOhjEzJA5AiANXstTYxSg0zmJlfPamt1cY+0RsqBLJeZa\nPdg4sbolOg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUcITSMTejyE8UTtHIhsIAq/UFahkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAS5qCeBRWBLAyyRBY9UYDcK/x5m/ynprpjn41PFbLyRv/D/WVF3qwp/\n9yKV0E0fOE5b8HaqTVBRKSxzsFyjjSdlo3cwdTAdBgNVHQ4EFgQUDmOwyxQH8MO3\nf1clhjF2IrGDmIIwHwYDVR0jBBgwFoAU4qygiQAXOQkNF1YKJUCPvyBVNW8wCQYD\nVR0TBAIwADALBgNVHQ8EBAMCB4AwGwYDVR0RBBQwEqQQMA4xDDAKBgNVBAMMA2Zv\nbzAKBggqhkjOPQQDAgNIADBFAiEAt91QNaoyuYn7c4tfHIQCYz8DU9YjLKo9A+Yc\nP1thucUCID2SPdgA7QJ4ErOi5c+tlX4tD8+dAlG9ENwkW1cvaEWQ\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUJhuiJCp++V/AH7i4bzuR/8wvrw4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAQF9gM51rt40evzOYLL0I4qh5u2Uyla++MI0AsEDJwXq7fOH1n/2LHL\neQjtmokaOo6WlRcjhh+A5LXMbr/QNUKLo3cwdTAdBgNVHQ4EFgQU7I5ycAf532Qj\ntC/ZTqxpJCr+aukwHwYDVR0jBBgwFoAU6VLWnWwWS/CNPGe6+K6lXUF8jR4wCQYD\nVR0TBAIwADALBgNVHQ8EBAMCB4AwGwYDVR0RBBQwEqQQMA4xDDAKBgNVBAMMA2Zv\nbzAKBggqhkjOPQQDAgNIADBFAiEAkH+N5Z0n+sOsR76qbAFBY0JJqUU05tgi6TFv\nl4QvzcYCIA4hg1KGtzc+nGiEoXXDC6LB31KjqnPABPKb1J6X+Q/r\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -845,10 +845,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted DirectoryName\nof \"CN=foo\", matching the leaf's SubjectAlternativeName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIURRtn2m0kc7FUBlizp31r44tZR+MwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASmeGGmHq+hQseGJ4bUBn/052XkQ5DaC1Fg8Txf\nA9+E5gt0rm1FlkY/H8EjfK4dvcaVTkBH62AFvRzAtp6NgwY1o3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUEvw8Cyf0nkSClVEZq4aLBC6JbzIwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDRwAwRAIgNsBKosYWdqSN6yf7\n7Sjf11J6gsBmAXvKnHuWvZPPTksCICU7oSeJDOAObKRdLeEQ0kzeN1y5RniBQVde\nJTBXnh3H\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUTBCkzRszyA/EJ3Vo2ms7UMCzB50wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR1XxB82J4+KZ/+nQ7rhYEEh8iViR3GGedGNiPO\nIRk1gFUiyI4gHqRdH8TIjVbAvhHU0uuSPoA7CiwPUlHTqQ2go3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUvyyDAFoWGjkQ39BMEOwyt7eobLIwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSAAwRQIhAIUJpCy1K1CFVfe0\nBEaOihcwf8zI7GUDVxBes99dSgwwAiBG2cz81DlW4B3v4z1HqbE5Tbq7jQWH+cQX\nyUtAfgQonw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUcgcL9cBcIsq4NZHBmL/WPRooAO0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAQov8HFhPj9+4nBanzbI4xquIps0/GgoKYkFhKNdQu6ej6pVyMTY70L\nD6DFawEG4dsBiwD+Hm6hEys19H0DqdTko3cwdTAdBgNVHQ4EFgQUf51GI0V4T20r\nM85KQoiJnBnbkcMwHwYDVR0jBBgwFoAUEvw8Cyf0nkSClVEZq4aLBC6JbzIwCQYD\nVR0TBAIwADALBgNVHQ8EBAMCB4AwGwYDVR0RBBQwEqQQMA4xDDAKBgNVBAMMA2Zv\nbzAKBggqhkjOPQQDAgNIADBFAiA49O+V/TrmZCtEOaGovJqBAy6qbhah0+yly7Bp\nbBTMGgIhAIFq7QlBusuva0lRxbWJlCUQFvhcjVLfxQbqOMxcCUX2\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBojCCAUmgAwIBAgIUF28a4s2UWyd5mCBAxiaJvWTE7owwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAARCg1UCzxlO3K4rAdWWm1k6cXE8tbXpxElN51Evz0iWN+l/C7jf3Ajt\nvS1RcGClCmTCFYUGEXCLRcWWMGcwOtrYo3cwdTAdBgNVHQ4EFgQU6KiQHFF/fMIL\n0cwlK2tsvqQXqSQwHwYDVR0jBBgwFoAUvyyDAFoWGjkQ39BMEOwyt7eobLIwCQYD\nVR0TBAIwADALBgNVHQ8EBAMCB4AwGwYDVR0RBBQwEqQQMA4xDDAKBgNVBAMMA2Zv\nbzAKBggqhkjOPQQDAgNHADBEAiBnhghAYxmR3QRP6mTQmZEV4WX5Q7GgDxRdRV6W\nx0p6VgIgJNafKQRZ25d2f07y1BPUXTH5Zo9XPfH28wFmWNyWYfE=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -868,10 +868,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted DirectoryName\nof \"CN=foo\", matching the leaf's SubjectAlternativeName but not its subject.\nThe leaf must be rejected per the [RFC5280 profile] due to this mismatch:\n\n> Restrictions of the form directoryName MUST be applied to the subject\n> field in the certificate (when the certificate includes a non-empty\n> subject field) and to any names of type directoryName in the\n> subjectAltName extension.\n\n[RFC5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUBCjbf1+pnD+8k87uqO+OHgSokZswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASR3sQ/4h7lQrkPnJ9heo4/CiZ3jgPyzAdLixAz\nR1Yc9KeiC7K/Y2U5ON6C2//VKC68WCamQOk5+F97F+22V8YMo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUocfU3RLa3ei372QuL/O+awc2YZ0wIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSAAwRQIgWYoaaXvyyVXGnGKB\nFZYmrkNntj7edCi7gUtD4Z9FDvQCIQDh9yEpkC8cgoCWaqPYKTd+G+2ftsNSoAK1\nzKDyIfCiyw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIUICe75hWAxmlE0crbWGlqFwDi+vIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT/4C4PVVV90Ta4NNjz5JWtn8mjkjI2HYiXXD+r\nrEGt1b+RMafVRUbwHEzZAQvx9CRfAOMmWHuXtICZXIra+knvo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUmf68XuFsh8MPjurPBquzsKaFyFIwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDRwAwRAIgXQYSfOaCKVUBCoU+\njvohjl8wFqPidqsaSwcZ/pddfhcCIGJQbQq58YtXbNQUR8MVdQZFkHCyuYcsdV9h\nhMsbnJT7\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU2gAwIBAgIUYiapyo2fRQx6XsBPHBxgKf239JUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjASMRAwDgYDVQQDDAdub3QtZm9vMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAE6cROqNYNu5j6vU5WSIoM/0SJUjDyKo/g+0SYKoy0IBh7hE0G\nrFQjsG0WLmBRtlemSwLSbvCZ36AwIINxvQkwEqN3MHUwHQYDVR0OBBYEFDDUDYUH\ngEMGG9kbQLSTn/YgorH/MB8GA1UdIwQYMBaAFKHH1N0S2t3ot+9kLi/zvmsHNmGd\nMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBsGA1UdEQQUMBKkEDAOMQwwCgYDVQQD\nDANmb28wCgYIKoZIzj0EAwIDSAAwRQIgYS7+IZmy8ycpgSoZvMspeh+WNHuDy5Zv\n5MGEYqJgktUCIQCVqjxno5NKT0tOUYB/d3F2diTfoEExX5AmI6R4uq0Tvw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU2gAwIBAgIURGos8Ih8K8PEVBjJHcsTqoBlN4swCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjASMRAwDgYDVQQDDAdub3QtZm9vMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAECk0+fpJ60RCHZd0fbR0qRo74ZY2kGO4S9+e8kI7A6GXzulfe\n7EFbaRXdoYLd6+3o5SitkhaCTALNBbOfIoeUSaN3MHUwHQYDVR0OBBYEFIdTVZlu\n9NWbOYXO/dK7+D27PDj7MB8GA1UdIwQYMBaAFJn+vF7hbIfDD47qzwars7CmhchS\nMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBsGA1UdEQQUMBKkEDAOMQwwCgYDVQQD\nDANmb28wCgYIKoZIzj0EAwIDSAAwRQIgPGWEYs6UzNpI+/Lqu01wvwvhXxa4gqy5\nT4NriseZMHACIQCEYid7msmZ+UgeYalydZeaE4oaluMAAoX5PalD06SNKA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -891,10 +891,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded DirectoryName\nof \"CN=foo\", matching the leaf's subject but not its SubjectAlternativeName.\nThe leaf must be rejected per the [RFC5280 profile] due to this match:\n\n> Restrictions of the form directoryName MUST be applied to the subject\n> field in the certificate (when the certificate includes a non-empty\n> subject field) and to any names of type directoryName in the\n> subjectAltName extension.\n\n[RFC5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUaO3oL0aYp4iD7+U4Joi8lne6lkYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATPIbyNTkrTQt4WGK9WCASHw7SV5gHhqoHGordv\nwJvdAR4Cz8UViUblF5DR/q0NCR/8hOIX0jChENQ9cx9MSykvo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUJzqCBL5txkU6phW0t43NOgaCamcwIgYDVR0eAQH/BBgwFqEUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSQAwRgIhAKqiCgh6Nve73UF2\nUZTicgfNoykigXu1uWfWkMrXCG1GAiEAmc4rGWfP0VY0Edq53GEiY5AdUwuCovkl\np/OVV7SdpI0=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUYAG6PaicRIyPa39aW4oNBJwCF7QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS9sTvyzKhEmhAKwgy50Yk+CKbb00AF5MWkU7RN\n6X/KiI0h0IUL54keNaAlikoS0MH3g3/hhIIIZIPaWnys002Jo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMkNa58KGYVx8bGXEUvKH1eCO3oUwIgYDVR0eAQH/BBgwFqEUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSAAwRQIgDnBHPN9wLdaGClgi\nAOEpaCoL6VQoRmeMEctSaNhp/8sCIQCLlIANZevpme9QFraNJLkMC1VVIr4UIsaG\npryLNJ2/Pw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU2gAwIBAgIUf7EvCG4khLAR7lALfu7exHb24cwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAARZ42ayW7LbfPF24+FT4zJkhy4P9EImzPA+wU5ha6cRrCfny2vg3frb\nisdUi8rRD/J8AE/DRCkaghkU+9lT14hFo3sweTAdBgNVHQ4EFgQUlm92RPGRJHPA\nobvjyqeFYk0Ot4cwHwYDVR0jBBgwFoAUJzqCBL5txkU6phW0t43NOgaCamcwCQYD\nVR0TBAIwADALBgNVHQ8EBAMCB4AwHwYDVR0RBBgwFqQUMBIxEDAOBgNVBAMMB25v\ndC1mb28wCgYIKoZIzj0EAwIDSAAwRQIhAOhYlK/FyRAPI2S3H3lHU/cwCDaH+FBI\ngekOGRXr3T7zAiBDLSsdvDm4Q8ZQ10megMIfcI+5YQU2Y4FB3CJnCWcfpA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU2gAwIBAgIUfKxQZeQnxtKg6puwxS1mECY8+qEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAARaEFbfU3zHVIB82rhWU4JXbzIIpj54roTFIdOkLg5CS9d/Fhha1fqg\nAQaMJeUgLs/1ePfqSTho0StR6HalheVlo3sweTAdBgNVHQ4EFgQUOpOJEUZt2JF/\n7khCabZbdHL/GQ0wHwYDVR0jBBgwFoAUMkNa58KGYVx8bGXEUvKH1eCO3oUwCQYD\nVR0TBAIwADALBgNVHQ8EBAMCB4AwHwYDVR0RBBgwFqQUMBIxEDAOBgNVBAMMB25v\ndC1mb28wCgYIKoZIzj0EAwIDSQAwRgIhAMvhKRuyUlvHQQyUb74Z9Y+Epyy2T3kH\nLhZva8Q7axtEAiEAxdKA/yMfDFnFreSiyP4W98GE0KRZeWzGDFRRGmY7wWg=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -912,12 +912,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", whereas the intermediate certificate has a\nSubjectAlternativeName with a dNSName of \"not-example.com\".\n\nNormally, this would mean that the chain would be rejected, however the\nintermediate is self-issued so name constraints don't apply to it.\n\n> Name constraints are not applied to self-issued certificates (unless\n> the certificate is the final certificate in the path). (This could\n> prevent CAs that use name constraints from employing self-issued\n> certificates to implement key rollover.)", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVigAwIBAgIUdklcz7PUHE9F5hJgyMaYpCj8Y5MwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARgmm2bESHf7gHsmiLsoNrUreKoXjIDvvkvmjd2\nslP11z+sWnXm8JqWyQL5wpSOpr81utmI08oB3IXP+VaYeVO4o3oweDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHQYDVR0OBBYEFCEHWEFA0MY5Ln0669r57qXTUlF+MB0GA1UdHgEB/wQTMBGg\nDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBy8j5WSLSfKP6LXaKq\nQoZWYfk6NT+Dm2NUCssRfSVxcQIgIKyTPERPgcr3lyECAIB9ti6Oczom6catGg/d\nWx8tfKg=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVigAwIBAgIUClRoKHFxK7JJ7Fwgcdt9T3OachowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASj0j6mWT0vMKSAAmf3ffkgxwcK1Eo5I19nIhJ5\nDNZ6RvvMh4jK6hyVtuZwCpumFW1zeDCApl+lsaxnDCl/ox18o3oweDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHQYDVR0OBBYEFE0gdFri9ZOxnEqpXs5Aq2uf2WimMB0GA1UdHgEB/wQTMBGg\nDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBnHPX2dO7oCKz8eg0Q\nY2fs44yyZF2w0GrJnPFJC/H0jgIgb9oFS+6QnHXbIXDHsCGUgY2y7BJBaREzEhPX\n/eG3vrw=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBszCCAVqgAwIBAgIUUdh4pIXddX81wF3mIPKz6oiUf98wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQumHwMNuhfaaKbDDpqbMMWprAr8n5e0999Q/Vl\n0sMV0N7QFEdTOXeNfiU3qXr+yG+WssvIEgbn8Ud4L776j6dxo3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHwYDVR0jBBgwFoAUIQdYQUDQxjkufTrr2vnupdNSUX4wHQYDVR0OBBYEFBCQ\nwOPmvZY+qb+oqDhrh0SjbXnFMAoGCCqGSM49BAMCA0cAMEQCIAop8dEQ1EHJRpPg\nTh5QI1s4vWpZTtXx8wZFqTLw+nAiAiAeDseMwX2NN8QfDnXrSBFSp+Y+hEs/K/T8\nA37J12FV9A==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVqgAwIBAgIUeFThrcQkYgH/s21TYuXyRBP3Bi0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQtDevoZOtjmUrL2CWGwUe9On/rXzP/pfz9xL2z\nJuG8TX4a/nloYGbKKl952L1kHKBkzpT4h/QpB597kxaVEPhOo3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHwYDVR0jBBgwFoAUTSB0WuL1k7GcSqlezkCra5/ZaKYwHQYDVR0OBBYEFN8L\nqCa2Ju36R5Y+/B+f6EuIy4ZWMAoGCCqGSM49BAMCA0cAMEQCIDGyq51WeEKw4+y0\nl938drIvhALMSzmunLOWtjOapkNWAiBLG9DPGQuV6XFMsUhWgUgyEFg4nlG/SWx4\nisrAcAuNtA==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUdpnstk0S49wdfIwoTXTQq0ESv0gwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEj52mGbeSRpubHQf3oRQQIilfEloZeFKqJgbrX1Hg\nrb8lzZu8XgS3yPv57GtUBpGIE7pqgrvLavj+Vsbb2y3OIqNyMHAwHQYDVR0OBBYE\nFDfXSYHoo8Tz+rKg+KaOgYQvysM9MB8GA1UdIwQYMBaAFBCQwOPmvZY+qb+oqDhr\nh0SjbXnFMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCID5rf8QhZbhXJy8VrPo9Z6syXHF/ovN7\nqRdgWOX2QLN8AiEA2i9XhfXI+OpmWNj8GSYleyGLEwjW4hlBcYYiMXmiHM4=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU6gAwIBAgIUGj7sFjGic0y9yB2jY48Ckk5YEY4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEErs432rvkizC9kN3PDTeuc4F7gqpKy1KK7nEMlBk\nI1dmOv7qSq3PVVlRO4V3BFb/rnmamEDGD9qk+rodozJ566NyMHAwHQYDVR0OBBYE\nFHRaS7724BfWfTPdHmNNasDzGHUVMB8GA1UdIwQYMBaAFN8LqCa2Ju36R5Y+/B+f\n6EuIy4ZWMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQCLiy/o7cK8kDwHsZGuzQsivqP6Kapf\nrybVpu+8QwGZ4gIhAL1TeBoXItAi8Xb4st+rIevlz0TJ081sngIdOgt387e/\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -935,12 +935,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", whereas the leaf certificate has a SubjectAlternativeName\nwith a dNSName of \"not-example.com\".\n\nIn this case, the chain would still be rejected as name constraints do apply\nto self-issued certificates if they are in the leaf position.\n\n> Name constraints are not applied to self-issued certificates (unless\n> the certificate is the final certificate in the path). (This could\n> prevent CAs that use name constraints from employing self-issued\n> certificates to implement key rollover.)", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVSgAwIBAgIUIA5iBH2FhR3175HG90/eYIItu3IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATDRw2i0Y6aS4sIftvlUfQgshQ56674bv8YxHrI\nARnrlWikRvuYoMjsOVKeHPW3a5B3qv5wtF6iUcb8sUUMTXCGo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU/Rj5agiwtq3vruszZ5gr1iUJwTEwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIFvAU4fYt5za43Dimc/yipZc\npSbnDhwHpM390avCrktMAiA0MZqRz6w5R8CQfgQHqp30R1eMAJanLKZc9ocP14Oj\ngg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUGHkhzv6o6IoKjUM8vozN7UN5A4MwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR9I0+tUCa7JG1K2hvq/bGM70Q0HFzJalJRZLLB\njb4/IYWZLSJk55iwfA+/4J1OLV4ADD0BL2ehc8LqFxxAap3po3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU97PqfiJhvPycyo7th/sUEPPZM6gwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDI0vlnjXckgkBZmyfm/66C\ncEV/H1da6+im3ZCr68uv8QIhAJy536zvn+kGTgev/LggvNpDyiIyNa/2awwM/jsi\nZ07x\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVqgAwIBAgIUeeQGbjpS/556vDbm2XqLta9f6U0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARbqjabMskQke68kKUsqHvCexegUMtgMlE9yYxS\nX9uLEyeChSSkkEiKtzDF8e+ieg+4dzJeNegBjZwHCfMwW7r3o3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHwYDVR0jBBgwFoAU/Rj5agiwtq3vruszZ5gr1iUJwTEwHQYDVR0OBBYEFDSJ\nZN9qPvV3ar54gCzwQh0DdV6NMAoGCCqGSM49BAMCA0gAMEUCIQCTyrYElWZk7nTn\nEEPid9/wSmRtN+NC9P4+iAVW0kAHhAIgCd1VFL5ySV1gT0suE68YYD3Sm2ybWwRe\n3v4XXqv5nJ8=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVqgAwIBAgIUaAaaXBkqxk7PYL1+EunssXoW+VEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARQ1MFp/qNlROR0Iw8gNn7Q2QU5Cod2QWrFSj8o\ntYvPyerzwmLUxOkgEZ1FzalwyXKoiUiJGzX+saHChkflE4hRo3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHwYDVR0jBBgwFoAU97PqfiJhvPycyo7th/sUEPPZM6gwHQYDVR0OBBYEFF/i\nwE9M8XwuAqoId07ehkhUqhEzMAoGCCqGSM49BAMCA0gAMEUCIDLx7ocNbSKDEWfh\nZftE30hxWIDNT9lNL04NfIQiG8pgAiEAn210S6VE7XFostQ6SJIh9HCeTcF6XWuz\ntHdhKsFg2os=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUNeQuP5Sw8mU1s3jCxQOM6qJCLqYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATn9OiN5H+rO0mb8TSqV9NF02dQWA/YFieKLAW+\nDYnqIY6zVV2nl6pj4Z+1jVIDYJVDkGqb4Sp6+N4ra8UwLpIJo3YwdDAdBgNVHQ4E\nFgQUjkiDyhSaVJZ9UJDpfVTULXTmT2wwHwYDVR0jBBgwFoAUNIlk32o+9XdqvniA\nLPBCHQN1Xo0wCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwGgYDVR0RBBMwEYIPbm90\nLWV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQCh7aii39ujCWlIYTz/vOKe\nYgAoMMzlme2ynNLilxLjqQIgX7OtVO3E28wGfNpHHCRzFiu7p5eaVsh1CHjHOWga\nZ4A=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVSgAwIBAgIUdEL8xp2DvEYya5+3VK28MbgvnUQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR9de9Lbebh1CbmPzj97ti9DYD9WEKGjd9hN4UI\nYlaGfabYNme4ooU0Bx/NXJG4WHhE9aZ/7o3wGG6E9duhcpbgo3YwdDAdBgNVHQ4E\nFgQUr7ynrdmRggxbRP/TeVVIR+oW/sUwHwYDVR0jBBgwFoAUX+LAT0zxfC4Cqgh3\nTt6GSFSqETMwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwGgYDVR0RBBMwEYIPbm90\nLWV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIDyizsFBTgPuxV9yRzqPq848\nyFgRMSXb8z7t/qqZXcuzAiBepTa76JkSGn8DpbSCF3kpM27t5NOwfyWI3+vkN1Ok\nfQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -958,10 +958,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted and excluded\ndNSName of \"example.com\", both of which match the leaf's\nSubjectAlternativeName.\n\nThe excluded constraint takes precedence over the the permitted so this\nchain should be marked as invalid.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBwTCCAWegAwIBAgIUXhelWl27afT20ppHRjZ2pm30eV8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQJjJTdkQKRiowFjy6M26vb//LbMOygnv9mNnra\nf7nvzmLQzKHCjP5HvwGgPU+vMRn1ahLnR0ayvZ/9SZ/qNkwto4GIMIGFMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBQ5R5vOXD0lAjHPgGZAGU/3khBw6DAuBgNVHR4BAf8EJDAioA8w\nDYILZXhhbXBsZS5jb22hDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBF\nAiEA1uj/pYS+vtM0PH7n9RBYYb1iHpigUc4L2xhgSrZB/U4CIDncjtNyD5iZqqWF\nNVOJ38OTD4oNAjj5qLXztlX5uo1s\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBwTCCAWegAwIBAgIUSnwewg2Tc6MX0FVgt+MJAetvbe8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATdJ63Cqj9xFqZYcFrpgRG/XAMguqOIdkkxeLej\nlGY4AEUq9Go3DkExlstkRhdmm7ErQxK+TfoqcnLciXK9EXKNo4GIMIGFMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBSYpchFpoSkj0EmNAICU+khLELLVzAuBgNVHR4BAf8EJDAioA8w\nDYILZXhhbXBsZS5jb22hDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBF\nAiEA7wLoHf7zGMkJvwoLb570G+gFAxXrtdvS8aN8hh68gYUCIHptBj4+rxLnPu75\n5A4oyPJTJ5R20dI6SmeJTVCJsb9F\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU6gAwIBAgIUIBFIDwXsW2kK5ZAaO/TF4Q3bKMMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAELL+3G9nOUCdPmF4Q3U74x3InEXpakSxcJw/gJlJE\n1VErUsm9DDxYrFdI5gL5SfZX24lnf7aXHS3THd2yxDikZqNyMHAwHQYDVR0OBBYE\nFFQQhEoPazmoYk9dqNdsdPxQcflQMB8GA1UdIwQYMBaAFDlHm85cPSUCMc+AZkAZ\nT/eSEHDoMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIArMVe+WarpBamJOvoxBMPzxT3uv9UaH\ncBZqbG6oDY5WAiBIUgfxavdbEB6StY0BMPN4XUs5t3HrHlGQ46ePJhW65w==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUeY+tK/b4fD/i1Oui7AupdogTo3AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAExtbTM78gPd408wu/9lc6YdGq16uV91DnM/UKXSf6\ns608A93kDSkPFEcrhpHh8eroMLbCUGEjK3fEgjRSz4nj9aNyMHAwHQYDVR0OBBYE\nFJKsCHxj6NaN6SxoilpwIWSYjVXpMB8GA1UdIwQYMBaAFJilyEWmhKSPQSY0AgJT\n6SEsQstXMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIEXhybAbR+oJloZYk+yb7VcR8S6munuO\nPE7sjZx9oDE6AiEAndyliC/FmpHyROj86cYqnMlIZzzz6so95ojdcH/ocko=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -979,10 +979,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted iPAddress of\n192.0.2.0/24, while the leaf's SubjectAlternativeName is a dNSName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIULN/29E0DdP7B14SHO6lv8ezHnA8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARpk0R3ZyjEI0U2n+sGSiQwLaGkzagrB9o6IXRk\n1cN2TUQ2OmH+Ig5Oa2yJCao2hlxDMaChJPXJfInmENafvrcGo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUiQ7lmpuKzzR0BKPxkt0FuJ6o6JswGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0kAMEYCIQCH2O/SGMPWCFeFXp2Xb9v9Tp9G\nzObGE6tutVzJVdHrfwIhANYm9I3X4ahgTlBFsNKylSG0msukEWcW+hqSES2kS6br\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIUUqN62S4ETzXRpEifclOOL4EejHYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR04u7p+O+PRPtdnvsAVhoENgjA+NyWqAYbUZY+\nNQX5FiS+KVbzOwHA7YmRg3FnsUVgnKF7ED1ubLdw+tkajfRco3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU3VNFfY0vyzWw9zi73vwgE4+cw/8wGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0kAMEYCIQDwg+W6xmn59jRB6eOS3xJ2BjQz\nshjIX9qn0sN3xuxhtQIhAPSD6J+qZt3GAu5BzEcrh+VOCnriDbT2pFB3sJw3qECI\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUVaYztJylYl4c84zjDC9P5C5GeGUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAExfujb1bFaq0zxwvG30yoU1mkklDpba4DQAmpt1cV\n+xKjtwBS0SLxFn9dSYGczV2zsatV1Ha3iHNbHNnqgKvoaKNyMHAwHQYDVR0OBBYE\nFE9VMgeeuFp8ruQz9O9M9rGqWfE4MB8GA1UdIwQYMBaAFIkO5Zqbis80dASj8ZLd\nBbieqOibMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQCufRUJaSXWDGuyBOjjXcvzr23rBm8n\n8nAjRl90KnoKfwIgN4fMzgrBwRGkK3z6kRQOeBTw9JYbM13V9CiKE0uR/LI=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU6gAwIBAgIUMZSrBrZo3grHKVHmggz9cs5Em4QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEuWPBqnPe20IJZxQAbdZxYTPuFwZWXnu/Pb3HZtpP\nU/6G2t4/t09tfJv21JvvMy8XBrPurTDGxGtysNb2A/9tw6NyMHAwHQYDVR0OBBYE\nFNCqyP4yRp0IzCNc6gRzGY3Fp/63MB8GA1UdIwQYMBaAFN1TRX2NL8s1sPc4u978\nIBOPnMP/MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIAXj8hXcOC5j1LS8QnMn6ujMd4Iv+jll\nxRAwFdfQQViJAiAymWMXu5MWox1H0RbniZO2K2F9NiBSuxNKt4kD+3P9IQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1000,10 +1000,10 @@ "description": "Produces a **valid** chain with an EE cert.\n\nThis EE cert contains an Authority Information Access extension with a CA Issuer Access\nDescription.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUAIVw0cyIHRQRJP2lLFL1fi7ST7QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASM6C5VD+SeQsAwhOSop+4zpWD5uL7+8majFub6\nr4jNSMZ7DaQFqfudSNDcKON+ZH12qZ9CNlKzUDWEoK61gQoUo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUlBHZ80fDjsGTX2Sw94sF1PIIjUQwCgYIKoZIzj0EAwIDSAAwRQIg\nW1jN4kWYrHAvHFluIHhrpgkPuoeW0d58TRwgKK/OerACIQCbySNsAr5iq7SpqtJU\nSHvRRMQX5J1IQP/4pScDAJctJw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUTdUnCuM/IL0H7aOD7YwTvbvsebgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQTXbDZ6weCKj9g7J7143o+3vQrKxYKI21yAUSC\newn11W4LTMcgbVHO/DhDIqLJYTKGHUDdZNr+HqRfmPNp1mzJo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMyTD39H1uGh0tgNczOm+cC2bQhMwCgYIKoZIzj0EAwIDSAAwRQIg\nQSqrnywb6AZyPm2wpf/q9sefSN1JX3BYJhEuttwFVNECIQCf3bIY8b+aZnoqmq5A\nAUTsN1r9Rrs7fghiN+AIQBt6EA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB0jCCAXmgAwIBAgIURrrJpw099cMebXJKoA6VM3dnrbcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEU7b72t4ipV2aDUR5pHE7tAlCj7E8oSbNIt/A91wR\nf4XdW7Q8P8SKir0hfHnTNfITB9wnyn2p554EgbvYocbd56OBnDCBmTAdBgNVHQ4E\nFgQUOyMsWmrLRyC2OwJahGkyBmQdk9cwHwYDVR0jBBgwFoAUlBHZ80fDjsGTX2Sw\n94sF1PIIjUQwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhh\nbXBsZS5jb20wJwYIKwYBBQUHAQEEGzAZMBcGCCsGAQUFBzACggtleGFtcGxlLmNv\nbTAKBggqhkjOPQQDAgNHADBEAiB7TiMK2GUpX38TFiDD9aaW5EEj/h9b5mFS9V1Y\nT9hlOwIgDcXFOlH8thWnhFTfuxutHHLFa2cbePCvJCb/dtfYCJg=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB1DCCAXmgAwIBAgIULdVl8s8N+5qw2HqL0k9jIICynwAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAELEqQX9Fm3iBd4PCFFVLC5zxGyoPOrVHD9LvDCDR0\nT563wkHICWqovg3G9KusmTmNzLWj3ATZjyCXxNM7BKa+XqOBnDCBmTAdBgNVHQ4E\nFgQUMb2kH5GRIv/yjCY//9idpEHLmzIwHwYDVR0jBBgwFoAUMyTD39H1uGh0tgNc\nzOm+cC2bQhMwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhh\nbXBsZS5jb20wJwYIKwYBBQUHAQEEGzAZMBcGCCsGAQUFBzACggtleGFtcGxlLmNv\nbTAKBggqhkjOPQQDAgNJADBGAiEAmoxp8PFjFOpxJaJZJy2O2SX9ZZl3BGRWO7PY\nmpcDXhYCIQDKLMAKARoVNxww1nboJKmdZn/7vu8G4wpnadykP766vA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1021,10 +1021,10 @@ "description": "Produces a **invalid** chain with an EE cert.\n\nThis EE cert contains an Authority Information Access extension with a CA Issuer Access\nDescription. The AIA extension is marked as critical, which is disallowed\nunder RFC 5280:\n\n> Conforming CAs MUST mark this extension as non-critical.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUVocsKhn6LtxqMYliHNDSZ7HnpUEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASdP8JaupmmwNqG0ovT77heOpSYsOeGT2s5lXMy\nwnXiSRKqJrwPrbs8KJDqPUt9vsPxJPck1KUDLTzkjVLtcsv3o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUVyzji1Tqdx70u3aGYzTM7KEQb8IwCgYIKoZIzj0EAwIDSAAwRQIg\nc4bQdX7KS38Sl397/mmuhWz4djOjGthIwrL/OikQdoECIQDhyoHBz9uUSsFvydbY\nw6/+k2DpWsvwobzsQ11zQjjy1g==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUP1kkhSBnXMsLfosNpaeWbrSKucgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATEqXYyUDxvFTMiCRlgX1n5kQAL5ZVGu60fk6RQ\nDsgCnyAWoBfppnGiOkTp3Xt9FBSbE3difowepiEctmfN0B5Bo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUFCY2LR9ZjwDfKG3snJj4OmYZZtkwCgYIKoZIzj0EAwIDSAAwRQIh\nAJ7vuYcG6csDNW8+iLbgKu48GfIzufVYH6Lbe300BCeQAiBV2D3Ws8t2mv9SEZfw\naIn0VKAVjJcVib37hD72tcPeFg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB1TCCAXygAwIBAgIUEas90pbU+yvllDqVwbe9jAdptDgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEjN7GMG0L7aQkBD44TZ0OaiVRWt4EXVTy0n7yPSCr\nTxeZ5nu10Y8Wx9h2uthUYWydWM3k559kyRM+12j71eXqmKOBnzCBnDAdBgNVHQ4E\nFgQUDWsikTBNSO77bIrQCPTGwIxz+KswHwYDVR0jBBgwFoAUVyzji1Tqdx70u3aG\nYzTM7KEQb8IwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhh\nbXBsZS5jb20wKgYIKwYBBQUHAQEBAf8EGzAZMBcGCCsGAQUFBzACggtleGFtcGxl\nLmNvbTAKBggqhkjOPQQDAgNHADBEAiBm+GC5KFsflkz9vxdWpauu6eidgdPAJ2+M\nAL+4C5RoUQIgXAyBpNC0g+dmL7TmpBRGHNi9CpjURf8juZzWAxwZqkc=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB1jCCAXygAwIBAgIUUHc3xpSSfI4LUlS4VkCViGB41SQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEYU/K0OsWlqFH6Z60U1RjuhcV2L+nVbdZ+1apuVNB\nj2JeUZCujV89EmoFw4dGSQfquECReQVscBnO0yk3/SDldaOBnzCBnDAdBgNVHQ4E\nFgQUApSOgMaXLmTm7SUnrTUMDZeFNoYwHwYDVR0jBBgwFoAUFCY2LR9ZjwDfKG3s\nnJj4OmYZZtkwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhh\nbXBsZS5jb20wKgYIKwYBBQUHAQEBAf8EGzAZMBcGCCsGAQUFBzACggtleGFtcGxl\nLmNvbTAKBggqhkjOPQQDAgNIADBFAiAoQzTQAsrvRuSE7c83W+t2bS+hX+C/tiQc\nkhRfHWJFJgIhAJ8HXl2TR4th5ydEAb+qsaYxt0lJhPftd50B1oQLZX8i\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1090,10 +1090,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"example.com\".\nThis should verify successfully against the domain \"example.com\", per the\n[RFC 6125 profile].\n\n[RFC 6125 profile]: https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.1", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUWdMu2268hOGSsCTWYMh7OhU53NcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQw37kTd7CGD78GxIp/oamcJ3ublC97nPkYOg3U\nCkaFn7T6yx7JHSa7/Wb0+yzNoKN115aFzqAZyu9W9I2Tb1jHo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUVWCMqUL/+k/fOSLtwSSkrze3XAAwCgYIKoZIzj0EAwIDSQAwRgIh\nAMjod+ui7iJa5L5rmo7RLhO+BgEIGKGCZe1YR9e8pE7mAiEAmfb+y8/IZxgpOOo2\nCwQSWd57ggJWcDXTglyi70wBNZA=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUWjFg3+OXrEGV1pz9m/12UzkWAD8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARqxs6gJswCthUaoAnKs/SmyVgI20SZpiQXRfIk\nG4l9bywQzk39koWRxGmmYwzOIE1I0YjsmnVLHWNRg6aCMN6co1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU1i8uM59AUH8ZG9rHfteRQIOqLvAwCgYIKoZIzj0EAwIDSQAwRgIh\nAOIRGYmVvSksgSe0ea+aSd36fiPxsmsE0VY7nziiEXE1AiEA7AsuRG348yzJgOko\nCl1lY9F11AaCqFzxFM9aXwwI/14=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUPxzYUdDpJBNNcTfjmTiTOMP8WsEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEuwuJKJ69T67oP4xIMkAJrEaDs8QgIqFLmOTD7fr6\nKXTrfVOtvAQpk48Y42OFd3t3P8kCkoTCCXKA1NgYTY/Nw6NyMHAwHQYDVR0OBBYE\nFFYaHvz/dRzeZLoNFoiBxncbR48IMB8GA1UdIwQYMBaAFFVgjKlC//pP3zki7cEk\npK83t1wAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQCzOXe7+3DZngPQl0Arz4YqvlWqIIpI\n/A9L4rMLU8/l3gIgLIY3fkZq79Jpl4EiIpQG1RMPO/Xa7BgfwXpw/w49Plg=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUfqS+KaIzPspckXW+5rZuktD4GEUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEIO3RnJ2twHD6xoirNCCip2NwKb/caKrm84T93PZN\nPZ/kGvxvFOSjcHKf63/klMv9uaftTINtEjpcMtJsB3nr+aNyMHAwHQYDVR0OBBYE\nFA06jOcoNEu1MMNcqcYZ/1YB18A+MB8GA1UdIwQYMBaAFNYvLjOfQFB/GRvax37X\nkUCDqi7wMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQDZXZzPsJ6CHncDYxvxnp89c9XKRlV8\nTdqj+6U9a6HwhQIgGDnzNBHfjVZn+GMwRTD1fsR9MTlAsJrRbksBMm5PZ6o=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1111,10 +1111,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"example.com\".\nThis should **fail to verify** against the domain \"example2.com\", per the\n[RFC 6125 profile].\n\n> Each label MUST match in order for the names to be considered to match,\n> except as supplemented by the rule about checking of wildcard labels.\n\n[RFC 6125 profile]: https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.1", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUMG9Uags13GFrY1RuZxpbq4HcbGowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASRI7koD1XDjVsmnHJzd+L2SA4RrlfKJnc3uDcW\n6c2KWd0JQiWPBjs/MIUaYRjx7BlDOVftSYrckRetrBM0LaPqo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUadB1ZTVQN1fOBTw/GWmsIpVVZgwwCgYIKoZIzj0EAwIDSQAwRgIh\nANJWGy6H9LSAxwYd22SCXQsxIx7VE86GPiR3WRIQ5gw4AiEA8GFqsTHaK8y3BlE+\n1H9cr9q1pZNtBRBwZedGioAMQI0=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUbHh6CovDlb6uPMTlcxFLbx4sH4IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAToFJBILSJqi+n/WK86rcySwwoYiWCoC1ONPb2f\nFL5Bp5HJR69RpplQFNTjyHPF/i10Vrzq+GyYKMh5f/7miryno1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUZVD+VprnugmEPQPsF5FDF6Ove+8wCgYIKoZIzj0EAwIDRwAwRAIg\nMncBgs5USBmsMLgf+ZcS38W4+qhAstKF5z4ymw7zEC0CIBZRBBPux2Uy1qINxQcf\nxMBNsVMWwvzZ8iGNynoKQQoW\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUTfywLg0JEIDYw9ASMB3eaRCBXuowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEfGudiafgyDjTvChMIcuoNfZWy0XJ7wg0ZZxfHh1I\nSvFIG0P6wgJ057I2xPfZpyUYAxN4vmO5Nor6ecc8VC0nXqNyMHAwHQYDVR0OBBYE\nFE/N1+JwO1bQ7Zoh00UEHyJW7bqRMB8GA1UdIwQYMBaAFGnQdWU1UDdXzgU8Pxlp\nrCKVVWYMMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQCdNTmSYAZtcyIEM1RCCPv52VkUzU7o\nPGg2mGhQVd4BvQIgHc0o2d2rOyRfZgRqXeDlz155z5Oqd9tgEQDONP7Jt1M=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUJHMK9EJ4hqVYBd3pHtCH4cpes8gwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAE7Zlcyy4FUJoLllcTiSrznkf2HoufyZWfIlKOcMVP\nuf2nnLm+wdl6cr3om2u2ZwIaLA+h/bcj1b70vMVThg5SkKNyMHAwHQYDVR0OBBYE\nFKfExoru4JiQsZNRUexa6mTVyiTOMB8GA1UdIwQYMBaAFGVQ/laa57oJhD0D7BeR\nQxejr3vvMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQClnkIpBZ9yFzNPvInUGihY5SzSsvWn\nsjEMmemzl0T2vwIgepq/cvoHsCY5WDTTQyHTdtjMPGVOJ0dSTAhrukN1Fd0=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1132,10 +1132,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"abc.example.com\".\nThis should **fail to verify** against the domain \"def.example.com\", per the\n[RFC 6125 profile].\n\n> Each label MUST match in order for the names to be considered to match,\n> except as supplemented by the rule about checking of wildcard labels.\n\n[RFC 6125 profile]: https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.1", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUJ3SjTmYjUb/UZSToRQApKhDyt7IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQJjAMeTJiZgY7Zq2iIn6/+/Z499hAWtb24yDeT\nhec8clZuoctZczZF5Hv7XEHsYrshTgU6KVbmt4EFdCg3ei3Fo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUlbQdx1QjmmQ9tToh3bku7SEF9yQwCgYIKoZIzj0EAwIDSAAwRQIh\nANfc6AjbbtwCmI0dNKmaz7VO0W1uUFQjedgcunm6mXiMAiB50D/XWF+t5DWAeNr0\nt6NpZ5V+hrNiVCItsv8zkdNFAA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUet5mliK4PovJgKk9PBXF5qYJ+OwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS40T5zGhzA4ohDMCXtvVrOf2MgnrHWlS5pJLXy\ncQqfey0YPP+JLG+l+pD8Iaz9FPtnHVT/2RPD6l74i8H/kW85o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUpsK7gwnbhW14+bIUw0st5wZHg/QwCgYIKoZIzj0EAwIDRwAwRAIg\nRcjL9E132AHBhSlMuUv2B66bjLrc6GdVqhmet9gC/G0CIDX9kHXltVHXYkWmJlqs\nThg7jmXdnQIaC8MFJX9EPVeL\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVKgAwIBAgIUPbgk0xGeZt3kkxdFoTZv6dnnuN8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEKQbQ09miBNlj1yu1doq127ABY7T4+XNESPASEDDo\nleZZavSXmNhrJjp7p8K9NqDNVwka7Jav42Gn74mapL16tKN2MHQwHQYDVR0OBBYE\nFFOzt/Z92BPJmmjiunhLrIe3SeQIMB8GA1UdIwQYMBaAFJW0HcdUI5pkPbU6Id25\nLu0hBfckMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBoGA1UdEQQTMBGCD2FiYy5l\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiABPkmdBKxdwd74WqZYt1DKUuQi\ndHALKuLGnl3foH3XCAIhAIruNwsgCmP3q4Qj8vse3sb3OjCX4HN1UysxU90yModF\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVKgAwIBAgIUVUjGi/8OhKk4GoOdaYpODXJII7MwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEWYuu8JfP0c/fU308Zox1LAPj+oJfp5WMvKI7E8Z8\n+tXK93pELlNiHSWqRaklun80n5YuTWgeN2ZSYIY53/ZuBqN2MHQwHQYDVR0OBBYE\nFDhjkuwNalqCynB4d2zb8wWy7AFzMB8GA1UdIwQYMBaAFKbCu4MJ24VtePmyFMNL\nLecGR4P0MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBoGA1UdEQQTMBGCD2FiYy5l\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA6UQpWlUumVEPHEl23SRWMbj5\n7yMAI+7tPKNCGRY5seUCIQC6lw90PxxspaOaYOmkLenXWcFenOD/5qB6YNrgcyBf\nJw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1153,10 +1153,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"example.com\".\nThis should **fail to verify** against the domain \"abc.example.com\", per the\n[RFC 6125 profile].\n\n> Each label MUST match in order for the names to be considered to match,\n> except as supplemented by the rule about checking of wildcard labels.\n\n[RFC 6125 profile]: https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.1", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUEOprVsJgMddacqiEQwu7VNMrtiwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASeL2WnUwXibdKpvvv0Vjo+aYeZZ2uomnfjmnix\nI+faxzgBUjInVzxT1V/Dt3ahSy7uXKCPDWCMKGzjBZ4kR9i6o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU5Fd099OIfhMf1dBfwdgxh2NtxY4wCgYIKoZIzj0EAwIDSAAwRQIh\nAKNW7h5HgKjPWcstmU1PgoTOC1yewZ7roCFRrGUGF82UAiAZBDL+1riOa+ZfH8bN\nLIDEHGMZhr8lg1oxuZ4ehabdDg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUGtsGnCkwStYq1nfxzI+rJTGdbw8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR9XBiQr74hkLFX704vUtddREeVdomrmTIFbmkb\nBMSqQ40BpCOsDJAtpYNnTQHpBoSc34JZlxDWAulwAGuUDMzCo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUsaB+RIn9eKcs24PzTBITtGdi+vwwCgYIKoZIzj0EAwIDSAAwRQIh\nAKZgi7BRF3/06vBHJj7kqmGftqD0J/NZatWftZQ86p0lAiB3YEDLU0W1FH/6Sp17\n1Hu+kcYAOxnQkyGPho/94zYq8g==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU6gAwIBAgIUcUu0PME+Og/A+7eG4i5WjK+gXa0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAE/RqXjJ3e8L8Shmqt/j/7kkw2Nrl5zAERITMM71M9\nudwXh3gK7q8knypcDA8121y7dNOtcb50KvrHou4BfhP8dqNyMHAwHQYDVR0OBBYE\nFDOetZnWod7kECxPrC9SgeMtFmTUMB8GA1UdIwQYMBaAFORXdPfTiH4TH9XQX8HY\nMYdjbcWOMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDBn2wL1h2Kiyo721rF8eXSrRbl1olg\nlwMoy7kGrhnZ4QIhAJLvTXmHQPX6WLS6rcelxgMjliNQV/eEqmkIx6rA0Wnn\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU6gAwIBAgIURYEbTkhHCfGlCz+q+E+cfbSpmjIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEs0oRsiKpuwcApCQz3e+fFbrvkUM83eO93sUCkYK7\nwcrOPlx+5yu74TVgM7RJXUYY/o73u/7Tqllv3z9vBIUdf6NyMHAwHQYDVR0OBBYE\nFPyE48vAGesrTWzbhLf2zMuvWWaKMB8GA1UdIwQYMBaAFLGgfkSJ/XinLNuD80wS\nE7RnYvr8MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIA87tvVvbN2Tv1azorfVu6vludpTh2tn\nfZeS+esx+MfqAiAMRoseDD9vIub8yTYln+acMifMlvnR++fDaIUdVJgNDA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1174,10 +1174,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"abc.example.com\".\nThis should **fail to verify** against the domain \"example.com\", per the\n[RFC 6125 profile].\n\n> Each label MUST match in order for the names to be considered to match,\n> except as supplemented by the rule about checking of wildcard labels.\n\n[RFC 6125 profile]: https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.1", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUBtffyp+VkeVEWvMEdOr7CkDvPnowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASzsryZmIfhwpbUsI9j76ngfGiPWJhFEFnR3Bg1\n3IzyeRKCZzMgKrbp46offKrHp1Bg0fUnNkC+o4k4frJPQa8Xo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUirVO+sJ0eb6w1Ao0V8ybSOk9/p8wCgYIKoZIzj0EAwIDSAAwRQIg\ndtQpEFzhddtnvsHzrUrkjKxvtIgP6q+jtRfqmp2/lj0CIQD7FnM9zodFh7WtieTZ\n05JmCm7KRKPL3ge4CPatI1h41g==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUR7bd7FS6LaCyUSn0C/6L6PhGogEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQiaHmLrdC/HR1S8Swau1kyL9/VoGa4K+iC4dho\nLavM8EBQo9q8uBj78y5X8Z6hUtE2XO/+NVNvwrx0gHfwNfFGo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUAXzy/Su0zW0U7uj00SGDS7+GhgEwCgYIKoZIzj0EAwIDSAAwRQIh\nAM5UVGlnVSZ7slT8JQjcDlOuW//x7ZdeMXXvCLIgRnapAiAifEanBPxVxsjaOIpQ\nARNs5fXMdP/LpdmL2jNtOJu2kA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVKgAwIBAgIUJ37z+U4LOhv6I5TAd5fZhtWM2DwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEfvV/tbknZcNKmEDQNRJ5V+JCyTkQs29oog+Lf+68\nQpMjaUN8XQ/N31rQN39nmO9En1w4ZzPTK/4MlwRSztCE/KN2MHQwHQYDVR0OBBYE\nFGzbq7oKHp9iQqQ55nWlhxtmALZnMB8GA1UdIwQYMBaAFIq1TvrCdHm+sNQKNFfM\nm0jpPf6fMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBoGA1UdEQQTMBGCD2FiYy5l\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBrntrfzmxy8JsRUTYC6iqsNyYI\nYiqKVZ0yvi4V4W2/kAIgGZ/P1TKbPFmCkpoyJfbVdu8YmrNwPKMl8oqsw+OLme0=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVKgAwIBAgIUWQNx8laeJMGGI99M2Z3G8tA1rL4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEZsPY2IfHkLg+Cfrmc6wbN4eIjCMJZk0tv/5/O1R7\nEDqR5i+HNnsq1lbw9Gg2AO1w7uO4Vgp+tU8Eet0s5Knxf6N2MHQwHQYDVR0OBBYE\nFK3pWJeRk+cUOE5trWID7lK1AJd2MB8GA1UdIwQYMBaAFAF88v0rtM1tFO7o9NEh\ng0u/hoYBMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBoGA1UdEQQTMBGCD2FiYy5l\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiAHwm3Iax9GOMzxYGAAtYUyJbvM\nqajuXZQKKs7bCqPBXAIhAIF3O74Ffzogzyh02HiQCwm2hN0lilr8M5vy9/djTIqq\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1197,10 +1197,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative name with the dNSName \"*.com\".\nConformant CAs should not issue such a certificate, according to the\n[CA/B BR profile]:\n\n> If the FQDN portion of any Wildcard Domain Name is \u201cregistry\u2010controlled\u201d\n> or is a \u201cpublic suffix\u201d, CAs MUST refuse issuance unless the Applicant\n> proves its rightful control of the entire Domain Namespace.\n\nWhile the Baseline Requirements do not specify how clients should behave\nwhen given such a certificate, it is generally safe to assume that wildcard\ncertificates spanning a gTLD are malicious, and clients should reject them.\n\n[CA/B BR profile]: https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.0.pdf", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUEKxvNtBcmnBcu0F18mjcC2me/UwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQJidpbjv4E9eIQjl+TTXuZeOlgAsUDrZsAF3qo\npn9BQOqndM6rsPvAnA7NUCb9HzveXtpBoiytUoTdB2VhdbOuo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUip47Yvv8qcKxONOC3V0PIg3aqPkwCgYIKoZIzj0EAwIDSAAwRQIh\nALilxENmtQ4jXDaKdmnxJajk5ZNzSsq/jokiGUU3RcVtAiBIbVsqUt+8EphqN6PL\n7hl8t08TVFabIwa25Xspo+H4Og==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUPy9ZBcCLoaQC8qC7cKfQMAxD1ncwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS/PlzCn9fKT0hSqp8j7H7dXjxRw22sKEhV37Gs\nol9rqsUOrHQBRCaIZ6jIx/3FAFQrN2qxkZXETBuGvBwPJYdMo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUc277pK0q2bB1lEWBmszC3+OhjkgwCgYIKoZIzj0EAwIDSQAwRgIh\nAIMwTVdIK28c/Yccc3XPD3wb2narGXsk8vHf/uIQK4OSAiEA14wxeyJ5BcdAmRzr\n0RmfHVndMa00IDDCT9s6xjoLXuE=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBojCCAUigAwIBAgIUG/hFI2PPkVJEFVbjoFqz0puVpuIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEjxHXjSaW6lVqq4CBHzl0kryGCuJlqoTf5cdk5sRs\nq14wX06Y4EoYhTVPxXvGSMJGassnXf2V0AoHmLNTZGSkwqNsMGowHQYDVR0OBBYE\nFI3h2F4GSFlk8jxoQiI1/gMB65B1MB8GA1UdIwQYMBaAFIqeO2L7/KnCsTjTgt1d\nDyIN2qj5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBAGA1UdEQQJMAeCBSouY29t\nMAoGCCqGSM49BAMCA0gAMEUCIQD5fJaAWZtwH1uDEuVxNOsQrAjTyNslCwgFdx8+\nIE6y8QIgeHRIkpR3A26B4/DvEVCBuksYSmLA/2UrZ/3MVRKBiPY=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBojCCAUigAwIBAgIUQ4SGtLp9ShVuzBdNObMfQnIYdU0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEsb2o2vbTQpLDmEgxhVpbBHTgShCo1gBF62e/vPyc\n3yRyO3xKzquG5TvDIndtqyvVIBjBhMp7MWcqzURuQDXlV6NsMGowHQYDVR0OBBYE\nFO+q3BHvmAGSti6dyW3qsFIIYPFoMB8GA1UdIwQYMBaAFHNu+6StKtmwdZRFgZrM\nwt/joY5IMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBAGA1UdEQQJMAeCBSouY29t\nMAoGCCqGSM49BAMCA0gAMEUCIB8hkWZ8TQ6QnFqUc34aoXFha6g/ZiSy0EMh4vcT\nuJj7AiEAgNylgrcO5i11gUK+j4Y8CZIq+GqMONWmgre0SEVACRQ=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1218,10 +1218,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"*.example.com\".\nThis should verify successfully against the domain \"foo.example.com\", per the\n[RFC 6125 profile].\n\n[RFC 6125 profile]: https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.3", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUHtpS5PHb2E0pDpYdup8KolQy1oowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQwuc+oWzlaUSR/TCS6kF2czyUm3YrezZJJkChd\nGh01ghsRiHO34Q98RF5f8PbLFFF56eCZ/pAVXYWq3gHKkNhzo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUQJbLNhRs71n1AWZCu5cc/xXjZIwwCgYIKoZIzj0EAwIDSQAwRgIh\nAIaEZiV5d04RbmkcAvInGkNdRF3mzCuWtFnD6NnqHimJAiEAt7b52ChICLs+kaKP\nY2FG4gQKquYNDF1o/q3mcOyFPcE=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUVlfEL7UIrMjx3hub/hivh4KcbGIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS78wXDmfp2aGhNXRfgdcFxsz9QeRTHiV/8MdjD\npTbTx3pQ9rtB+WHVHcA3IKrciBBqmiTGpJlJBaEN0Rq2AQsOo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQURBs1RUGgdG+mSPrDIIa4NZPSrGowCgYIKoZIzj0EAwIDRwAwRAIg\nLcpzvhwuhqigVsVObor9U0NITozOmyoW+F3EeodN/qECIFo/AMGrFRluFNrNpo4p\n1NKt3bFdcVof5bzgB3Rmmgi7\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVCgAwIBAgIUOLSn/iBf23unxo5isV03Qnvsnx8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEvOuW5psIik1Ql8zqAREgQwQn3pvhNzbpG8MtJRlW\nVA1Ok3XhSz5gTTGnCxfzeU0ptbAhJHEp+4/z1lzF8ZO5MKN0MHIwHQYDVR0OBBYE\nFGKLSovM7f1Yu0awpykPKbghDZWqMB8GA1UdIwQYMBaAFECWyzYUbO9Z9QFmQruX\nHP8V42SMMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBgGA1UdEQQRMA+CDSouZXhh\nbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhALlOKrsFttUUwT/S0UPerI4J49oR\nj8rvyeZ9fbQt12wfAiEA40O6eR+kB67otscSeEDCvw+HgUypQXHgeTr2CWSDUqs=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqjCCAVCgAwIBAgIUdq0YAX0GuQmEzW4U7envVaGxe+kwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEiOUiXxcnXr4rK7JKNJjMYRJS20qylrlqO6+FWJpe\nTTDoavbcDA0Jyl7i9BHABB31EAwIYU9YmtBrcFA886ugcKN0MHIwHQYDVR0OBBYE\nFC0jsELPTF8ISMiWYgk9HYEagyDkMB8GA1UdIwQYMBaAFEQbNUVBoHRvpkj6wyCG\nuDWT0qxqMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBgGA1UdEQQRMA+CDSouZXhh\nbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhANskdjpKlTa3ruDT7uQ5GIzgIHrK\nKxYgZBn/C/SUdrcYAiBQcz4rCZoaEXmoDKlCrbWN27oAx92Xcx/0GuXFA4z/mw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1239,10 +1239,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"ba*.example.com\".\nThis should **fail to verify** against the domain \"baz.example.com\", per the\n[CA/B BR profile].\n\n> Wildcard Domain Name: A string starting with \u201c*.\u201d (U+002A ASTERISK, U+002E FULL STOP)\n> immediately followed by a Fully-Qualified Domain Name.\n\n[CA/B BR profile]: https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.0.pdf", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIURMreGPzNUv7Zmmskcvfldrhd9yowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASkbGDyPAGi9eET/XOEd58+kITrPTD2xItNoAfw\nJCkQxfcskAhugA5cMiPIc7AzDFM6KperM2vQQwndRGd0i6KJo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQULUGvHeqzlvrnzS6LoVH5Ps4QMw0wCgYIKoZIzj0EAwIDRwAwRAIg\nDSQJUJ7b6mxh/RDJsiG1nNLEjvQvw5iQfNDXPwxcEukCIHonR5NU7XdHdF0/JFXl\n5MQFGlnBY/HhZQk5qOWv3Wh+\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIURnlKN0TPxp/AbcIDiALqGEzvYr0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASMUwHFkZpzcTlp8pYC7pVOKQhcRW8mwW41pIOs\n3sFlzd9ZoaQcDcF0TCWZ7bbYngmLYS+/JSr2eIYfpL98kXzeo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUzZPo26jXz6BqaeTE0tJzMgHWDbUwCgYIKoZIzj0EAwIDRwAwRAIg\nMDkld6pIMIAxJBFuviViSOQF5cD6zyWF5Zp85oDqkGkCIAYwrVeU7tZBGNHRWShz\nx1IyV7MhMcWtFE/UWHFRtwqe\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVKgAwIBAgIUWvusHLzHzQ1n9n9jTh3sUs4pC0swCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEHcUSNgloCaV3mg88h7/M9gniLwfcHF52CUgjPE4Z\nRfGRg+zm3MkdCsLM9H1IHIgrMAXKUTB8NlOQyz6zvlnimKN2MHQwHQYDVR0OBBYE\nFOcG+4m5r1jlbwV2b5/lkqRuCKsYMB8GA1UdIwQYMBaAFC1Brx3qs5b6580ui6FR\n+T7OEDMNMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBoGA1UdEQQTMBGCD2JhKi5l\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBAR9dX80KIyCkyDT4e3Opo6Geu\nFIy+JbauvmZdQTX9RAIgKcfqgaNpzwtukBe8IbMg10T/vuHvPgImfqJRrbaiixM=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVKgAwIBAgIUT3bxzKn5CEZJ6UIbxjtfL3uTWWowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEimuCwZMYvYAvq+l44yhn6eWFmvGIPIbE0Vao8xHV\nnNYx07n7TsI+g2q0iUSxVEiYfwAfhly+Qjq6IwBVbL0XZaN2MHQwHQYDVR0OBBYE\nFFYn7zNeU3E1ParD2Sp1GArMWGxbMB8GA1UdIwQYMBaAFM2T6Nuo18+gamnkxNLS\nczIB1g21MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBoGA1UdEQQTMBGCD2JhKi5l\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiA08z72tffwwz8k0sVk4eJnMn+q\nEowa0l47dgxLSQV2hAIhAJ733aRS2WDgvRk9xnZCrZdRgdwVXDpF3R6+3TWaSdZ5\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1260,10 +1260,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"foo.*.example.com\".\nThis should **fail to verify** against the domain \"foo.bar.example.com\", per the\n[RFC 6125 profile].\n\n> The client SHOULD NOT attempt to match a presented identifier in\n> which the wildcard character comprises a label other than the\n> left-most label (e.g., do not match bar.*.example.net).\n\n[RFC 6125 profile]: https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.3", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUBNgx9CGDs4yVGhBaXILcI13kGRswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASUwVn3iOo+b68pTGFZ1yY/L4poIrO18JBm4qSa\nWWRlPTvV8CdP3JWR36X8bYn5xgWa4CsnXiCY+UjG+UsLmxWLo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUJIIjlbCEs82vS6YJnj+Cx5o2Q4wwCgYIKoZIzj0EAwIDSQAwRgIh\nAKYt/N+0QIND08dCdPXoqoz7CcCPwZruahTtMrDw8JsAAiEAgI5+ktF9vhLL1c6j\ndda+WNAJdIi1dO7tY3+Ro9M9i2k=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUPQf70ClwwK/iRahaGH6xM+mynA4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARLeT8gfgseyImBxAclEKPA868gNFxumxeJkIKR\nNtkqahaLx8LfIlqgSBt6bqDGboMS1epcq5LrmSjw19om9ZZzo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU2dGB3g0xPuQZLUI4RIrW+dIQ2bswCgYIKoZIzj0EAwIDRwAwRAIg\nF/x2TLmy5nFQfioDtjo0a3XU5ixs6fjExLSc8wgHjWECIEe/EP+N4goD4VIKPXp2\nnYcQMz5VnQSMu6qqs8cGT4gj\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUVxXJmN89gzjI5r4cN2fn5KcG7e8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAELTq0RoKklxH14Vi2hqtC3JlOlCjGYGK93Omg/fzs\n3XKZrGBmkm9vvBa7fM2nHbbaBg2gpXvRwy4xenxSZnKpb6N4MHYwHQYDVR0OBBYE\nFBHi+fRnwemhhntVmfzSAUUp7XCJMB8GA1UdIwQYMBaAFCSCI5WwhLPNr0umCZ4/\ngseaNkOMMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBwGA1UdEQQVMBOCEWZvby4q\nLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDNWz49umhC/nT7SQqjb4RS\nDmI9u6938SDxpirtoR06/AIhAMx7+qbGYj1vY76lfajNQWRynLQeJ61yqXlO3yYT\nSfZE\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVSgAwIBAgIULBRO0Y/3VPcPMMf1IX2mLAWDvQswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEUCu3zmBkQe8wpZG1hLAlFqU8tIKPWQKKIB9YQ5U8\nfQz25266v9dgSXE8HCynu4Axmo8gCJMTrYUlkJkgnj6mFKN4MHYwHQYDVR0OBBYE\nFMFhNJ/oWAIydwHcW3zj0MoDew+7MB8GA1UdIwQYMBaAFNnRgd4NMT7kGS1COESK\n1vnSENm7MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBwGA1UdEQQVMBOCEWZvby4q\nLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIEJXYFW0gR7vt+lYSXoA+PkS\naZmRXH+9X6hXm3U7dWOFAiByPThqzMB813qJ54GYi4FDK6lFMFquH/k+IlgdgsOr\nvA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1281,10 +1281,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"*.example.com\".\nThis should **fail to verify** against the domain \"foo.bar.example.com\", per the\n[RFC 6125 profile].\n\n> If the wildcard character is the only character of the left-most\n> label in the presented identifier, the client SHOULD NOT compare\n> against anything but the left-most label of the reference\n> identifier (e.g., *.example.com would match foo.example.com but\n> not bar.foo.example.com or example.com).\n\n[RFC 6125 profile]: https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.3", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUNXRKP8ps0IQP2vNu/i5KXxESR88wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARrMnlyHA9cV9pyL+sHQdAMcHZb/4sIeOHhFnlY\ndqeUC+3l1VCAaD3LRZOWogHTHYUzF1Ms6a48F7uuPcQYCOBHo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUy2KOguyJEzLenOeqfraOZCKxMWgwCgYIKoZIzj0EAwIDSQAwRgIh\nAPwA5SPo3wAKdf57Ve+j1F6LwNgfshu3ebznrevFs7IaAiEAvv6vXi+qxhco5IdF\ne/nVVyO1u+xZ56gxuq0QdZX44N8=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUNAdbuV/1nCFsFcEh4x5aJNmZrX4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAToy42e2/5o5g9FtFtUyVZ69v6XoZh5WyL3uI+v\nUsAQnzOd7Jj45mkA1X7+5ktt0k6gjdSnme5vhnd2cQNo/Gk5o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUSNdECjEr+/G7N5EHaKY96QpK1mkwCgYIKoZIzj0EAwIDSAAwRQIg\nIzr8gVaXjl/AEU3r4w8X76X/a/e/LIQ4EwQVxqxwaNMCIQCbrUen1MOS1Li7irun\n8ofxi7KaGEEhP8iaG8V3UEzelA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqjCCAVCgAwIBAgIURftICb0sXbzsDLWn/FtL43FdNVkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAE04eIsjfcw60BnBcsm0T9rLQG5B6wRZLPew7cNO35\nQ8f2aQyV/qL7WS8Nl3K+bH8EgQ4e7f2koQ5vJK85Dn2KaqN0MHIwHQYDVR0OBBYE\nFJTzxc9nU2FHjPLW7yOVw9MuhX8RMB8GA1UdIwQYMBaAFMtijoLsiRMy3pznqn62\njmQisTFoMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBgGA1UdEQQRMA+CDSouZXhh\nbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAPqk+lW3CzmFTdESFaxCaaJP0t4x\n6TqDwLjH5BREVL90AiAQjzXu3Nxhehabik0YTxOklgwBDMVtv4RKUzBE3TPslQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVCgAwIBAgIUTzmADW40b4SpDWa1Brxy6bqmumUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAE2keRMFhsX6BC3IG5yWZaxrEBRmLog2DHaNEgTJtP\n1F+ik16nNpyiRb4OlAh4BVk+u4L503COhwlbcYAyvRdJ3KN0MHIwHQYDVR0OBBYE\nFI75eC15IAfZ5CwGPFrAMXP+jfmkMB8GA1UdIwQYMBaAFEjXRAoxK/vxuzeRB2im\nPekKStZpMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBgGA1UdEQQRMA+CDSouZXhh\nbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAITA15NhhROtAIqPVgSgAixyuow+\nFIchSCw1uTsuUQS0AiEAw05i7QAAlaICOHQ4VN2KvE9/JK7M3kSvUBtfavfRHJ8=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1302,10 +1302,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName\n\"xn--*-1b3c148a.example.com\". This should **fail to verify** against the domain\n\"xn--bliss-1b3c148a.example.com\", per the [RFC 6125 profile].\n\n> ... the client SHOULD NOT attempt to match a presented identifier\n> where the wildcard character is embedded within an A-label or\n> U-label [IDNA-DEFS] of an internationalized domain name [IDNA-PROTO].\n\n[RFC 6125 profile]: https://datatracker.ietf.org/doc/html/rfc6125#section-6.4.1", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUWQKKRhm3rvSK7ATAi+6PzvqWfaYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATOmbvnP2NiotBrIzmxnaCHg8DDmJKlMvUhy8Af\ncqrCHZagquYIPjo2CiLWXIqK7re3zBzdcEEvgqoaFR2mFWu6o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUXtcViYOSVJR/EaLbaw1nSOsSEZYwCgYIKoZIzj0EAwIDSAAwRQIh\nAI3bOyP6r0x4fs7eKcK3Cp6GqUubcO7ErRncXNn6m69EAiBaZs7prIGHnuJ9oIyu\nFdo+mtvNhQJUj4lutygpca5zwA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUV10VqnxdMHTLUvVy60NltyjU3iQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARsk3OcbOYId/eSZKnTyaewd6TzxWq2LHeA+RTB\nBPvC5sBDat5uSC8U8Lb05oHB4XwVT/bYhVqmvmGTe9oAC53Bo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU6N5EgL1m+vlXJFSv91RezfmBeSkwCgYIKoZIzj0EAwIDSQAwRgIh\nAKe+fliLt1ok1tcXEdr0SS2debL5nTFLo9lvOcq752Q3AiEApEG9JQXimquj7R8u\n8trL7z63TU6sox0Th6fVFPi209c=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUT4tLtE7Dz9Z3bZBagu/RHuOwXK0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEjwwJxXTHSWvVFjn+z2OrcZfpiJzDhEVwdvFsPLlV\nqFr2EmHs3AWvg3SAMXlwXG5enp1MFJA6uLxsPv/R4pttAKOBgTB/MB0GA1UdDgQW\nBBS/kZ7kumUupUkB17tYvHOpU73z1DAfBgNVHSMEGDAWgBRe1xWJg5JUlH8Rottr\nDWdI6xIRljAJBgNVHRMEAjAAMAsGA1UdDwQEAwIHgDAlBgNVHREEHjAcghp4bi0t\nKi0xYjNjMTQ4YS5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiBJ0zeFS2X7\nFZ/zqk7XCsPH4bXYCDuilXokCjswOwbUhwIhAOQQJUMAIr2/XrVPr9FtRAW3NgWi\nCmaqjZhBH0hsh/y2\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUMF9hoZaXyitloFwf/oRlYaQoZXwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEdKB2CZ3jmmstfiQk6Rofsumb9Nv0iBM9px+NGO/z\nx9DIsQiQYegMS+a7h1GsqeMwtEahCRlmEE5Hq1uoy4dnS6OBgTB/MB0GA1UdDgQW\nBBQYZ6iX04iCLRXfxjqvTwPWbBu2hDAfBgNVHSMEGDAWgBTo3kSAvWb6+VckVK/3\nVF7N+YF5KTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIHgDAlBgNVHREEHjAcghp4bi0t\nKi0xYjNjMTQ4YS5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEAvq5hpckA\nI7hYhUzr4RPW8su1gLHqu0Jarmv1tpbkCmUCID8T3QO8TA49BdyvAhHtPwSzO1Eh\ntea4udfESUYmqf4a\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1323,10 +1323,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"\ud83d\ude1c.example.com\",\nThis should **fail to verify** against the domain \"xn--628h.example.com\", per the\n[RFC 5280 profile].\n\n> IA5String is limited to the set of ASCII characters. To accommodate\n> internationalized domain names in the current structure, conforming\n> implementations MUST convert internationalized domain names to the\n> ASCII Compatible Encoding (ACE) format as specified in Section 4 of\n> RFC 3490 before storage in the dNSName field.\n\n[RFC 5280 profile]: https://datatracker.ietf.org/doc/html/rfc5280#section-7.2", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUB+bI+ZPyO9FFpx6lW/z7Ge1Q6lYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR7E8A19pCAhprM1tifwg4jawdOvW2fDqwtchgQ\nJ0Fk6lmYAVYENXbOVaJUiOE1CemF7C7zuyCAvBb5nNaCuw0Jo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUK9YaE1T82NAXK/Qm4a2FOhd7PJowCgYIKoZIzj0EAwIDSAAwRQIh\nAO4ZwPvlzIkzlXOX9duIYLzqPGzwWDOV8Gi5Hd0dOIqmAiAWdND6QCwTs4kv2/WY\n7YPBg1gS//1ZLBlWi8XE4mp4Ig==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUfRZdquBneFwAAC566PKen2T6UyQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATCjKyENEiSg+jN+MX+/FrKWYN8JsiedBWMQRPl\nDk9ryu+JWlhPLPdDqr1WboxiM0tS5onR4FHNcw0b6/70BbLCo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUC9zK3UgvaG8N9b+ag/SpfoZ0tFgwCgYIKoZIzj0EAwIDRwAwRAIg\nLpJR7sUZebbjmLDHaWGt2EjRGzNV5mq8trB48gaf+RcCIHBKpwM/X3Izaw3a7xfD\ntNEUFZ31vKP49ie62UMhpBps\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVOgAwIBAgIUY7H4D6mDCIFLQ7gh+1MYa411ZC4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAES9iMddWMcAkg5g2DJm/LJSw89mtfq8GfjFkCibJl\nDIXkMa0NYej5n+ho2Jnb9Lx3hHymsjGElHYFZxY/QhHmUKN3MHUwHQYDVR0OBBYE\nFGRK7ZIuCkJtuG1P8LqnaDQc8em4MB8GA1UdIwQYMBaAFCvWGhNU/NjQFyv0JuGt\nhToXezyaMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBsGA1UdEQQUMBKCEPCfmJwu\nZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgJ//bDtXXjXj1VOnr0LznFlmo\nohnoLmkjMnCjbZBBI1ACIGxYxekP9pP1OumljXCUwnEu2qRs2bvOrQ+qsYQjeaKq\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVOgAwIBAgIUA5lJE7lAhWAGuH7OP5ExdtOyFm4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEzpOkpyznDcS1wggAnRQ1q4peoNj/BB1ty2GbAWCk\nxrW5ihlNmL4XL1fcMbXxq7kQBjej/GG+c5IZic5Q16sobqN3MHUwHQYDVR0OBBYE\nFNAkh25zNTnrYsDjIYY/j/7FgXGtMB8GA1UdIwQYMBaAFAvcyt1IL2hvDfW/moP0\nqX6GdLRYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBsGA1UdEQQUMBKCEPCfmJwu\nZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgfgTdxOwRW8PD9TdIIqph+qfI\nXFaD9OMU8/aBEJLbmHUCIQCi3WzXGWlQd4qeUuoTeHywefTwcN76uGM0VB8LCcMo\nxA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1344,10 +1344,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains an Authority Information Access extension with malformed\ncontents. This is **invalid** per the [CA/B BR profile].\n\n> The AuthorityInfoAccessSyntax MUST contain one or more AccessDescriptions.\n\n[CA/B BR profile]: https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.0.pdf", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUI5Wua9Uycxawaxu9gbcVkYyqZEAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASf1gRG8igMggXS6ay5EEaADcng1hhIn1xkPemd\n/XePPCNubX91I6qp2HBm1sDeKtOuOodgvO32PPkUH+Z86AUTo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUVDnwMkGJSLIbUv6bwoQZIMwxmDkwCgYIKoZIzj0EAwIDSAAwRQIh\nAJllxM/iiwE09qcXYo3gssD7Pkg5UVJa8qxvFYz1UXjbAiBZG8YFRs1/fKs3VRCO\n92RJz6LCCBfRH5B2Pi9Fp6iavw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUeWh3SJz25bi0PRIbYvUSyVzhs8IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATygFTzzo7vBqyzMdpQ+YtnQ3h01auVaNB+dHjc\nKyonQyymxNYV2+g28vJncAxY0TICSaHKzrHmJ6f2SN/2E74Ko1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUumNerO56ypB4ktaosa0kp4vtBP4wCgYIKoZIzj0EAwIDSQAwRgIh\nAIgX4cpDgI8P43uW9QBD7DXMZ5q7kkW+p346Fe9nEIELAiEA2YFRnEqxPjJ+cYQJ\ngsVmVW1QsrWvbiA+sX+0SrYYsM0=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwTCCAWegAwIBAgIUNChTU6MMvOxG0AgwsRYEsWqpjpkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEAVzOCvccMZoamUpqDhTLqdPkO5FzfUh2zKBci8Fz\nHYdHf6pd5Uv/7BPb6L8tyb/m4cPzwegs40Ndg5ky4FHcPKOBijCBhzAdBgNVHQ4E\nFgQUg5ih3Y5+vnbEE67S0EjL94SmacYwHwYDVR0jBBgwFoAUVDnwMkGJSLIbUv6b\nwoQZIMwxmDkwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhh\nbXBsZS5jb20wFQYIKwYBBQUHAQEECW1hbGZvcm1lZDAKBggqhkjOPQQDAgNIADBF\nAiA/dp6oCuHBRJJtWIizWazT908YVrKQT0nmn7NoEyCfDAIhAKRtT5nwiEbNafpQ\n3PIdAEJXstBcTGq4iysEniIkwPjb\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwjCCAWegAwIBAgIULaMsd9CZ6SEmGwhP0LV1Qh6y3r4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEVhRVymNkrWJe3lXz5+fWIClFwkTAAU0MBdDjwoTa\nfmgNx4QAVPFgP/ZM7RN4Fy8S2zEszn8Hz6CtpokrfceMy6OBijCBhzAdBgNVHQ4E\nFgQUCfyGZfguYQb8EjP1CdYSYDDgT9EwHwYDVR0jBBgwFoAUumNerO56ypB4ktao\nsa0kp4vtBP4wCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhh\nbXBsZS5jb20wFQYIKwYBBQUHAQEECW1hbGZvcm1lZDAKBggqhkjOPQQDAgNJADBG\nAiEAmL0PS5OqUTLhrRHGFo1UYCsdC61divNLudD1Iql77KgCIQDneE8CvLa0QTjF\nGh/+jWLMtDtbO6FMZEuGIl3sY3ynlQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, @@ -1361,14 +1361,16 @@ }, { "id": "webpki::root-with-extkeyusage", - "features": null, + "features": [ + "eku" + ], "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert includes the extKeyUsage extension, which is forbidden\nunder the [CA/B BR profile]:\n\n> 7.1.2.1.2 Root CA Extensions\n> Extension Presence Critical\n> ...\n> extKeyUsage MUST NOT N\n\n[CA/B BR profile]: https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.0.pdf", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBpDCCAUqgAwIBAgIUUKobeYL9Gd/a/p5cK0P12/GEC1EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQWo/FCAV+iFFqXYG9HJVoaj0CEpiQLGEcdg2Xc\n6t9OLFyNqPQr128LOqu2M/3ATGBwojQH0OuhK5Ekb0ZVUt70o2wwajAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUcb95J+rv3ZTIGGCptxea7Go0H/wwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwCgYIKoZIzj0EAwIDSAAwRQIhAPdhhX5OL82f81S2xpjuCyp5Ti8hAUeaq2/j\nc43BEwUYAiAXWuVPC433dj1QD1c0GDwBAhZ837640YaXaKKslEm4yA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBpDCCAUqgAwIBAgIUftG10oPr0BFj5jCFez5uYsj6NuEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATEgywg3DLO6VIFbgcwTITE6ovz2zVn2Ma4Rfjq\nSZKZRhfYlU+i3CZ9nua/dMH/+Owetqk0/4qS4uhgYDGQdJ2+o2wwajAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUYzZ8b7OuhQVaoh8j0szFkES4Yq0wEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwCgYIKoZIzj0EAwIDSAAwRQIhAOnPAR5TX7QKkvea5JE+82DbffS/Rk13/a3J\ncp83HDphAiBV6OVEdWtKXBVe8AUNs1Gil0n0Trgg2lWLsyOIB9HBjg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU6gAwIBAgIUfhQhWKtWw0JdSRCYzt/B/lP5qnEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAE/zxDD4o5OK/DdniylcjekHDnxmdW8TMV2ZLg/R+/\nkyn/Ar4DEgAbedZeq4CWvJj9m3IRAVPxL0BAs/CxDU1gzKNyMHAwHQYDVR0OBBYE\nFGrBvKA3n4b11EQvDNqt5+sFhPNSMB8GA1UdIwQYMBaAFHG/eSfq792UyBhgqbcX\nmuxqNB/8MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQCjVrisDa/jaOGP/yomf+OhaeE9Q+xQ\nK7pLeEnCL76rIAIhALss3z0k6iBxlyCyR014yOA3LHo33GJ9o+O8FT6JQd0r\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU6gAwIBAgIUJjMycHllBsn/s98ClNH6LfHjcuswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTEwMDAwMFoYDzI5\nNjkwNTAzMTAwMDAwWjAYMRYwFAYDVQQDDA14NTA5LWxpbWJvLWVlMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAETTnkxOhBV7RJ0RwvsZNM44NSa7nlwmekEjypAEn2\nOWA+3FEMYM7UoS5O6FZ29eNtoElPGf9fabPapHW7hZsAz6NyMHAwHQYDVR0OBBYE\nFAfeyI2a32tMLGz3QKUavIp3SLkJMB8GA1UdIwQYMBaAFGM2fG+zroUFWqIfI9LM\nxZBEuGKtMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgeAMBYGA1UdEQQPMA2CC2V4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIBljdDh641+7ItAJNYrca/f58+n9cqHV\n/Gsqg/LnqpXJAiEA6s5dcpxMAHtsTlQv7n1o4vvFwHxsTph30bgI5yOQu1U=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": null, "key_usage": null, diff --git a/limbo/models.py b/limbo/models.py index 1d13139..67eca0b 100644 --- a/limbo/models.py +++ b/limbo/models.py @@ -144,6 +144,11 @@ class Feature(str, Enum): For implementations that do not support name constraints for Distinguished Names (temporary). """ + eku = "eku" + """ + For implementations that do not support Extended Key Usage (temporary). + """ + class Testcase(BaseModel): """ diff --git a/limbo/testcases/webpki.py b/limbo/testcases/webpki.py index 1d93e36..1df3961 100644 --- a/limbo/testcases/webpki.py +++ b/limbo/testcases/webpki.py @@ -452,7 +452,7 @@ def root_with_extkeyusage(builder: Builder) -> None: ) leaf = builder.leaf_cert(root) - builder = builder.server_validation() + builder = builder.server_validation().features([Feature.eku]) builder = ( builder.trusted_certs(root) .extended_key_usage([KnownEKUs.server_auth])