From 5083b33abb37589625018441d09b46079a37d1bd Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Thu, 21 Dec 2023 14:12:53 -0500 Subject: [PATCH 1/2] limbo: add another alternate chain NC case Signed-off-by: William Woodruff --- limbo.json | 612 ++++++++++++++++++---------------- limbo/testcases/rfc5280/nc.py | 70 +++- 2 files changed, 389 insertions(+), 293 deletions(-) diff --git a/limbo.json b/limbo.json index 39405b6b..9a34efc4 100644 --- a/limbo.json +++ b/limbo.json @@ -8,12 +8,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:0) -> EE\n```\n\nThis is a \"trivial\" verification: the intermediate has a `pathlen:0`\nconstraint, but the leaf is an end entity and is therefore allowed.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUf0V3nLjUXasM7+DHHK1sLLHttoYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASxBHc5s2dU3B30MMOI9qlwNAOLwGqGgvgGzpkI\nOMsIOm4tgdPO2td4OdbFXtU4z6zXnxHdG2m20vjYVWx6wlKNo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU2ewlUfWOZeuuO7i0Y3T7XItPt4AwCgYIKoZIzj0EAwIDSQAwRgIh\nAOhoRSO3NtWHXS+POTCrX6RkuhUJPD8VnxozS7YyPAEoAiEAh7KrjkPhOkY4seGS\nffHk1rlYANfaRHQb5QiFsLX57J8=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUW+K3KnujEDnsxbFWG8SioNo518QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARyi2AyEPMMFpicWmPKytS7QFGB9p+W8Ag8xrxc\nokzofuQc2tvr4kcrUnxF+ex0BlnhD5BPU61sKekOwWyH/Ffvo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUl3ca490o1Q07EzF5zneTHsGWYMcwCgYIKoZIzj0EAwIDRwAwRAIg\nfpW8sHC/9EITfKrdR/OsspKly+G0sIifa5HYwXLRLC0CIF7yRpmMqeYcqwUaenGn\nsL3Ze+ikNlmZyXxZdwg+68qH\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUBMj28DyjDfsmtMbyRMT/jLB7RLIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA3MjY1OTA5OTkwMDUwODE5Njk2ODQ2\nNzMxMzQwNTk1NDA2NDQyODIxNzkxMDY0MzgxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBBZ2o/hCrQMuOzDDqE9i6HNqsp0a802X5/xnLtSlHjmhlW7eYfabggAX0jlz4ZLO\nmh4mIalrCiIHP17z0jNT4OqjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFNnsJVH1\njmXrrju4tGN0+1yLT7eAMB0GA1UdDgQWBBTduyeuC5ccrAZcYlnwmk1oCPiBiTAK\nBggqhkjOPQQDAgNIADBFAiAjmJrmArhQtUUj72V9HFVeHQXfOtdE1JUFM+GDWRba\nYwIhAJOCUpiNAWEWVHX0lobGXE1go278ioj5eJWXrLb6/Vqd\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUBQ5LZTLWWjc3Euh8hd7b6E1UIIIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA1MjQ1NzQwODQ1NjQzNjM5NTczMTcw\nNzcxNzIwMDY1Nzk4Nzk2MzgxNjYyNjM3NDgxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBB8XRU7YWhlBRHn+nEutJHJoXhxlZu1pigYtGBqUd2+ck0QFYmoGtt+0tEVi+pV6\nqdeQ7rxSxHx5Fzzh0pmUOrCjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFJd3GuPd\nKNUNOxMxec53kx7BlmDHMB0GA1UdDgQWBBSxm5ipyhEdBH7jzv0MAGO02r1+2DAK\nBggqhkjOPQQDAgNIADBFAiEAmbZYh7b+pt2fBAdYHFFyKIMH1VnApSOC/7YdxqiA\nEC4CIFI0ixnXa/nxF3O2X1w3IVhNeprPt94qmLegCHdBswsQ\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaOgAwIBAgIUUXngw/dxnpr2Vk0lCgRPqrxax8gwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNzI2NTkwOTk5MDA1MDgxOTY5Njg0NjczMTM0MDU5NTQwNjQ0\nMjgyMTc5MTA2NDM4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEo6S3\nxfJdjHaYDQQZ5kt7hReXHg1FJ2IY4Yp4fKe5hEUVUuUA+1ahBkPzzybAzcxS+zmj\nB2D+f95E+pip0JjRqaN8MHowHQYDVR0OBBYEFNc2Vamlg+vN9ST5evZ3CXUBM8KX\nMB8GA1UdIwQYMBaAFN27J64LlxysBlxiWfCaTWgI+IGJMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNJADBGAiEAxI1Hkhh2+7sVNqoaLtSYn9vZscCyeY2pfXSq7q9grDIC\nIQCIJZ9s3fOKQzHkCh2McCKgVLiis0kBFGLWWt4uga8p4A==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUDnqhJlEbEFnQ3+57WUf1CP1EEs4wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTI0NTc0MDg0NTY0MzYzOTU3MzE3MDc3MTcyMDA2NTc5ODc5\nNjM4MTY2MjYzNzQ4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKuhu\n7mCwz87dxK3Dqqt1Y7ahc7nugJGgaYN3slMvP4a1lus0etXtNmpuR4k4ZrJs5L29\nLstcqAnKMbqn8w1VJqN8MHowHQYDVR0OBBYEFIMBODjEo5S7/s1YTdBj+nIfdihB\nMB8GA1UdIwQYMBaAFLGbmKnKER0EfuPO/QwAY7TavX7YMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiAsK/o81GTn/RymRXqtLJ9Og03enQ2yOTLvbmrK3oo3MwIh\nANvpBY2GEakJwNCcYIHOYVUWsb9/eWydpqUYmucpbM8e\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -33,12 +33,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:1) -> EE\n```\n\nThis is a \"trivial\" verification: the intermediate has a `pathlen:1`\nconstraint, but the leaf is an end entity and is therefore allowed.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUHD/qao1gSuwleebMTitPsveh98owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATpIPyEWsSAPfXyehC1qZOyIhVQY+VchhRaDJOK\nSTC2wvemMnWiPSbYXFrCInq1sAPlLYrMlwwrGbCM9t/UlJI3o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUZa9mL+2Rzx855cfipXIYO33IDiMwCgYIKoZIzj0EAwIDSQAwRgIh\nALn9rQD8v77GVr+OLUYbnqmCXXuoXrP2ywGhRWl2XLwfAiEA7OmbG0wgFF79PmNr\nh0rJhOwL4jEz3P86e9E7A9N2eCQ=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUWyoamVCCeoEdMEe1PXpo3xeudEYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQFerw0x1UtX9klYg19ZJmTpiwcwbLFvcE3Z70P\nvuKj3qN/odthvbnEe+GtWDTkhhseyErgWyua8VbGdYbxL5xDo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU+Jdz1vjYQTnFJZwJq3pcKqvG0HQwCgYIKoZIzj0EAwIDRwAwRAIg\nL0SObWUqiDFeRP50PzubCb9cal/WEZtqMjwTJD6tWSYCIBOnSbwKiuvu4EOJY501\nLCxQtNOFrvw3DDolO8vaRjep\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUVycxZQydONS9Bgr0qdBU62UTQ3cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAxNjEyNzcxMDkwNjMzMzQ5ODg5NjU0\nODUwMzYzNjIxMDU3MjE4OTczNTMzNDQ5NzAxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBOB1nxiBl9AqVl4co5bTMRBU3HpeA+1LN1nPYYiIUCD4YdyQTkPzPpp3w21lws0I\npFFdg6FfAeSsyMn96tN6VdGjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFGWvZi/t\nkc8fOeXH4qVyGDt9yA4jMB0GA1UdDgQWBBTFvGp73zcivRnl+HqGsyD9SxlfrTAK\nBggqhkjOPQQDAgNHADBEAiAE2BeTQ/WXMspBGrgP42GUsFoLF9bPpqof4z1+Biv8\nMQIgRVugjgcDY1yKoYp9Qb0lDqcIuTWUFsV9A0yyy5lpLnc=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUWa+Q60PmDGMd8FwQ6aW7cIjgN8IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA1MjA0NTcxMDg1MzI5NTk3NzA0ODQ5\nOTkxNTQ3ODgxNDU3MDI5ODM4NzU1ODkxOTAxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBHxJMeMxtLKdIFCO9/0cx/AQzjzX1bfUIGd9whsYzMlMFGNgvIiaqKv0xu6eXOlw\ne9kUTFavpw0bxJv50F8j2RijezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFPiXc9b4\n2EE5xSWcCat6XCqrxtB0MB0GA1UdDgQWBBQ7fUt1DOem7ts+hcKsOB/8spuT9zAK\nBggqhkjOPQQDAgNHADBEAiAN+miiWqKaDASo7Ubf/4v1ayEBfJypTCINWiqFVnS7\nLwIgOx8pOeCL9lnXrLijEsoMBrxUfgM4IXqxef8Ski4bYrg=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUTn8Y/g4J6Vq7qiiJkTNOfPjJuowwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTYxMjc3MTA5MDYzMzM0OTg4OTY1NDg1MDM2MzYyMTA1NzIx\nODk3MzUzMzQ0OTcwMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENXKS\n+ANWx4dEKArwfIYqsd3Ehvr3DXCdt6IP1PT7Kurix6FXSC5z4zh5OhEmfAAbYYjm\nClUNu28TvWPDHe4Ie6N8MHowHQYDVR0OBBYEFKASMhyrlcEGdJswoi8eBp+PtZAt\nMB8GA1UdIwQYMBaAFMW8anvfNyK9GeX4eoazIP1LGV+tMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiEA675QhX5wP12jloUx5I4VC7V0QdbgtMjEeXeN/WfR3h0C\nIFht0eQpOOjfuzKoYBCW3Lcno/R8xeIWHbL5Ffaezkao\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIULEoNkSbf5h+j58MhpXZFMp3X0qwwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTIwNDU3MTA4NTMyOTU5NzcwNDg0OTk5MTU0Nzg4MTQ1NzAy\nOTgzODc1NTg5MTkwMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhwV2\nESyKwF3z4RUUNnmeFDyxgKaMFxIhaC+5EjjuW+SRUUCZWc17veODU5stE5jJ8rlT\n8zp9iTf9JOP2E8fAAaN8MHowHQYDVR0OBBYEFDsl+9QkwjOTs7s2dAtgOEJGG7ve\nMB8GA1UdIwQYMBaAFDt9S3UM56bu2z6Fwqw4H/yym5P3MAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiBv/ah2pEulbBbNLlFX4yO6CfMl2NELEQPLEVlNMNK+KgIg\nYeh69Ej76Zq4aRyMXeqt9YxhPmeEgiekvZEUxrgD8RM=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -58,12 +58,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:2) -> EE\n```\n\nThis is a \"trivial\" verification: the intermediate has a `pathlen:2`\nconstraint, but the leaf is an end entity and is therefore allowed.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUNp8bEZovYcp5Oo+v9bU2DQui3qYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARlCP/LVD0O+/0zNTf32y8amNv+2AVcXA1tfcac\nAcIAsdLmtJ1JG0qyPfMGxP8d92blmprfnv4V9FJgXZeTJuLVo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQULVr5QdYXaASUxPIyt6d4R/S9wBowCgYIKoZIzj0EAwIDSAAwRQIh\nAMlCCP2NIl1nqY8hudBO5ZQ5YER78M2H+c5LEr1+jr3wAiA3C5xn2mRLvAhreJQi\neVrWRf94f+DBaYKwEJ6n7CnOmA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUS6W3r+Ce9O5wgF9VaB0SpEErSWowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASa7Zn9oH+N0VjhY+hxVUGfFDVw5l8SVWMwA3hf\n+yud4dZMw+xrq9Mv866TqepmM4ULqHaB8mn6Ko+K7fzZxeD5o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUyPkWb2Kg6FOP8lSVUMxHyQUQ6k8wCgYIKoZIzj0EAwIDSAAwRQIh\nALMuGs+AotXbED71k75QKlC4Q7aZG91pVD4N8FDYMyL9AiAXTEQHu+hmm945ojlO\nJJKY5uclzYRjcA9CIklp5in1cA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUK2c77W7R+m8Q+OPjx6HKPw8qaoMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAzMTE4MzM2NzgxMzI1MjEyMzEzMDky\nNzQzMzIxNzg0NjQyNTMwNTU5NjM2ODQ1MTgxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBJJii5xb41HrUNLF84QHoLmsinmf3Ru2huNEKZ5yo59q2f/br+P0dyMnsuFmz/kX\nUhjeMJoPwfXDz4dAlmnvljCjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQIwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFC1a+UHW\nF2gElMTyMreneEf0vcAaMB0GA1UdDgQWBBQP5lxCPc9g/htY2mIV7VLee5IASzAK\nBggqhkjOPQQDAgNHADBEAiBcJ9LlPja6TMMkB62c694nziU0I4mwLylO0Xaxcr+e\nGQIgF4H57CFk15gH+qmdp1qaBB+OxdjuZMVySmNHqMxUo+w=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUQsM4CP2ARPdM+tHGqLlf+Fx5Mm4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA0MzE4Njk5MzIxNjU4NTc2NjIxODM3\nMzk3NjQxMTc0NDk3ODcwNzk1OTc0NDM0MzQxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBEB7QY6owMT5QW7IK+4h2GT/kBQQIFJMGQWwqf0gHiqF9DtkJ1CbxM1cJkUwyJcu\n2hC/R+1sLwNgzbZtLz0yYsajezB5MBIGA1UdEwEB/wQIMAYBAf8CAQIwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFMj5Fm9i\noOhTj/JUlVDMR8kFEOpPMB0GA1UdDgQWBBT8pSymU+6Qt3BxxDZCGTxT7lwFbTAK\nBggqhkjOPQQDAgNJADBGAiEA3WH3kzzXgTgjwjbmu3HEU/2zxAJNjw9XYj5KDTuI\nY+8CIQCY04n3ry/sxHR2uF/gAS0B06YpGrdLgy+ra57ijS4kzQ==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIUIsn2xxHj8OTLyxw0CqDkZAw/W4gwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzExODMzNjc4MTMyNTIxMjMxMzA5Mjc0MzMyMTc4NDY0MjUz\nMDU1OTYzNjg0NTE4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTIwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEx3SG\nb75V2eV2fWGKMkPVpW6WMi7J11eHoAo1fCPjqENH997e8+kHueWs+ULT3rrJDNMb\nJzxf+XPwZH1u8ejWGaN8MHowHQYDVR0OBBYEFJQ3DG5PSbp0YkT41f1T8wIH//S+\nMB8GA1UdIwQYMBaAFA/mXEI9z2D+G1jaYhXtUt57kgBLMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAh8EqiQIabP1s6JOUp9BKPM3opkaXIfI8UI1SwKMhpk1AiEA\n0KP6W1ot8F14GTcB9115BmlA8hz/kbhgbPD5awBX6v8=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaOgAwIBAgIUFKEZLX+H3hi1ZrWGCPNPZUKhV8gwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDMxODY5OTMyMTY1ODU3NjYyMTgzNzM5NzY0MTE3NDQ5Nzg3\nMDc5NTk3NDQzNDM0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTIwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAmCy\n2l1eVgc2BvH/KQaJb6Bde8vOeETOVXbDVVDv/ket6sT++Yc5+ijcjXvChmIG5f4L\nOVphDV5srwHOWg7jpKN8MHowHQYDVR0OBBYEFMxlmqHfLmeaNEnMRuTVmJ7fRfIy\nMB8GA1UdIwQYMBaAFPylLKZT7pC3cHHENkIZPFPuXAVtMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNJADBGAiEAwDb2i1CkzZGZo/Ii1GMmxZWd3je5vNTWu0fL7MkjL50C\nIQCnFMdMB271qA3lOe60FJmSSAWy0TSvhHuQl8h7cPkFEw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -83,12 +83,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:0) -> intermediate (pathlen:0)\n```\n\nThis is, unintuitively, a valid chain construction: RFC 5280 4.2.1.9\nnotes that the leaf certificate in a validation path is definitionally\nnot an intermediate, meaning that it is not included in the maximum\nnumber of intermediate certificates that may follow a path length\nconstrained CA certificate:\n\n> Note: The last certificate in the certification path is not an intermediate\n> certificate, and is not included in this limit. Usually, the last certificate\n> is an end entity certificate, but it can be a CA certificate.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUL0YxZfta/XylxR092mYmFJhlXp0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARzwfRHtSoIMiZY+mZhXC0xEw4/soMJH7K2ZTVX\nQ7IzZZwujoLtIpdSbu+olG15F38MTSh5m/Ah1gNpxFLNCFrLo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUKdKWmSo709hZRU8QUNrLj4pJiiwwCgYIKoZIzj0EAwIDRwAwRAIg\nQz532LSMlKVbYPBV9j8Ic0PNfQFEu9ou21C+RqfvMZgCIGvQZJIMv74492kLovFO\nb2oONYrtsemI+uiq09/sgLNn\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUOsDaliV5YXdLHs96Ys1GUSNRRvIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARGuYewiwFqYWgBrlvcZNLC0tHC0aNZpoU/JBdA\nkif+QNHPCTwm1XrgfOnFWsd0XR0PlGXjUa/APCxs3IIHQgRqo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU9ZrTaRJuEtuW5UkYxUnlEYjq474wCgYIKoZIzj0EAwIDSAAwRQIh\nAN8j2uO4jJ+EkL7hfzhaABNQB7E8D0gDq8ah5OPpjUnNAiARlMiRtp7EQtrDRKIk\nFnI0FYvKDIQFeHjzsCK9yueSVQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUEIXysP976bCBGATEs7+W5RMjDzEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAyNjk4ODc5MjE1OTcyNTU5OTE1MTAy\nNDI5NzQyMzA5MjI2MDA1MjkyMjA5NTE3MDkxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBNOFjVsLfRIQ4ozgcR1gii67JjB0CSgbdGYsSbzw6hhzI/eo8J14S5cw89u/4yR3\nNgeksMBHyjDYecS90EIk18SjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFCnSlpkq\nO9PYWUVPEFDay4+KSYosMB0GA1UdDgQWBBTbAAW6clahYk4EOOhqpbGqsNDxOzAK\nBggqhkjOPQQDAgNIADBFAiA3avg3tSOWtL9sP9Aaqb0qIgXZKzOdsnddQCE9gJcn\nCgIhAN87KVwtUDn9Ok9sGlA9OuVWl2RszQJIVr5J+lahJvL0\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUBuXI3KBzWi/zxbn0cNYBpVsEeM0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAzMzU0MjIyNDkzNTY0MDA0MTQ1MzIy\nOTE4MDQ0ODU1Njc4NDU2NzU4MDEwNjkyOTgxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBJjHWtCJu4YxgFgk+KThBRU00a5D3JR+bEXeGzE4yLD71Xs62VLxNVazG1IBbSvi\n/qELAJdyiXNliwJ2ja51IimjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFPWa02kS\nbhLbluVJGMVJ5RGI6uO+MB0GA1UdDgQWBBQLYFxxAkC/W8l9qBhg2QLGaE72ZTAK\nBggqhkjOPQQDAgNIADBFAiBSVihuE3zDSMlb49XaFgIlRaHONUlqTfinG312opuh\nfAIhAKwpPkvi4t/+Oo3m0g+3Se+F2tyizpMxqRHHYOKkf3nU\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICTDCCAfKgAwIBAgIURvIkTgalelFKfGbyswAvG54FkUUwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMjY5ODg3OTIxNTk3MjU1OTkxNTEwMjQyOTc0MjMwOTIyNjAw\nNTI5MjIwOTUxNzA5MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGYxODA2\nBgNVBAsMLzk0MzMwOTkyODQ3MDc0NjAwNTU0NzEyNzkyODU1NzU2OTYxMTUyNzk1\nNjEwOTI5MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRobGVu\nLTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATlN5U0Y8v7uxnxPnCPvI28bY21\n7uP46sSCKV5Y2SqDTv/sdb8EyIu6qnyoAlhMSnpkcAPDyMqDsHvUK+QREah5o3sw\neTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtl\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTbAAW6clahYk4EOOhqpbGqsNDxOzAdBgNV\nHQ4EFgQU+UZWaVtDoXAA3TthIflA2KdvALQwCgYIKoZIzj0EAwIDSAAwRQIgFVDx\nVNLB1i5stCYfcdtvL1X6aTMSIyFNzxF2il3iETkCIQCKUeUPZ/0+f0ZxR9j86DLt\nq//OExNXz3gcN4kM3zW6yA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICTDCCAfKgAwIBAgIUafeRvvN4kewGZl79UglDv6CYF7cwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzM1NDIyMjQ5MzU2NDAwNDE0NTMyMjkxODA0NDg1NTY3ODQ1\nNjc1ODAxMDY5Mjk4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGYxODA2\nBgNVBAsMLzM5Mzc4MzEyODA3OTg5MDQ3MTgwOTUxNzM1MDU2MTc3MTY0OTU1Mzkx\nNjU0MDkzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRobGVu\nLTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARSl5w2+CSXN2vYGwfsucK4B7Dx\n7v8vhv9VcVIELsHkB9+8AYP7onWrLnO2NN2C3tsLtaH/Qm/qPkLYaTBFWSBso3sw\neTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtl\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQLYFxxAkC/W8l9qBhg2QLGaE72ZTAdBgNV\nHQ4EFgQU9oSnMpRd+MlOCb0Rq0bhCgEFVP8wCgYIKoZIzj0EAwIDSAAwRQIhAIlG\nM2NZw0QNguYIPbGDor4NRxYVOCZCOw4vcp4OpM8MAiBAi9U9XAT2pmS+Q26QJn1r\nsGE2rBx7iFdbaD0YE5NGSw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -108,13 +108,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate (pathlen:0) -> intermediate (pathlen:0) -> EE\n```\n\nThis violates the first intermediate's `pathlen:0` constraint,\nwhich requires that any subsequent certificate be an end-entity and not\na CA itself.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUAeDjPQ6mXLJjXIROOtjg3YAb1O0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQE4bHfyadYtJLzf3Lot4YqfDnOEgncvKyxPerh\ntzTUl8wGg51yCo9E8IidIf8n+bSivAxfTRhv55a7rA8yNSy2o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUc09i41wby7lpZ2UOuHY2eWtEAS0wCgYIKoZIzj0EAwIDSAAwRQIg\nVdRpKRbfJSJ5jA1AJZbly6u7pf6SePG8Jsx5p7YlosYCIQCy73PqZylmuKJfaLLf\nJCS/hZTlkqvXawQCfNvB2egk6g==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUcfZokWzvvb9yKk0+yUt+iTlVl10wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATdFHGrIu3VxGCi8e3bkNwoyC1kKlSQ3gpupc4l\n67GU11dTAbqechSunRFVJ9JVWhu2dQUXRtiwwbVBxrr1de1xo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQULp8M8mOsRNQd54S96DvhOC0/N2owCgYIKoZIzj0EAwIDSAAwRQIh\nAPdePiXmIv5nnDdSGwT3Y+0uhp5JxEl6/6xRgmQQ/yQWAiA9N9djZyHGd29x+9MD\nTnxuMS/naBfof2/xRhxPpU5Cqw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaWgAwIBAgIUb4ZC7qQUlQfHHr4AB62YhCU26JkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBmMTgwNgYDVQQLDC8xMDcyNDE1Mjk2MDg5ODU4NDE5NTcy\nNTEyODcwNDgwOTY2ODMyOTAwMzAxMzM1NzEqMCgGA1UEAwwheDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nNp2dEWmSvUOZu4kPxEsKdoBaSsEPrBGrJWycXgTgTHGXXDKT7DfECxNGVrZxSwlw\nKORLJMd1QTxgIpjwPezX/KN7MHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUc09i41wb\ny7lpZ2UOuHY2eWtEAS0wHQYDVR0OBBYEFCWPeGccYkmXCcfFk5QUG5BWAwoCMAoG\nCCqGSM49BAMCA0gAMEUCIH1ElqCbUkmL2RHRz/dnDFENDOWIsg41E8GXd0XMBu32\nAiEAywJbdocXdltYXQ2QgIOFTdBWqsrkJsCsWksea8VymNU=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTDCCAfKgAwIBAgIUeeppdWC0k5k1/vOFob3e6EkcvE4wCgYIKoZIzj0EAwIw\nZjE4MDYGA1UECwwvMTA3MjQxNTI5NjA4OTg1ODQxOTU3MjUxMjg3MDQ4MDk2Njgz\nMjkwMDMwMTMzNTcxKjAoBgNVBAMMIXg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tMDAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowZzE5MDcG\nA1UECwwwNjM2NjkyMTA2MDM0MjI0MzczOTkxNjI3NDAxNTMxMzk0MDc0ODI2NzEz\nMjYyMjMzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRobGVu\nLTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5Qc+cZWhLOip4FYII6x99gTlx\nlC5G1O+52ZGJeNClO+Gjy6K98WF+IEyB7ntDEm50TosWdud6EqmTSunIaJkOo3sw\neTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtl\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQlj3hnHGJJlwnHxZOUFBuQVgMKAjAdBgNV\nHQ4EFgQUnpsudyDlvMBVkA657539xC1g7LgwCgYIKoZIzj0EAwIDSAAwRQIhAPOv\nMEigyYrQOZ9sc9rmW2iRQ5KVmYQ0YZ8g8rJwzO+0AiB7iTkWT+J/xXa7u1S3TXye\n7kLkPc3SM8aSkxW6ESAfrw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUfr3aWL/Qk5PbBMXR3vi8N3bnpTAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA2NTA2MTEwNDk1ODU0MTM5MzcxNzAx\nNzg3OTUyMTI2MTc0ODkwNTQ0MjQyMDkyNDUxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBIQqyZ+OZxZtsiU2vtpAo9COkaVFmVzfedMePfni9O2ul+kpk2I3+TKxoPExg83p\ncusyVRjXIHAURPFDBGhObRWjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFC6fDPJj\nrETUHeeEveg74TgtPzdqMB0GA1UdDgQWBBRtrKoXLPU8SzdAej+NxgMtiMLRhzAK\nBggqhkjOPQQDAgNIADBFAiABUoOSTEug2V6c0R/Sbcd2AiM5SflGUQv3OTQP5DGP\naQIhALxPjCS6XfnsAVoJYXlCZLaKUYvZB27zk1nAUa/au4Z3\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUcHgKYXy9WxAw3GkCHdM0W5uds10wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNjUwNjExMDQ5NTg1NDEzOTM3MTcwMTc4Nzk1MjEyNjE3NDg5\nMDU0NDI0MjA5MjQ1MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDcyMzU2NjY5ODY0NDQ3MzAxODc3MzUwODkxNzQzODY5MDk5NzMzNDI4\nMzEwMTQ4ODEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErJGoJmUDVeBQ/wbZSDXZj8Hg\n320Z2blmc24jB36+b99H/uJ2uL7McNH9L551E0vsz5GM6K37qXAX9+swE6BIQ6N7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUbayqFyz1PEs3QHo/jcYDLYjC0YcwHQYD\nVR0OBBYEFNa7uLjNS/iA6ol496XbYZ/LKAQ3MAoGCCqGSM49BAMCA0gAMEUCIQDF\nwx/lMzH61WRU1A/gi4JeXQIOIB6wQIndPtDo4Nd02gIgaE6sDd5oRb7ayM6fAVAo\nFc/joRXhKN6gV0ULDLLBzD4=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaOgAwIBAgIUSmQw7mmiiF4OylLrZstAJMq4+aswCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNjM2NjkyMTA2MDM0MjI0MzczOTkxNjI3NDAxNTMxMzk0MDc0\nODI2NzEzMjYyMjMzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoeJS\nLPZTLaC9wGBkwEO5/SoHj0vcZzCbPy80d+FbY+TXZgpVZi6KyOo8WIp/NIATY9tF\nAhjaQSJp4Sn9BM+HyaN8MHowHQYDVR0OBBYEFPBf/g6A8FgS4Elv3Isi+wQjB6o8\nMB8GA1UdIwQYMBaAFJ6bLncg5bzAVZAOue+d/cQtYOy4MAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNJADBGAiEA7RAOZ9BZXG6cagu4lANLYfW4e23+dWd1AP7y0IplNzcC\nIQCNwpyinLW+PCEnzW4NyISMY1zK5L51NrjlVdcjhTqGLQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIUGuaWnQn0yjgxIToUJWL32gdIBt8wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNzIzNTY2Njk4NjQ0NDczMDE4NzczNTA4OTE3NDM4NjkwOTk3\nMzM0MjgzMTAxNDg4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhIHV\ny67D6WrpkIKfmbBUxOTqxGmyPpfa8zg+4O+bL/F6NZSDDUrY9MvEdP0SYifMg7Pa\nKasFvRubhjK43HxfkKN8MHowHQYDVR0OBBYEFPXI2R/qH+f0bByg6H7O39fCziIC\nMB8GA1UdIwQYMBaAFNa7uLjNS/iA6ol496XbYZ/LKAQ3MAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiAC+Fm3Wf5OUT8mlGVN1WDgKznMYG0haExw/XUf/AjdGQIg\nCVSQ55dueFEUbW6VXAC5qF8egloyxKtJwyDYDkPl8Y8=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -134,13 +134,13 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:1) -> intermediate (pathlen:2) -> EE\n```\n\nThis is a less straightforward case as the second intermediate's `pathlen:2`\nconstraint seems to contradict the first intermediate's `pathlen:1`\nconstraint.\n\nRFC 5280 permits this as part of supporting multiple validation paths.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUdCto3izFkm051Y9rmrQWDW972m0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATE1bbcezCbALkDaq3tG/bNV5GqWkLJddqFK+nz\nViEkXSL9QokOq5e2J+RdYJbVgDpw4bvdjBmQz2KP5/KAaNllo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUhjFJEthSrR6E2XH78eZD1PccnJwwCgYIKoZIzj0EAwIDSAAwRQIg\nFFovWP2DSnWij65JAyo4Tm3T8X8biOJ+05gQ7Ivl0WoCIQC87PB6UPcpxCtztcZ+\n23364dlEQ87T1BleC8hzB3G1aA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUPH99BXC/dCD/7PzXvFm7RGdaBdYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATXJetHjIIq0UdzlIeZeCZaB2hco6kzp7pI7qT0\nGqBtPFg0OiX1QfWvc5T7vPkyjDSNj6jY/EY0oMfxI0u+eeITo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUpHOYQNFt9Zl0qR0P9jbTJT9fl2swCgYIKoZIzj0EAwIDSAAwRQIh\nAOHswjrKXDdZ04438Gu2DHpNVP08sR4PrjOjf02YX/W3AiBWVwgWMPyp6bqD4YBJ\n7gVS8S5WA9oAgh8rJq5s4Pj//w==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUWvEmekWEhUox4+mgHGku+OnXVUEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA2NjMyMTA5OTY3MzkwMzY0NDUzMDEz\nNTkxOTQxNTcwMzQyNTg5MDIyNDgzMTU1MDExKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBEk/NhySnHcEM/62mOvcrD/PzCny/Py5Hktae5E0mT4zf4t6GDqnER6iBVDJzZ8K\nFA9/mfM13yIhu/W2f1r4eiqjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFIYxSRLY\nUq0ehNlx+/HmQ9T3HJycMB0GA1UdDgQWBBSG4JKAKtQFGgtD5rz1V3lDXGcTnzAK\nBggqhkjOPQQDAgNHADBEAiBKfc4ge7pZt6FGK4sA+laKSFR5ZFaq6UQhXbleEkD/\nqwIgfg6a0k0F/elpkQxuvRemvHDylaltqUh9aQ75QZn//Hs=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUH4sVB3tHraX2AJQkvTr6/srCLR0wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNjYzMjEwOTk2NzM5MDM2NDQ1MzAxMzU5MTk0MTU3MDM0MjU4\nOTAyMjQ4MzE1NTAxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDUxOTE4NzAwMDg0MDcxMDQyNjkzNTI0NTU3MDQ1NzY4MDk5NTQ4MjM0\nOTI5NDkxMzEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGI5bcp95Boysg3C8egaCRXek\nTWyCaX1/aDILQFj3kgSF0tHyL2WgaeKFRhz/4F0WJ0aItLMZzWGHgElf8epMJ6N7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBAjALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUhuCSgCrUBRoLQ+a89Vd5Q1xnE58wHQYD\nVR0OBBYEFDNKoH8j8mjad9z1fCkEHXXkuAWTMAoGCCqGSM49BAMCA0gAMEUCICdR\n5XdysbZYIDJSKxPhBW/2Lb0hBiwYWOm2EpaFlLtPAiEAySd0S2OCtBkbkMK4cQtB\nsSGiWshEAuNven4HvqmQdJ8=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUFkJ0h0iDNq219JGdqUggx6fAlU8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAzNDUzODI1MzE3NzY2NjQ2ODQ4MzAz\nOTc5NDYwOTkxNjc1MTM2NzIyODI2NzA1NTAxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBJrRFuw+lKTDw3kl3KIRwvZcsnGZrt9YsY86DdmxEiyPEfnInePJ9NR8M8Npns4p\nSsZougPLsx9hUmlF8q8vxvujezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFKRzmEDR\nbfWZdKkdD/Y20yU/X5drMB0GA1UdDgQWBBRNIZAJTRhpCOZlb65ONzxD4KU/hjAK\nBggqhkjOPQQDAgNHADBEAiAzrxykLiPng2G32eVdHtz1JkWPI5Pj4zflc3OCY7pW\n+wIgG7udWwo7bWXagZSAGbKJ4CctxsVNs4yO470ntBBHHX0=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUNI8D1yUvp6Pt23j0ImgerAHXyocwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzQ1MzgyNTMxNzc2NjY0Njg0ODMwMzk3OTQ2MDk5MTY3NTEz\nNjcyMjgyNjcwNTUwMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDEyNzA3OTc5NzIwMDkwMDgyNDc3MzY1OTI2ODQwMDkzNTg1OTM5Mzk2\nNTEwMjQxNTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErI7kU2igx9FcZAWlh+p4gDjy\nHXfsN+wcNkLETzjgRNk5JX04GtVCrXyyO/XQ0jZhLVGCn5+rSUDqS+/N3v4DgaN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBAjALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUTSGQCU0YaQjmZW+uTjc8Q+ClP4YwHQYD\nVR0OBBYEFImlvgtviNlCCt9//13UNmD7F7WcMAoGCCqGSM49BAMCA0gAMEUCIHpz\nnSSc142mDZLwIcZ8ZUtcJNcxaJe8l1+GOTUNmimvAiEA5VGV2F2qjNKnPZlByzty\nw57kipNEdzZWyDAkdUVOcZ4=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUZEtHGOywwhLfqTxXGEtXD9yelYAwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTE5MTg3MDAwODQwNzEwNDI2OTM1MjQ1NTcwNDU3NjgwOTk1\nNDgyMzQ5Mjk0OTEzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTIwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+lhl\nKsdgQCunkE4l/20BeaIqXsaB64D9e5PGCxIpIHwGqZxoj5U3ZGUzbC65QcGT6cKF\nAZa/VvcfvtcGJ/09oaN8MHowHQYDVR0OBBYEFKycaz2r3UGuQkvFCTD8YUHPQwn4\nMB8GA1UdIwQYMBaAFDNKoH8j8mjad9z1fCkEHXXkuAWTMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiEAzN57jXP2zDvn65i3EAuWGOm5dHiXe26a0uVJuGZuYU8C\nIC9NVOFuDnthZj+wKVqdyK1VBVZaX4Cyg2g8LIWv0FHU\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIUaNUnZTX3ibcCL9+BJT3u7KsWaPowCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTI3MDc5Nzk3MjAwOTAwODI0NzczNjU5MjY4NDAwOTM1ODU5\nMzkzOTY1MTAyNDE1MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTIwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7ZXm\nwikEq1Lfk08cTyf8yVviWpNcHxI4ZY+g1ED2mlgOnGKtEV+x2stdoo/n4H8j04CG\nsGatx9lpbXc+0fvKZ6N8MHowHQYDVR0OBBYEFAk114IiE9DgD1i31dcZKCRpMsCX\nMB8GA1UdIwQYMBaAFImlvgtviNlCCt9//13UNmD7F7WcMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiBc/LZ2mrLfHyGXchRp+dZfJTm/5HOnXhxaE5Rx7FsxawIg\nea30hokRkRF2TZwglw6D/Iv2qxyw4eO/SmsM+nqNSv8=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -160,14 +160,14 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate (pathlen:1) -> intermediate (pathlen:0) -> intermediate (pathlen:0) -> EE\n```\n\nThis violates the second intermediate's `pathlen:0` constraint, which\nforbids any subsequent issuing certificates (which the third intermediate\nis).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUI8PVfnCEffhITMo8nNCoHLq+W2gwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARXGi4Tjmq8rwhEf/UCYWcKDpsKAI5k5Rqt7xER\nWHRI/dOJ5wQEMgqlGsaFrYLuE2LlKhEt92xXPhbdJkb7sCJeo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUojatX3YFEUeaME9V60VSeNjMrd0wCgYIKoZIzj0EAwIDRwAwRAIg\nO4iHOr+3go/vPgF5s+5PdvbOopfK3U7nRgTXWHFlzs4CIBvHORzOcKl0SAIZCfWT\nmJ7Tf/zrKh0sZLjTQFxdkdyh\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUFKKuPx+/XR70WwZv1hEMJmXyn/QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS+RXFXo7N2zPiYuvyZta02aH9rgEQFcbLsX3PQ\nr8VacoFVbCh8/p01BABr272VY7lY4uOBXV/N1ewzTb+EewMzo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUm3UuKRd6ieqGpA6qJ7eaXnORgDswCgYIKoZIzj0EAwIDSAAwRQIg\nW9/CLR1JvR9qWYxUb7UVUMVYypNmKvPCmPmT93GELYECIQCOeM4/j5bb8ClsRD5E\nQkerxhRHNLQW3uTyugzHga1JIg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUZQmPnFcA6ghYPmjuvtPA7O1Cci8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAyMDQxODE5MjAyMzQ1OTEwMjU1MTY5\nMzkzMTcxNzYwMDI5MTU0ODIwMzIwMzY3MTIxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBABwn1HGsoomWBfk1Rtw7Fdljes6jV6Pk8aFdGbMQ1e0D8DXVrqUlrVzfwGZlreb\ny7hlujGmrkQvojNqiyNtDvGjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFKI2rV92\nBRFHmjBPVetFUnjYzK3dMB0GA1UdDgQWBBShEIevz2QS44WrQ+jo0Gh8PZPPeDAK\nBggqhkjOPQQDAgNIADBFAiATwRrZIXE3hKXplm+wVIaUpjqNTYkFZac+Z/OOyUmX\nhQIhALxqdvNCme0ci93F6XUvpu/JSXAv4OKxyTUCQQoVEnr0\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUUxs9SI7+8ai8K+M3g0aiBN186SgwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMjA0MTgxOTIwMjM0NTkxMDI1NTE2OTM5MzE3MTc2MDAyOTE1\nNDgyMDMyMDM2NzEyMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDU3NjgyMTI4NDgxNjU3OTYzMTMxNTc2MjQ4NTk2OTAyNjkzNzc4MTk1\nNzU4NzUwMzEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqXyj2XKVSmOIRq+S5WF+RbDX\nVIcPay5j+FwY6Tqx3XwCyGJ34Q35vfIXRYRJDZ9i9Lc/jiByXdt/nUub3I4Z2KN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUoRCHr89kEuOFq0Po6NBofD2Tz3gwHQYD\nVR0OBBYEFH5zTbtzPyYNZsY5F9Vjpj7BtLJ1MAoGCCqGSM49BAMCA0gAMEUCIEU1\nMOXeFOccyvlrEL2UaPs5JDV+tWi0zO0Ja+b/E2MeAiEAivMN+/kXxEizeg+V3h69\n8KRqmx0DFyYeMZEWg677ktM=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUSfUlo8wvDA3+hsJN1vJo13Y9/CwwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTc2ODIxMjg0ODE2NTc5NjMxMzE1NzYyNDg1OTY5MDI2OTM3\nNzgxOTU3NTg3NTAzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDQ3NDQ1MzY5MjYzODU4NTM4MzI1MTU5NTE0MDk0ODI4MTc3OTg5NzE4\nNjk2OTg5NjEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEamMiF2o3Z3pr+CdJzPpDINfB\nIjFa/zyidKC23F6t8mpclkIyULGozW6+PE9kPwV+NY5Im2EuCT6GesVWNlI1l6N7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUfnNNu3M/Jg1mxjkX1WOmPsG0snUwHQYD\nVR0OBBYEFGjyc4gsOU6XMnspyYYOz1t8/BKMMAoGCCqGSM49BAMCA0gAMEUCIQDQ\nA5d0+6lMtkMhZyxUuqP4Sj/AZoIhBr4nRZK4Zu/v+wIgQixsThx7ZuxpOpsh449n\n5+xf6c2+66O9ky+k4lsGtcQ=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUVNfmCH/6bUHVyOewNo/vZgzKMlEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAxMTc4MDc3MTUxNTYzNzk2NzkwMjE1\nMDYzMTg4ODA3OTQ5OTM5MDg2MTI1MDU1ODgxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBGjwWisStVbuMhwv8xSqeAFEegutzAOCbAqx6RcAr9GWlKKJK1tJbe534l27W9hu\nyTJoAiif0HQhUk1QjEwrDrOjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFJt1LikX\neonqhqQOqie3ml5zkYA7MB0GA1UdDgQWBBTzeO53Fi6QaogWCvkq8mZm7pQLMzAK\nBggqhkjOPQQDAgNIADBFAiEA/IOnOrIpHgGve+3yeh35U2jnxCHeE/ddCtlNHB6B\nqDoCIDTFaBTyp4C8PJv2ZIO28Z2cBptj3D5jiS9FUzyi+jZ6\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUR6kXgFfzQlthFFJLw9oJqBrVDxswCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTE3ODA3NzE1MTU2Mzc5Njc5MDIxNTA2MzE4ODgwNzk0OTkz\nOTA4NjEyNTA1NTg4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDQ4NDM2OTkyMzY4NTAyMjA4OTkxMzIwOTI2Njk2NTc5MjAyOTYzOTAy\nMzY2OTg0MTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEajWhznrxmGGgKjQrMoNK+kjg\n2CpC+v/kwWoLlpoYs+RJhd3JrNk9hbkpsJ+SySGVKa0zKCAC+C30Dt+WyPTuuKN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU83judxYukGqIFgr5KvJmZu6UCzMwHQYD\nVR0OBBYEFFuR6Rsf6V/7UBU+iIzcwafLRzn4MAoGCCqGSM49BAMCA0gAMEUCIA1+\nFDM9XN1Gw6SeGQT++j/99t7zqFF43Lc7Ic3cZ//UAiEA5/pAb14fd6LKJSuJHHTv\njTH0rkJr/UezB1Cf7hGjLsk=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTDCCAfOgAwIBAgIUbJrzyGsLutOjEtLvygEkVH1q4dEwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDg0MzY5OTIzNjg1MDIyMDg5OTEzMjA5MjY2OTY1NzkyMDI5\nNjM5MDIzNjY5ODQxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDQwOTEwOTIxNzkyMjY2OTU4NzU0NjAyMTgzNDMzODc3MjA5NTgxNzA5\nNTY0NzAwMzEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELzF4eduqxKpEXk07Yct2h4ew\nTk+68b7WUbE/lsZBZOTqZhFLTtTlp7HVXbIG2UgomeFD+KSomnzvmtYUrSMecqN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUW5HpGx/pX/tQFT6IjNzBp8tHOfgwHQYD\nVR0OBBYEFCT+TYEsKPjlbotE7+2XMGcMwnbLMAoGCCqGSM49BAMCA0cAMEQCIDG4\nNJLy/4Cs6fGADwHnS4d33p+GsIsJixgHvW6Gh7iLAiBfKK/qwUfbQvVrpxjvkQWS\nIxEJXGNC/F8XCLTC8aNGkQ==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaOgAwIBAgIUK4MfOBQ1XqBf6YnfNaDojiIMgR0wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDc0NDUzNjkyNjM4NTg1MzgzMjUxNTk1MTQwOTQ4MjgxNzc5\nODk3MTg2OTY5ODk2MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE56hv\nbf2ZWNDnt+Bjfh6G/AeAU2qqe7upQZp2KY6Mmwj3N8G6gGTwUYgy3Hn8qIQOzcuo\neF8iEPxuNJQE9Wz99qN8MHowHQYDVR0OBBYEFJXPiz5dUGNFzUcgB3CfvC4Fb1aT\nMB8GA1UdIwQYMBaAFGjyc4gsOU6XMnspyYYOz1t8/BKMMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNJADBGAiEA0N1h7gI+VFOZB4ClO3B6A9jqe1uRm1264o2TrJhjMEsC\nIQDN9ucNi4MYi8ABv2q/ov1fzdAN5pTEzNzan95w2SltUQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUGz/kEymXrN6V52vqDQjTL1yzLHcwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDA5MTA5MjE3OTIyNjY5NTg3NTQ2MDIxODM0MzM4NzcyMDk1\nODE3MDk1NjQ3MDAzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcZok\nB3EllwNhUMlSUIkoGuVoSv/Ml0mwZOjKYvqTwc8S1aujh2UfoJ7k0QOldymwmRbj\nPtc8+xcUDeeM58wlIaN8MHowHQYDVR0OBBYEFNia27pQfaO82dAqfptY4n+qySo+\nMB8GA1UdIwQYMBaAFCT+TYEsKPjlbotE7+2XMGcMwnbLMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiAFm6BVz++8/mnqkXRnMhAOqUnR0K+2BZ/qDwhHN4iW/QIh\nAJxTYiyKflZgGpUm2dEl7NGqFcPnyA48DEMK4qeOA0GL\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -187,14 +187,14 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> ICA' (pathlen:1) -> ICA' (pathlen:1) -> ICA'' (pathlen:0) -> EE\n```\n\nThe second ICA' intermediate is a self-issued certificate. Self-issued certificates\nare certificates with identical issuers and subjects. While this chain trivially\nseems to violate the assigned path length constraints, the RFC 5280 4.2.1.9\nstates that self issued certificates should not be counted.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUaIobj5g8I09qa7AoeJbDalmmLLQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASI2n3xB/y7zWQu+DbszFprlNwNipIsT1iNTLVg\nv5LIJTjxBs/EMXfh6waUysnMvh+lMZhEJFjdJ7RRmLhF8RkZo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU32WlReJqYnkGzLMwFafZIAcGUVgwCgYIKoZIzj0EAwIDRwAwRAIg\ncr2gztPEXAxkQwuKtmjofz3/gpca0jVxeLi21Uz2O1kCIB8K7YnBhtFBOLNfDq4T\nVogCBhFau2VvL5lQSpo3NlWO\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUGDIa3bpzQ+1+MOi+0ojihQHYV3QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQnQYS8VwvedMQg3lFx63ToFML1sjMi5xt49XeP\nl+KzXYZWttcWUfrDauN+i6bnU57i4mRBBxuwAG6nDc5ZOzaro1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUKREIGpWOpzVqAluLXBrgiPa4yMswCgYIKoZIzj0EAwIDSQAwRgIh\nAIIK/AW0rIxry9bYqq3GAfgKtEuYJx6uk3rRT2j6ydL0AiEA+bhsF5h/DyDoExhZ\nFn4ECHjCcTj2CoBbOT2u66Re/P8=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUfs8PCe5/HLiAQrIlf0x5sZTyocEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA1OTY4MTQ5NDM4OTc1MzAwNzMwODE3\nNTQ0OTMyODE3MzAzMzA3Mzg5NjgzNzQ0NTIxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBCKhS3fE9s51GS9MMTdE1yxQavY103WcxPUiaNAqYg9G6xFYutODndqibtXS8dJB\nx9wrMAtAoJuLl81R0InVPQqjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFN9lpUXi\namJ5BsyzMBWn2SAHBlFYMB0GA1UdDgQWBBQYueAePzqhswmYZjSqsi8rPdNgBDAK\nBggqhkjOPQQDAgNJADBGAiEA0BJrCkJWwC35RTM1nYgGb6kaxtKDyQNtiwihrDAW\n7kkCIQCkBCnzeIFESXxYSuoGeDnoxnh0jNSBWTyy/SVB89YZ4Q==\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTjCCAfOgAwIBAgIUZpCdlQZ2dOtL9Wdt3ef9J3m0Vh0wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTk2ODE0OTQzODk3NTMwMDczMDgxNzU0NDkzMjgxNzMwMzMw\nNzM4OTY4Mzc0NDUyMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDU5NjgxNDk0Mzg5NzUzMDA3MzA4MTc1NDQ5MzI4MTczMDMzMDczODk2\nODM3NDQ1MjEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEg0azQmH/qWe4xnFZsbc69ek1\nJ0ffEPuh2auELhnjOoee0Ux1X2tTwvUQhEHg1tCUAUHg7NsrygxvlWK57v1/KKN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBATALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUGLngHj86obMJmGY0qrIvKz3TYAQwHQYD\nVR0OBBYEFD+Uv9/u4tkrJ8HOiw0gCpv7E64oMAoGCCqGSM49BAMCA0kAMEYCIQDO\n1EKjXPLAu00hPws0x/IeLeaV0f09fuZ/C9RH0qaVRAIhAIAiqdNtAbb43r4ovw3Y\nif24cWZmVRTM979q4lu6HDc6\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTjCCAfOgAwIBAgIUAx4GDiw5rgquX3o8Qyrik3Q4dcwwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTk2ODE0OTQzODk3NTMwMDczMDgxNzU0NDkzMjgxNzMwMzMw\nNzM4OTY4Mzc0NDUyMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDU4NTU0MjA5MzI3MjE3NDQyOTE4ODM3MzI2NTI5ODAxMTA2OTIxMjg5\nNzA3MjY2OTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOaU0Ze+sX9p//t7cLPhOTYPq\nhBXqjug52W24UK188hUBe+QwbCmrZRaG2Us0YdBMz1sSdtR6j5WurGV7JI9wC6N7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUP5S/3+7i2Ssnwc6LDSAKm/sTrigwHQYD\nVR0OBBYEFLddW15uO3nKYFLl8V65Jvff3bouMAoGCCqGSM49BAMCA0kAMEYCIQCD\ndDRWzxCR2jac5KOxjfgstwvt5mtW9LuAoNm/TAtfrwIhAIOwRkYfL5HfehLH4IWq\nOaTnhfFXsP4qltlZnNlFbq82\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUGH1gsJZuZw6CFaBhk+dMuHeReiQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAxMzgxMzMxNTYxMjkzNzA4OTQxMjQ3\nODM1MzM0NzM4MjE3OTg4OTE2ODkzNjc0MTIxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBFo/JydnQbEjWWC0dkJ0f202Cwavqr/tn2cN4W8VMxx5O8AStFdaLzaNzGChI2mC\n04JLw6CdJb5l6/5AI2+I4OSjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFCkRCBqV\njqc1agJbi1wa4Ij2uMjLMB0GA1UdDgQWBBQqTU5PdTL6Z05d0iu2j1cGz1xSWjAK\nBggqhkjOPQQDAgNIADBFAiAG44RY/TV0eMGpxalNoqDz3vJAbODb0zVytSaorFNn\nyQIhAPHTXi6bxPtqRm658aoVDu8Ja6nGZ9KCYbwr6MukS1Jx\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUQMV2ssT4Gm4B+H72qS25jezMjQ4wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTM4MTMzMTU2MTI5MzcwODk0MTI0NzgzNTMzNDczODIxNzk4\nODkxNjg5MzY3NDEyMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDEzODEzMzE1NjEyOTM3MDg5NDEyNDc4MzUzMzQ3MzgyMTc5ODg5MTY4\nOTM2NzQxMjEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwNBXY6+mfeT/7E8arkVxS65R\nZMp7cVHd993bj7S5v86OyHBp9L8VnZXAN5+KUCGzZyQ3q9zM/iY0nCNIBWacBKN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBATALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUKk1OT3Uy+mdOXdIrto9XBs9cUlowHQYD\nVR0OBBYEFNv0qt0tw7wNOhdbeonBr00x40GbMAoGCCqGSM49BAMCA0gAMEUCIQCN\nh8EgdVsmeqKLO5lhBXxGHQGcvQPAng5269TnODdVDgIgK9IJE9JxiEc3//CpbAy6\nRrkXUa8ykN6BIXQ1Va/L2DU=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUM4MowYEdAWgZRtq37szzIcG8kuwwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTM4MTMzMTU2MTI5MzcwODk0MTI0NzgzNTMzNDczODIxNzk4\nODkxNjg5MzY3NDEyMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDM2OTc3ODk5NjIxODY1NDQzNDc5OTA3MjE2MDgxNDQ4NjA2OTI1OTk3\nMTM2NjE1ODEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFQE7XnzW0mt0BbkVTXPiN0qZ\nsMVZjI/+BBjvWhOYJlO3yNPmcNvl+DqlhvIHJr4R2FvAEhMy81W0KUV5TExks6N7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU2/Sq3S3DvA06F1t6icGvTTHjQZswHQYD\nVR0OBBYEFNpJPJgfb486cmfrRiAb7e7sQpb5MAoGCCqGSM49BAMCA0gAMEUCIFUk\nmZwcHBb29MRPSnRIdOX2XLH4ntyFxLTplm48CDMZAiEA0auSjzPdMH0RMRZu+HMI\nRomtKL+4flmclFji1KbWSqk=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIUArthtRwI7FAN5UnJW6aB3X6aSUYwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTg1NTQyMDkzMjcyMTc0NDI5MTg4MzczMjY1Mjk4MDExMDY5\nMjEyODk3MDcyNjY5MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXN34\nwHFfqF/Dyjx34xFV+ML3JggILHcXuafAmNi0PTqgrw4Os36edsEbzIyqTc0JWH9T\nR8RsvpVjDr/OUYsXeaN8MHowHQYDVR0OBBYEFEuT+YTKWpuqFVg/4aUsmkDvPSuS\nMB8GA1UdIwQYMBaAFLddW15uO3nKYFLl8V65Jvff3bouMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiA5iMV4KqEMazQ5eJwsCIRRCs2FKNuGMgZwMdN81/s4YAIg\nMyUDdRy6Kk4wTXBtq/J+RnVaoY07XeZp40gYMqPXbl0=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIUdj6GoRT9JNUJ/pB3zeBp1K6WRJwwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzY5Nzc4OTk2MjE4NjU0NDM0Nzk5MDcyMTYwODE0NDg2MDY5\nMjU5OTcxMzY2MTU4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7GTH\naQqySs1HSqqBNavpOf2TpvhBbdetwp5z+CwZBGD8lFmavTIGXfxW12IrdG/vOzP8\nDLbuIDSKi4LhOw6hN6N8MHowHQYDVR0OBBYEFFB5CrdEC9pnvq9jpYu2JbjO9KZc\nMB8GA1UdIwQYMBaAFNpJPJgfb486cmfrRiAb7e7sQpb5MAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiBu8Ud/sM3V+OGf7MeFbm5W5Bsqk0jnkq+c1BtbsnlW5QIg\nYt+eZg7qth3ZhuaAo9ZEFt6onofiUxv9cN/wdSHeSIs=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -216,10 +216,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nWhen validating with a maximum chain depth of 0, there may not be any\nintermediates.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUIZGp/w2VwIZhRzmirxv6uUfShJAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQvDGitfvLR4zUyRAvi9d2PLsqQFTXBg/cOobQU\n+PNDHD/NOqVbK/Lkv+ePgO7M81ASybU9AJToAOQo6Rw1/PjSo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUVKTH9QzCqlQLszwbVAPGWiiGvNwwCgYIKoZIzj0EAwIDSAAwRQIg\nGg883PYJroYMZg6tZk1I7GRShb5knxEBkjRyEAIN1h8CIQCiP1ec4yESXUpMboky\nN1q0wTYSjrw5+lr57+7DTaQPNQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUf2/ROO/EMAnRle/39Oq7AzF62oEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR7NzzXjdHiAIGpxLLZJB3VbIQ71QKZWDr9PTnB\nhsoNrznc1ER8OEc+QhV4p+fVANKBKouNmCa42VD8OyqgaxO9o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUnBC2xRjwBbXlh8ABPlAKGh3e7rEwCgYIKoZIzj0EAwIDSQAwRgIh\nALpaSnB6VSW7sC3s0GP6mlJdui10Uk5QtLhBN5w55E7xAiEAsz5scuHNXtIutkOA\nZGgxwVqSwT8hKYkxVKZdlKnFaAk=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUDk+7LdTxiPBXoADsBW9OrxvNF7YwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBCYtnKZngaHE0ZLcqQapzrU2IlwRZ/yq6sfirJzwaAB\n2V3CD+Jpyn6iP1P+KzAbcLoWSZ3R7byIi4pqvg/SKSKjfDB6MB0GA1UdDgQWBBRQ\n1eNt1XLptKd4pCjbhpQAb4CwfDAfBgNVHSMEGDAWgBRUpMf1DMKqVAuzPBtUA8Za\nKIa83DALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAOBwFivCqGwVyG5HJuhK\nxbOSPN/eG/04Vcv+Iow5lIOwAiEA4W+1pcHR93PuSckXvujcggwAZDmiPNhJnRbB\nnT7r604=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUGE5N9JJZDAJLrtMe4E4bqcwhsNIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJZAa0GtNMQCPXItpP+m0R7aIhWEQHftFbG3Y1l5Pid/\nw8OLUYsddVn6VTFjSWxkcB7AzyKcuqyASmsA5B8Nd8ejfDB6MB0GA1UdDgQWBBRp\nI9haK1q3pjTJdbDl1ygNBOedpDAfBgNVHSMEGDAWgBScELbFGPAFteWHwAE+UAoa\nHd7usTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAKC9isIPCP6GPSrpSWq+\nzoiKaPiC2jhAM6wcSYXzv6iRAiBFB865iZOV8350konWwXeqnL5OL4vtAwg0CHsB\nH7icTA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -241,12 +241,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA' -> leaf\n```\n\nWhen validating with a maximum chain depth of 0, there may not be any\nintermediates.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUMnjPVek46d1Dnt0zLRgfohdKTn8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARZ4Nc2ikf/H8YSGVrbQK1khjWK71jcH0QoNvqm\nK622UPpLeL3DNHqBYiPXi6nUvEqZna8n4sik8stJjxm9TUbJo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU5prmhDnU4uPONUsySHuSDQI/QgswCgYIKoZIzj0EAwIDSAAwRQIh\nAPXUoQu7G2pUTBUspL09/1TtXafxYdVNychFP3tpIOpWAiBxM9TzrZFMcTZAads6\nCvWJ/kxKjtjhOl/Ur1hO4qE/9w==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUUCafe/pBOlqzbz54M1bs+3BvR54wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARnptomIF3KMlQgPoxpND1KttYhfpP5OZG8xols\nZPGHPNSC7NjN2dMjxZzXYCmdQUoYQoqH6A9w7turqU2zU8/No1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU9h6RSiZh4y4ESlLxIzmSYxtR/d8wCgYIKoZIzj0EAwIDSAAwRQIh\nAL9reGRCDpiudDnIhT9Ny7HPN02gPOFvJEorIeec26aIAiB3Vgqhf4uO52tj+Avy\nXrKyD5RlUzP3e2iubOvCj+6eAw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUecLUbJDbFHn1VsFKRsg8M1KGlK0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyODgxNDM2ODk0NDIyMTAzNDg2MTMy\nMTkxOTEzNjY2MjI5MDIyMTgyNzI2ODk3OTExLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABFZN/Z9LtiSmUqurA90YBJG9Ax/G1JBT1+1fjlXJgtSGU50xjL5GeXR01bmO\nSVZrrgfoXbL81xoAFsqMPz5Vwj6jeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFOaa5oQ5\n1OLjzjVLMkh7kg0CP0ILMB0GA1UdDgQWBBSlng3AmjDepQkY8LOx86NyULJRjjAK\nBggqhkjOPQQDAgNIADBFAiBuVz7jq7HH/mB61uafVZSiPY79Wtffg1uXe7rjlZ5T\nBAIhAJ0pqbMDFU1bOmDZUD5CFPx1oYr78E/bI0zThTa7NAUY\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUAhpI6/gdm2tCiY6z48bc2EG42hQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0NTc1ODA1ODMwMjQyOTEyODg1ODA1\nMzUzNTkzNDM4MDY1NDA0ODMzNjcyMjUyNDYxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABEKad8aP3R/49OBeBKtA56HWSwmV+7kI52iEMfQjjCEtygF0TC8BkRkoZqOf\njKWscLeyvQXQ0baXb8L2Zv55+a2jeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFPYekUom\nYeMuBEpS8SM5kmMbUf3fMB0GA1UdDgQWBBQ+gCoW8NIr1pqBgHJjtr0kE9WDvzAK\nBggqhkjOPQQDAgNJADBGAiEA9LU0219cdIwTRu81XSGQTnTkWUCDerePBhX2/uHh\nUEUCIQC6qkA3rhYG6U0lovOSl6+SWG2Hrcb4PLvbNNpUJtMiOQ==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUL+2qjUbgqR3r0w0zL7oqVqvzxW0wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjg4MTQzNjg5NDQyMjEwMzQ4NjEzMjE5MTkxMzY2NjIyOTAy\nMjE4MjcyNjg5NzkxMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\ntO6iDbVLOFE8XN9eVs93QukT9s0DbAqqUV2j07l1cJK/aVUuXvXwavc1S5sjELz4\n2/jRoIoZ/bIao+c3eE6JXaN8MHowHQYDVR0OBBYEFO9QC+fp7BY8YQWNBajHGgAI\nJUCzMB8GA1UdIwQYMBaAFKWeDcCaMN6lCRjws7Hzo3JQslGOMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiBnBGXzWDK4+hnsi2YEkSYbu2cckT3SUEzgGCkneJ2Y\nMgIhANyTKT/tY64aHYy6Ki7rsMSOUokm77DK/AdyewtsuM9M\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUa604iX1r68frIDIEYmtKSzIiS3QwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDU3NTgwNTgzMDI0MjkxMjg4NTgwNTM1MzU5MzQzODA2NTQw\nNDgzMzY3MjI1MjQ2MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nA1nGppOdVCMG8759g4Eq33iRPUoFBSX6mApwAvjJsXdiSmW7rLJGikMkSR93nk+L\nmL/OZ3Er7FWbYetMRS2VuaN8MHowHQYDVR0OBBYEFMKPK9cHLOipyQxA2/LOKPyz\nNmcuMB8GA1UdIwQYMBaAFD6AKhbw0ivWmoGAcmO2vSQT1YO/MAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEA0eFt+Pucy58aL+yMJ9BI3Fh17d18si7yUreeQBdE\n+agCIQD9uYeY2LDPH7vUOiP+vQzVilZTiEPPctolMxmPRIVE5g==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -268,12 +268,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> ICA' -> leaf\n```\n\nWhen validating with a maximum chain depth of 1, there may only be one\nlogical intermediate.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIULRgeLvRk0g7S7fUlrNQffD1Ab48wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ+TGQEWbbCYdpVC+z6BhCnTCECjHLDz1ytfu+S\nhSd7p6Z7+br5IKbgna4te8YBw8jHHj+tfvYNcV7YYXu+8Wyuo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUntg5xpvxOBd50AqnQ5gmfA/stpEwCgYIKoZIzj0EAwIDSAAwRQIg\nPsJ5k5PFXZhN+Wqz18r4bgGfYO6yhfSojG/SuSoZQLwCIQCwe6Cx/K05FhWYl5f4\nnHJENBvGxaYZ/lDc4BDeOjg+LA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUNqvXXpOhsqQYDKmFupGA39Zvr38wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQvQs+LJiVFutxv0wRAJoO3eOBCkhXYQkcCnx58\ngCcun3IS08UFZ+3DVCiJWsj06RQcHRd1ZVUhFis2UDxBJWDmo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU85Gv4h7FkCtGjFTYx2hCvaFc0TMwCgYIKoZIzj0EAwIDSAAwRQIg\nAirq2yv0tvGQNP31RnHNAwlxUyCj2GEnrY90vhIk+Y8CIQD3U627p0ZeBA49BSaN\nUSXfuraSu5FDX6J4vLgBrTz6MA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUJ7LAOUUwBaGu1LTXjoeDUh1Tm2owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyNTc0NDI0MzE5MTgyNTk0NjU4NTQz\nMjA1NzI3MzAwNDQwMDk0NjQ5NDE1MzkyMTUxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABHVOKrIx59qU11eagdvjGs47jqOqyDgtqRzWZl9smkbEikYcakss8+T6aJ/N\ntf0RFJzu/3BKbhpjBvudRybhE+WjeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFJ7YOcab\n8TgXedAKp0OYJnwP7LaRMB0GA1UdDgQWBBTe5kZ4V3RdbQYf/c5Svu4l03bobzAK\nBggqhkjOPQQDAgNIADBFAiEAucixAiG4SqiKLITznW212xOe/q2yMTkZjFXhE8TJ\nKtoCIGnoprmcUA7WXH3M94yvJ32tfNhoNwZHOdp+B/2xP5S4\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUOvVvd4AMueK7092zhRXMb3ISjrAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAzMTIxMTc2OTAzNzc2ODk5ODgzMzE0\nMTQ3NTc3MTU0MDM3MzAxNDEzNjIyMzczMTExLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMBlVCDNAFVEqQ6zGIt2b43YLdbLQ9Il2l6y6hdpIlvQ5JGPXBb/5bW4rN92\nrP0yKDTH8W+cDhPjLgpGVHsJth6jeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFPORr+Ie\nxZArRoxU2MdoQr2hXNEzMB0GA1UdDgQWBBTr0hmb0CN1nWmZJqoRxbpALnUBpDAK\nBggqhkjOPQQDAgNIADBFAiBPjC8gcPwkzTW5cgZCLlBx9JjldMRG5ioFkB0fs1be\nKwIhAIDCl4olfJe7ubDVYF58XFRPgWlI4NJTtrz1TMbWOGLN\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIULE75GJzxbw8tMHtYA7+8X+//NvswCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjU3NDQyNDMxOTE4MjU5NDY1ODU0MzIwNTcyNzMwMDQ0MDA5\nNDY0OTQxNTM5MjE1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nkO/tbGR0QgBxwBMIpOPWzPj+pZnzT17AnGJVoi9TtVjX56kvrDZ4FZwyYwwfcNzF\nsj2L5eL/BhZ8Q3GyGyIUcaN8MHowHQYDVR0OBBYEFKmXCKOY+QwBX3fadXkxaCKP\n4kluMB8GA1UdIwQYMBaAFN7mRnhXdF1tBh/9zlK+7iXTduhvMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEAiqfId0AuCjUQiHaxrKjOF/PnK4XPZDPJRHBPFutf\n704CIQCUONMYab7UYsx9IzhQmXVBEZamCJriDeW9CTaHWgkLvw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUKiC60l0N+cSWpJmtDWZxM109kLkwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMzEyMTE3NjkwMzc3Njg5OTg4MzMxNDE0NzU3NzE1NDAzNzMw\nMTQxMzYyMjM3MzExMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n6r1OXzcLsVnAeRV4c4PclSSZ9tMb8T9WR/psV6ZekDm9TFhS9VLYvzKiLrgx9N9n\nBTHhSq4skwoBvdowp8W6yqN8MHowHQYDVR0OBBYEFCJS6vfU4ULaQhPvuxjstkuO\nU0n3MB8GA1UdIwQYMBaAFOvSGZvQI3WdaZkmqhHFukAudQGkMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiBCSKTZR4Fk2Aq8Hp8PagjUUgGjLqu1qvmQ31mCUzOC\n8wIgeEmb4nPBWext+EMalcd19Cfo90JbQgHGuIfwTtmcPMo=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -295,13 +295,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA' -> ICA'' -> leaf\n```\n\nWhen validating with a maximum chain depth of 1, there may only be one\nlogical intermediate.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUCtTrhCsgD1xhFY8uf73tIfo1JsswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATeDLYTHTjnGPNICLBamC5zCtczDVbX6hBJ6BlK\n8zdO9xxjM0FhwR5jCBHhO3NdgV4J/D7bL9rkfa10ajH0aheRo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUSES+bjlb+Dw7RVwjMercDVMd60kwCgYIKoZIzj0EAwIDSAAwRQIg\nfggjW3aMBwcgP1s1T7h3ITYVsFuX2H3NScgWrGc98bcCIQCiKQS4Zh4b6vZA14Ha\nnPtLqseOKITfp2RL+9eN1sVAAg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUGoGzlPZn144UfzLblf8VsjrBO84wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATyCc4h5XtGrwn/swxrsV6LkVf/Xc2CKVGKQXpB\nGRsDLa1Qvut9FvcotLYVy3FlRN8XJA0zChoFCjhYOSgaCnSUo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUVzslGmJZaUG6oGgAvSIHxPZQ5REwCgYIKoZIzj0EAwIDRwAwRAIg\nSttxsxS1+aj5XcNUCpaqdTeZ2NQRjVd76dVh1KxgjVcCIEqHlemNV3bXJu9IWJ1J\nPw7ioOS2eimL6xi6JWxbBL56\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaWgAwIBAgIUbEDoQywJgZ8azX6ZtLCi/jlchVIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBpMTgwNgYDVQQLDC82MTgzODE4MjA1MjExNjU1MzQ0MzU4\nMTc1NzQ5MTAwOTA2MjEyNTQ2NTU3NzE2MzEtMCsGA1UEAwwkeDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\nQgAEEZ+m5u/csDx/6x6fSZIDOvVT45vmyms4/4+viMzyT0GmODsCF7JI0ci0FYS7\nC6Y5E5/ZfjmoVovhN8NJFjltqKN4MHYwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUSES+bjlb\n+Dw7RVwjMercDVMd60kwHQYDVR0OBBYEFP+kgWVOEwjFWns5s1Ge3/nVL2UIMAoG\nCCqGSM49BAMCA0gAMEUCIHhsJHAvCO2R3ioEM0O4f5PmekZUN1Ndbv1zNRNUkTCi\nAiEAotqpSbyzdBVBW1e/Vs+aDa+LZCiaaZduVE/rzhBOa8E=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTjCCAfWgAwIBAgIUPOLgbzMakK6SpZaU0/AYoA5Bjn8wCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvNjE4MzgxODIwNTIxMTY1NTM0NDM1ODE3NTc0OTEwMDkwNjIx\nMjU0NjU1NzcxNjMxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowajE5\nMDcGA1UECwwwNjE4MDE4NDgzODQ5NDcwNzcyMTAxMDExNzU0MTU0Mjc4MDcyNjA0\nMDI5NjUwMjU4MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRo\nbGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATo/CEno6mDoVeBvSfi\ne+UOuH1hqhx/kCGCkHXjd6CE+0jpfvCRH/mT99DMghNXpaW7INYJzGzXp6WO/Isb\nsAo8o3gwdjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzAN\nggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBT/pIFlThMIxVp7ObNRnt/51S9lCDAd\nBgNVHQ4EFgQUU5iZKzO0MxXOluLt3FY4dvfBx5owCgYIKoZIzj0EAwIDRwAwRAIg\naW4Ch3Lq1Uww/XfvfITSOuavokr7HKJ69tzCmoaY06wCIEZOEEDXlRyFtOxPl1kl\ncQXHovjTDj53nxy5fcfryfVf\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUbThLnmVkbetQ0HnIUagJ/jotWjwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAxNTEzMjYxOTk5NjA1MzE2MzI5MTI2\nODc5MTQ3OTY2MTE2ODczNDk3MTg0MzI3MTgxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABFuwRLFn3qQNw69f5TlreDy0Lm46sqC9C4bek9Y546SUAJN26mcUdnMw18eB\nfgS8WyeyEnjMdvkXqUQEVMh6dJWjeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFFc7JRpi\nWWlBuqBoAL0iB8T2UOURMB0GA1UdDgQWBBQT56NzB8y9vT/3UbI61kBm/UGGjjAK\nBggqhkjOPQQDAgNHADBEAiB2phs55KfIx6AkTYliDYe8L0yF3iwIcz+EoTep5Tds\nvgIgfSt013KtLTmMzfzhrQubycSCLmVDtYigdBZSNZ8nSO4=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTzCCAfWgAwIBAgITLyFuPnZYJne2UVLNN+1hKm8OyTAKBggqhkjOPQQDAjBq\nMTkwNwYDVQQLDDAxNTEzMjYxOTk5NjA1MzE2MzI5MTI2ODc5MTQ3OTY2MTE2ODcz\nNDk3MTg0MzI3MTgxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowajE5\nMDcGA1UECwwwNjIzNTM1NDIzMDcxNzQ4NTY1MjUwNTIwMjE0MTc2OTk2NjEzNTY2\nNjY5NjA5NTMyMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRo\nbGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATNJDKNA4wSS/88QoB6\nZ4bvBTrEDTYU2wCq61AgBY22zHpdeHpvAcLZE2I83yqkDulwbs6O8vWEX6rsDj65\nlkFEo3gwdjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzAN\nggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQT56NzB8y9vT/3UbI61kBm/UGGjjAd\nBgNVHQ4EFgQU5Nxc5JrYvUxYscXPaXSokcYom8QwCgYIKoZIzj0EAwIDSAAwRQIh\nAJeBiYs+icYQhKLIQ+8cDWsdnp9j6xWv9RT/DCpUny3uAiA+AlzKSLgIKM3zlxCN\nTkb/b/XnSwtq15O5mI0Eqku0aQ==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUO4qJ9l3Gjhg2sN0twCandCkTIpkwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjE4MDE4NDgzODQ5NDcwNzcyMTAxMDExNzU0MTU0Mjc4MDcy\nNjA0MDI5NjUwMjU4MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n7lWwug6O0u53zx4dDXmqnlsELAyx+uf0CosnWgT2w43fqGYcvycdIANmv9ngXbzU\nWLsGocFNyJthTphR85g8D6N8MHowHQYDVR0OBBYEFKEdMwxtNGvsuSjTsATo1N5/\n+Dz2MB8GA1UdIwQYMBaAFFOYmSsztDMVzpbi7dxWOHb3wceaMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiAfiNMoLBIGXIYUfL3tjKwnyhSC64Dqih/LWvMvOJUl\nMQIhAOTAF0UT0hkUSWgSDpAE9pV1ccJBydkon+4Nz/zvE6cy\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUWXUeBf8PQhjyPph0UH8mNrLNi64wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjIzNTM1NDIzMDcxNzQ4NTY1MjUwNTIwMjE0MTc2OTk2NjEz\nNTY2NjY5NjA5NTMyMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nsKRZLiBt07OkB+02/7E68Ma4VPHQ+9MtpC2ScJoscw8RfOGFNwV9hqYzJEIyqasD\ndPf8x58MTa/AxOxhsoN+waN8MHowHQYDVR0OBBYEFBdlJQXqD7i6+U92lwoBM1Kr\nnMuyMB8GA1UdIwQYMBaAFOTcXOSa2L1MWLHFz2l0qJHGKJvEMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEA0AlgJPkTg7xi5oAC/VqTqCFlTAJZ9mZSZWO7NKwq\nQh4CIQCizggNCnryubZFXPVWii7OLKTwIQYhRRAfMxiDtMcRaA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -323,13 +323,13 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> ICA' -> ICA' -> leaf\n```\n\nWhen validating with a maximum chain depth of 1, there may only be one\nlogical intermediate.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUcmq7OWskQjM0u06Wlz86OkhJyzwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASiFHS/OkYiN2v34U2cd/r68KlGMccPAPMVLYpn\n2GuWpULP/IqbKwULRrupTHsawDo5NrmelalTuPQ/QPf9fPmzo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUKwGadyMLXVoyseEsIRcKEneok3IwCgYIKoZIzj0EAwIDSAAwRQIh\nANxr3oB31aFepvKMkgmgH5CMAiyO024yNJA2qHAscvbSAiAc/vF+rIEtg82Ggfe3\n3nhMcxS4ZBHGBh3Xas7xmJVlrA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUS18VrDWUUCAcHX10zVgBQveR+fQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASGoVFN1RWpYbs2HosTGSYaIFS6FPvrk0NPzmhU\nD9VcF7jsNrGHQOeHpRYMwgnnQftIGC0dV9UAwisTZLnZ7lBho1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUUoaQQLqrOxDhl2bPD2pl852gXlUwCgYIKoZIzj0EAwIDSAAwRQIg\nKPyLCQ+kz/RNH44NLuUt4gx7a7LlVe0M4r7wlXZJs2YCIQCOKUUDfievQyuCqwTh\nNw9EW/hwma+ltS2YosFxs9FeEA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUSIh7nwMP3MS3H63jhKteViMUp7owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA2NTMyMDUxMzY0MDA5NDE3NjY0MDcw\nNzk1NjY0ODE5Njc0MDQ1OTkzMjE2NzY2MDQxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABEB6nX17WLf4YAX6FCOChfc7RrytLRzCVLLtJ64KpMXZbU9IwkLUV9MYDFVi\nl2I6eOcNxmJBrk/1+Gih4K2ghiajeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFCsBmncj\nC11aMrHhLCEXChJ3qJNyMB0GA1UdDgQWBBTnc5XrMd3VKLbL7/mmDvEAEFX44TAK\nBggqhkjOPQQDAgNIADBFAiB/cTdV0b0wwMlZ9XvkPzxroSTn5XnOuxOrj5Qgrbve\nkwIhALCmmqkS4WhdoezQEOM6Dc3qJekmtk6cr7C5r7yvlkyE\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICUTCCAfagAwIBAgIUQm1X3NZIRX+RMux5KlKOUm5TE6swCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjUzMjA1MTM2NDAwOTQxNzY2NDA3MDc5NTY2NDgxOTY3NDA0\nNTk5MzIxNjc2NjA0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGox\nOTA3BgNVBAsMMDY1MzIwNTEzNjQwMDk0MTc2NjQwNzA3OTU2NjQ4MTk2NzQwNDU5\nOTMyMTY3NjYwNDEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE48Nwo9qZfEhfFPln\nO2MNmN4kjIzQcDl+ioRiMdzIaKY10GwCCH8UbYMpcOG/T6sCJMUm+lWNE91QuMG/\nQ4SXy6N4MHYwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU53OV6zHd1Si2y+/5pg7xABBV+OEw\nHQYDVR0OBBYEFD5eUBJTGu5YZjK0xGfT2c52vxzoMAoGCCqGSM49BAMCA0kAMEYC\nIQDSKKMEBcbK0gwvY5xeUFEkQjiU9iS/h45bjvxV238KZgIhAOnaxhNXNqWuh4ur\n4PczehDtlRYv8PFxo/TcAyM1aj8G\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUdF8f2ErTa0+nAxjCVZNB4rvjMMYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0MzAyOTQ3NjY1NjM0MzkyMTk3MzA5\nNjEzOTg3OTAyODQ5MDg1MjIyMDAyMzQ0ODQxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABJWDy0aFwMCuX8BPHIS+UhQBmdUl0snjZQ2nB671AiD4bb9kOueqsYho0mpq\n0tp8kaCjtEmje2hkih/ncaC6WiqjeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFFKGkEC6\nqzsQ4Zdmzw9qZfOdoF5VMB0GA1UdDgQWBBQDc/rFHdrD6AFMywnTbUfzCfWOcTAK\nBggqhkjOPQQDAgNIADBFAiAh/mKd1TdSUpCu6Drtesw5DNjKWAVmN+rR7329jelE\negIhAJVWjd45ty4xStBTX2J1RUnwCgSPlxGbLo2Cy00XjQ9r\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICUDCCAfagAwIBAgIUWxBFklscoaIaZ5Wg9xCJRZx6y/EwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDMwMjk0NzY2NTYzNDM5MjE5NzMwOTYxMzk4NzkwMjg0OTA4\nNTIyMjAwMjM0NDg0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGox\nOTA3BgNVBAsMMDQzMDI5NDc2NjU2MzQzOTIxOTczMDk2MTM5ODc5MDI4NDkwODUy\nMjIwMDIzNDQ4NDEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW6MsWC88yCwxcude\nvqfOzWlnEBClqfB2GDaqQql+KBA6DMZqmqVMyN3Ya+Prhd2Q6cvuHOqErVDiU/l+\ncprLk6N4MHYwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUA3P6xR3aw+gBTMsJ021H8wn1jnEw\nHQYDVR0OBBYEFKJa7YPMm2VQ+vxlQu6FchTW7jpvMAoGCCqGSM49BAMCA0gAMEUC\nIQD8y8uYrjAW5rZj4d0zip7BrHOtAIutv/QFXtDvL+Ls0gIgUswpS0eSyORSApJb\nur9J1zShFO+bQL5PYKhPcaguERY=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUf5dOFbXChgKaPSh9gnzQ9AXm9MwwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjUzMjA1MTM2NDAwOTQxNzY2NDA3MDc5NTY2NDgxOTY3NDA0\nNTk5MzIxNjc2NjA0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nZ6LvVpllRa1QPwp4jamHw0AAH8v7TPxjY3AnaVczLuLE9odzktJCjd5uE55NJkgQ\nqyIFVuJ2+dyAqsrSyOgir6N8MHowHQYDVR0OBBYEFHjRX6EB6lcKzTsFP0e70HdW\n01eEMB8GA1UdIwQYMBaAFD5eUBJTGu5YZjK0xGfT2c52vxzoMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiEA5C/ZFv+zPVzyE9aq2h2+cvpHYcdbuX3Gpnqc/A7Y\nSrQCIE4zfy8WfV5K4Y2+XhAtqE1cpE7KOZe5HGOHr2EDuhVK\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUDL8shIFRxGLgl6vkEUN+zW6FiYswCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDMwMjk0NzY2NTYzNDM5MjE5NzMwOTYxMzk4NzkwMjg0OTA4\nNTIyMjAwMjM0NDg0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nw20+SN8g64+WCf7evUunduiCkuSS8SVZO6H7I820bdOHQHyXE992d+FtBHSo5JZs\nNJ2kEzNvJOoBzzCgUpOKraN8MHowHQYDVR0OBBYEFB3h5aM2qeikclkAcqrDPX4a\nYFCpMB8GA1UdIwQYMBaAFKJa7YPMm2VQ+vxlQu6FchTW7jpvMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEArG4FURNzyCorR9ujl3dse9K2CJRGQxrvsa69YToz\nsTQCIQCFsET6iEuROW4HjTqHmfio6mL+a7T6VCpLLSQmZ9ewPQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -349,13 +349,13 @@ "description": "Produces the following chain:\n\n```\nroot 2 -> intermediate (expired) -> root -> EE\n```\n\nBoth roots are trusted. A chain should be built successfully, disregarding\nthe expired intermediate certificate and the second root. This scenario is\nknown as the \"chain of pain\"; for further reference, see\n.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUZ4JmwwaWJ2zfgiKFl8S4xKqgBSMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR6mzxklVMRcTrcRG+OrF2x9fakys16ZxMBb8/I\nL4aLDr9p1G40xP4o/iGJkLdhmJf5sJGTHpNmddSTc/di0P7so1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUI5YM9wMxZHZ7ODe3zsY0wUtZbXUwCgYIKoZIzj0EAwIDRwAwRAIg\nDnFUDdGEhmdI4YyHQID2WLyN15LJptTJldk2BD85EaECIHseI2+7SD0xQUlu+vpq\nK17B60COIIOPOMiZmNRyEDVT\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBkzCCATmgAwIBAgIUFRprbMxeDSwfEWLAunLMlca4JrwwCgYIKoZIzj0EAwIw\nHDEaMBgGA1UEAwwReDUwOS1saW1iby1yb290LTIwIBcNNzAwMTAxMDAwMDAxWhgP\nMjk2OTA1MDMwMDAwMDFaMBwxGjAYBgNVBAMMEXg1MDktbGltYm8tcm9vdC0yMFkw\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEajtbzyIXIOOovSeo6mxrMIJTxeHwNh5z\nNH3elxfjiEBSxS2mO/hWYIFh/+j40LmM3t8WAu4LMO8d1p6U/tdx1KNXMFUwDwYD\nVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5j\nb20wHQYDVR0OBBYEFDPm13apQQby974/fnRTaeIouBb9MAoGCCqGSM49BAMCA0gA\nMEUCIQCgfYeZ8VJMXUfvF9J88PxXEpZ0cQQuRpWFZduu81jWkQIgaaXuqeOVCxZw\nEqoPB0zT1YzoYFk0Op9wMcIxBfLwrck=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUYaEAmZxd3o3YrOcBd33WXr3R4XkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQquvDg36uO4wXdG7yNoW0hHxb2W9uGZjY60NkY\n8X4g2j+8l429ffAbEbC6/544smodITJ6qFD9H4EAelK8nQOeo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUuVozKxPdnai6uRqWwLj82AdUq0MwCgYIKoZIzj0EAwIDRwAwRAIg\nHDIiPpcEbw6XboA7TREHKZSqaJrjPvmf+hph+lQDwyICIA8Ih92Gibya4+9LOKhQ\nAAZPRN86fczLBIm2jHS67J76\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBkzCCATmgAwIBAgIUMk1inn3KeT6HEX/sSN9q41YFEU4wCgYIKoZIzj0EAwIw\nHDEaMBgGA1UEAwwReDUwOS1saW1iby1yb290LTIwIBcNNzAwMTAxMDAwMDAxWhgP\nMjk2OTA1MDMwMDAwMDFaMBwxGjAYBgNVBAMMEXg1MDktbGltYm8tcm9vdC0yMFkw\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExvGB456sowGoOQrvVsBF6trnZLp7OwwH\n29W4u+lKbqzxhrPxWLLmYVmRqp6YLiJJtH3Od6Dq1+D7rlOyyb26fqNXMFUwDwYD\nVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5j\nb20wHQYDVR0OBBYEFLqIofuw9K6TcylQIWzl1mlJbvomMAoGCCqGSM49BAMCA0gA\nMEUCIQCt4efuPjZtA+yY/cEgQMB8De6iChLbowTuJLcaE1gG+QIgAoJeD4CaEWIH\ngqyMW1L+wyILwRT0XS2laAexkc2vW74=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUKV4YboXhkBvFGcyffugIcb0SQtQwCgYIKoZIzj0EAwIw\nHDEaMBgGA1UEAwwReDUwOS1saW1iby1yb290LTIwHhcNNzAwMTAxMDAwMDAxWhcN\nODgxMTI1MDAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR6mzxklVMRcTrcRG+OrF2x9fakys16ZxMBb8/I\nL4aLDr9p1G40xP4o/iGJkLdhmJf5sJGTHpNmddSTc/di0P7so3sweTASBgNVHRMB\nAf8ECDAGAQH/AgEBMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNv\nbTAfBgNVHSMEGDAWgBQz5td2qUEG8ve+P350U2niKLgW/TAdBgNVHQ4EFgQUI5YM\n9wMxZHZ7ODe3zsY0wUtZbXUwCgYIKoZIzj0EAwIDSQAwRgIhANTbUn7u2SBbxqKs\n3PkIfd87tu4c9N/1QJzL5UFbFBynAiEAiT2jt8LHHxyolKkPtVV3F9xKenOrFUFt\nry8CPm+IiNU=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUVVN4MLYbAirkWSmkjPBceeGU/dQwCgYIKoZIzj0EAwIw\nHDEaMBgGA1UEAwwReDUwOS1saW1iby1yb290LTIwHhcNNzAwMTAxMDAwMDAxWhcN\nODgxMTI1MDAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQquvDg36uO4wXdG7yNoW0hHxb2W9uGZjY60NkY\n8X4g2j+8l429ffAbEbC6/544smodITJ6qFD9H4EAelK8nQOeo3sweTASBgNVHRMB\nAf8ECDAGAQH/AgEBMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNv\nbTAfBgNVHSMEGDAWgBS6iKH7sPSuk3MpUCFs5dZpSW76JjAdBgNVHQ4EFgQUuVoz\nKxPdnai6uRqWwLj82AdUq0MwCgYIKoZIzj0EAwIDSQAwRgIhAIECTu/8VK93Nd8s\nKGUYdZN1Y3MtNqSOVso3OEvsLBbzAiEAnTiVCqUry76Tt05srh8cyFlexiGRWiEn\nTAzYAjeEV54=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUF00qkVitkc7uWhVPi5GzX86wP6AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGOMVh233iNGbv5pew1DE+7/UCs3qHMueNvuMDKDk6nk\ngzMYgMst3S3zXMnMmHP3uPL+SEx1BWGM5euugk8TwHejfDB6MB0GA1UdDgQWBBT+\nZiiu9hLTyG6qffzdzYWSMNGfrDAfBgNVHSMEGDAWgBQjlgz3AzFkdns4N7fOxjTB\nS1ltdTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAIEL8lTLmrhQUnhznTEQ\nVHFhPLEguGzgfSzG0K9NbMbEAiEAg6Ye/FlRWHJx8BTqe9SsL9wOJpE6n28z4kR7\nl45UuQo=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUOgjtIecTU5aBwMVBxcAGTt8ntrswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOfI6j5n7IrTDl36HOXeeyfr1TEPikVBcrWuboFVai/P\njW7fvBb0xo9mEc/SV3H403ymPFr6ykFAEq9PF8IVcL+jfDB6MB0GA1UdDgQWBBTw\noQIV9noiOwUuPgjEs3rGDbbojjAfBgNVHSMEGDAWgBS5WjMrE92dqLq5GpbAuPzY\nB1SrQzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAMD+uSo4/XVZpNGCRU5r\nXIXOCUgPTUXRlFyzKOvCGJY6AiBTj6KcYx2MrpI9iWGKM/JeMsdff0GmHBaPWhnC\ngjGp4w==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -375,13 +375,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -/-> (ICA' <-> ICA'') -> EE\n```\n\n`ICA'` and `ICA''` are separate logical CAs that sign for each other.\nNeither chains up to the root.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUSANH6sNeRas/WWKyh66aIl0GrfIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATZMnIpDkSHfgNcxrNHOkzEg56g2Q8hqHWNz5XR\niP787Xrwv6of7HToL64IGaw/WPXH4s5Hyh8jw9D8+60TbMbTo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUIwhTQ69z3Jpa4O/ChjQQ8oSucZ4wCgYIKoZIzj0EAwIDSQAwRgIh\nAMjy2AEbRFAYa3vD3KYsySvR67CZLXUMUyvRPEKoBTocAiEA4o5Kc+DptxwPUgdo\nktqevcfkmB4g6eHl5aH+7JFbt+U=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUU7yEl9eyaFlvL+eI353Um+VCK/QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATDu7cruHv2s5tSt83k48KkPRdFiXcr2xWknPnW\nKMeap6ES1VdQ7Jf2BR9MllvH6ddrTSKaFWa3bDPBV75CF829o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUS75YG8tCnewU0VrF++Y4M//4BOAwCgYIKoZIzj0EAwIDRwAwRAIg\nYvpc3Xnv6PRkJ+NIfOX0Uou4g0/MkzwHaoh8UXjJxJ8CIF9jarvdM82l+kzH117D\n+JR0X2poygbzpMtWyLF9th/2\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBtzCCAV6gAwIBAgIULoGt3k6KpKaadQYApUeAxcvEs9kwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABIDdC2zIpajDqmRhg2PH9ZCqg/jKvBDWSmpoZ6/qG3rll2oCTgsGYM7J1Pj1\nMNy0PAnacb3T2Wr9AoBsndv20POjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFAWXOElKOjsgUBSM/+yUZaySGbNGMB0GA1UdDgQW\nBBT3GLUiokrwvZLu3DVu0Ugr1rBmAjAKBggqhkjOPQQDAgNHADBEAiBOXz+Hyi8f\nyTKxyKwsV+oa+XfKrYnHnGyHDb23C+wNZQIgW8fmi/+k/7yCO4hkNcdQYPjVdf4Z\nGo6jUP7rKBVxxCc=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUNQXqeQDsLWhY5xlF36GIBnZu260wCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABF+gKIsc774EqxOjCtJrA3xUVh/exSJgFty8hk4b9lKO4AFBN5b0DMWmibcH\nKS6MShNOs12QT1W9KkOlCk8Qe0yjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFPcYtSKiSvC9ku7cNW7RSCvWsGYCMB0GA1UdDgQW\nBBQFlzhJSjo7IFAUjP/slGWskhmzRjAKBggqhkjOPQQDAgNIADBFAiEArDkJTnmZ\nEi1vC60OwUFfSurbTnEi7XQ3z5bNZ/1+FXACIBprznh4N6fkepWfU3lpCf3xMNbe\nX0WxTm5RzjzZsfe8\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUINMzld9CFjkPGVzC5yGUxPGpZyQwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMlc+rvmf62saO8YQi7oQ1v/DWL7hKizVeYaL4h3uQnqQCk4pp9VW3rKf7dr\nFw2pyuUSpgrz91AAlFUfPqm97e2jYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFMUbK2APnis1RtGJ+z5s64Yhs3ccMB0GA1UdDgQW\nBBQ+TX2Sh8j7kw6BBRFA0RAaIv0QzDAKBggqhkjOPQQDAgNIADBFAiEA7WqlCHEy\niLpLh3miLy4MhGpzehu/rfMmQ1aBGcUstusCIBe483urpCC0qlCYRcCGUnJScxr8\n3ps460p2mdakH4WF\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBuTCCAV6gAwIBAgIUDDa4hChMTQwQ3sPJ6wnTOo42ij8wCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABDruWpBSderdEaCcu25U3qk1acEAxarxM6hv/5pqKw1/1Q36+9kyUu9WxUiv\nwfg0gVQjxOMPpdkJKjjGRcOdasCjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFD5NfZKHyPuTDoEFEUDREBoi/RDMMB0GA1UdDgQW\nBBTFGytgD54rNUbRifs+bOuGIbN3HDAKBggqhkjOPQQDAgNJADBGAiEA0BdjpEGM\n4Iy4BSv+qEUH6GO2EldLMP9Q2y/HBBD5uEsCIQDRE3CMm6QpFTnbjB1Xjmbzkj9+\nsdm6nGBl60qhXzB1ng==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwDCCAWagAwIBAgIUCaP51yHd73uqGW0sqUyyN8GAzG4wCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhhbXBs\nZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATUW4dMjb2pSJQZ1PQ4Y1lT\n7bwrdvNpPFtLw4RlUItm9XkSqAYCBOwNB43kHa4cCvCTlbqzF55+TRBmDCaCA9Ko\no3wwejAdBgNVHQ4EFgQUiQBr4PmefhCXox9yRrPskeG7tSEwHwYDVR0jBBgwFoAU\n9xi1IqJK8L2S7tw1btFIK9awZgIwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUC\nIG1Vt6ZBNvbJuE51LMgQ/5EV7ORApap4Tv6eY9sgGAq2AiEAv7+KJdQTJarRHjQX\nG+JgYItdt3x9qdDFEF7H9oBCqWY=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBvzCCAWagAwIBAgIUHwrXR/H/yoS0s0yHdeyPFdNsGOgwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhhbXBs\nZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT1jS89I3QBxiGSiyzdErUV\nwwUYAlFvjdygWDxYfBt0aXYk1X04Y5/EHnuv6PXIHmVy/Ij2TUlh6PNW5Lb9y/6l\no3wwejAdBgNVHQ4EFgQUx/OgKCMTkV4PgjeuuI6ca3g/YHIwHwYDVR0jBBgwFoAU\nPk19kofI+5MOgQURQNEQGiL9EMwwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQC\nID/UemT45S2V4/ngLRf9s0ke/yLWBOOTA0yEoQLp13mAAiAqEYpUKd9H0Nu5+nRq\nM6fCs1Nhy49qngiklpdro8OmBA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -401,13 +401,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -/-> (ICA' <-> ICA'') -> EE\n```\n\n`ICA'` and `ICA''` are separate logical CAs that sign for each other.\nNeither chains up to the root.\n\nThis testcase is identical to `intermediate-cycle-distinct-cas`, except\nthat it specifies a large explicit max depth.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUMHV+G+BI9DUcCJHgFbWVJuiOwOYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQtaz4GJ/4pvUWtRM9ulF+zD2yFXz8J+SNPG5nW\ncoDpI5KL/5Uz7zgKBdsYnKqPhen7tfpHlBknpx+feTrsiykLo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUq9l5CXcmd4UF2QkPXR/zsaZ56/wwCgYIKoZIzj0EAwIDSQAwRgIh\nANXefe+R+HdoM4/74ecwDIXK5dWE306Y4OimR8ysuhRtAiEAryuUHcNorEIsZ3uh\nXbTXbklFOkjBgTTXy04G+J9uo5k=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUM6XzOU9+tjqQaS91u48KVpQBBpUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARrEH3rxzNJtu5zT7xzEd16VPeJJ71fooYbvvlP\nNdzR+MusxwiNY1E/puye3Btk4QnDqfbBURJ/DUAlJYXsgtd1o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQURrBniyxQtrSCy/0qLNhJGRNLsOEwCgYIKoZIzj0EAwIDSQAwRgIh\nALA9OKybAssveItdq09EE7d23XODh7eGtesHwu6DJZ5qAiEAg8m3UllOWhRztAZ1\n8EDw3JEv3CVAHkHOK+ikNPccIRc=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBuTCCAV6gAwIBAgIUAQUx42SLRTNHCMYgGQeMyoQw/TYwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABOJq1WjpV0ZXCZL0DT+OgtzJof/8R77FG2RH7IaQXdrGJTK/U/pZUnECgtIe\nmccqcRUY5Q0yvz3ZH/YIQwVWBvSjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFF8MHa4+U/Cl5lLaKj0MsjwxLZz1MB0GA1UdDgQW\nBBTYwDlS0JiUMfCDNFf4VdxqpBlEMTAKBggqhkjOPQQDAgNJADBGAiEApOLQJ8tA\ndpsUH/gnCs37oRMB77UGUyps86keixkmapkCIQDkuhiGy6CrLRSvAuLYrXY+aIe4\nsKAsOYiZdtpnQHTQCA==\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBuTCCAV6gAwIBAgIUZIgo+AWpImWnWNEft8CeAowhfd0wCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABJwMuoHOoz7LytfTFZcr8r5D6pURxp7sj4egIVJm/DjPS1dSbpzwuZNcpIZH\nOYMUHrZRwKiPAiYBmun7ryYpHaGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFNjAOVLQmJQx8IM0V/hV3GqkGUQxMB0GA1UdDgQW\nBBRfDB2uPlPwpeZS2io9DLI8MS2c9TAKBggqhkjOPQQDAgNJADBGAiEAoQpUfhXM\nIm+/K2e5U9d3MGVjl/tZk97yjJNMIKrtzp0CIQDgAFXCB+AKvmfYrkRESXpjZ0DC\nCxeUGej9jZJihN0anw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBtzCCAV6gAwIBAgIUFj/CPizzP6zfgiH/iYjhfB+f9GQwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABDEobvBBx6kQ3NR3+zR+NezF2BYDM+zVw6pAFbA0Y+QJGCC6BBByTuOHu3z7\nP+c2SExFLKWkqJiaAbBK3n7Pa1yjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFETFpzAmWwtVOc+Khn0/DZ93aRrPMB0GA1UdDgQW\nBBSsp1M5ZXQ8x9NGFKUcZfuRnGQD3zAKBggqhkjOPQQDAgNHADBEAiBkYxhJxB/Y\nyTMWW8InZ74jl4ewXc1itohgACL1lfHszQIgMGpnWkHcgqkHwrcWBtusB7t7fVjk\nsN7rP9ZvytcC6GY=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUVYKEJIA9HY/0g7wh0+anBb2yRoEwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABLM45O3xG8BtH1wgM2s9HyAhqdZ6NlpYZMChRPXZ1D3mvDiYIGcIQj1htuo0\ncr3EaTcMJ8JZ3/32hlivLYjBUPGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFKynUzlldDzH00YUpRxl+5GcZAPfMB0GA1UdDgQW\nBBRExacwJlsLVTnPioZ9Pw2fd2kazzAKBggqhkjOPQQDAgNIADBFAiBliRIP3PjQ\nIshmqnjjpuiEUrlzZt0U4Sisx7TV25hUWAIhAIUCkUiJX6gYcciSq4+eGi1EnfMY\nP/ZNMcFsj4aSj1a0\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBvzCCAWagAwIBAgIUEDwr5N9HRSkHtk2GjsjsnW78WK0wCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhhbXBs\nZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQPvqIAJQcJ0dyjiWH7/Gmx\n6SOVNtGIxQPCyUbQQHssR81Yu+ibmREX4QtMA36ZOqV04M2VhhZi6ypQE0I3V8pV\no3wwejAdBgNVHQ4EFgQU4i5c6ZkIahC228XFHo1HILVYDTUwHwYDVR0jBBgwFoAU\n2MA5UtCYlDHwgzRX+FXcaqQZRDEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQC\nIAotMVWYnE1E0nD0rf2A/zvpuWcfmUP+Q92Xakgeofw8AiA4K3oHVVNnYNQdwSdS\npdaSpeNt/5rWEVeN8VbebYnWJA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwDCCAWagAwIBAgIUEOw3wWht84hInXmo6zSlwYwb8HgwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhhbXBs\nZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR2Xr5MPkADJgmaMpj3zzf6\nggxr9ruw2v8eOPf8suDVpWBnnAY60ychpfgyzp1J5sPI6riRGj8Nh1j/skMyQ4G5\no3wwejAdBgNVHQ4EFgQU2WpqiGMx2MCpH0ANg/iHK7rmTdowHwYDVR0jBBgwFoAU\nrKdTOWV0PMfTRhSlHGX7kZxkA98wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUC\nICDr5QwmGLxj4IaSFu8b72jwpNWfQe1yiUxL0gyW2tNuAiEA05UiEc6gjxnfBOyT\nMyqlz1Y/3DbRQzsXvNF+qR+W/x0=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -427,13 +427,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -/-> (ICA <-> ICA) -> EE\n```\n\nThe two ICA certificates are from the same logical CA (same subject),\nbut have different keys and sign for each other, forming a cycle.\nNeither chains up to the root.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUFV2f84InR7XHJh/clMIn7UnU7hIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATAuw2iUS0KUjBlQnLsaUBGsxkVgrjUCINs8y/l\nM/srdWSdtRUDbcI64tCaz1AbYjZ9fzvk7lWdA7UJsl0m6ic7o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUqo53lAj0dLfcDkiqur0oqnlXJDwwCgYIKoZIzj0EAwIDRwAwRAIg\naT9jz4lyOYhC++yXtUve8OsV9R/aZJayjxQvRJgxd9sCICEMve+JWuSCgRhC0bgT\nyGQe6LDVMCju4yP5JubbKXEy\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUIiYdLYuW0mvyE/G7R8DAQ/ze2tkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARF1XOrxkLR4GvlY+NFEHRJUFU6P8/tLpMfOU2j\nN7P9mrXf5FNTGIHbf4ubXYf6VO79d1dOl2JT+z+AKHyCU7SMo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUPkc0+CMyQHng/7SZmsiqO/ZrAqYwCgYIKoZIzj0EAwIDRwAwRAIg\nH5SoFHsCcQhFEAVfyYW8ijtuEIFwPASK+ybSOn/SgPACIC6G3560xignoKIIl7vZ\n2A/Wm8cT7RLtHQn6v7W1gPTz\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVegAwIBAgIUWJZPIosRonpvi1Qm1YuJ7aZfkdUwCgYIKoZIzj0EAwIw\nLTErMCkGA1UEAwwiaW50ZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTAg\nFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowLTErMCkGA1UEAwwiaW50\nZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABOUl3TQ6fCTNBlDjqjblSLo0dWYwdiYpJU+khLbyJEHXhpYMzw0j\njKSyWSpP7Edzd1omS8a4+gOd0syye/SM/lujUzBRMA8GA1UdEwEB/wQFMAMBAf8w\nHwYDVR0jBBgwFoAUv1MUB0M0aw5x9gaL8bYxZBMXh6owHQYDVR0OBBYEFMgIoeF+\nOfaEOtMrldz6MsptY/F3MAoGCCqGSM49BAMCA0cAMEQCICVrkS+ascIt4d7WSgNv\nX2A/UYdMFXZ8vWZiT5MdWLJ/AiBuHWnfvQ6kQM0eUgebtS9b0g0EQ9OGv7U5ncO7\nqQvcRg==\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVegAwIBAgIUWh9UaA5HyzKhxrBhgUL8QGUrmpkwCgYIKoZIzj0EAwIw\nLTErMCkGA1UEAwwiaW50ZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTAg\nFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowLTErMCkGA1UEAwwiaW50\nZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABHY0jaP/bmF6EaSLPMtmEx7hnpSdQr9/YPi44/PLKr6x4sQ91eqs\nd38BY8uYr045qujTHou2G4Pj9Dq9uMRlxHGjUzBRMA8GA1UdEwEB/wQFMAMBAf8w\nHwYDVR0jBBgwFoAUyAih4X459oQ60yuV3Poyym1j8XcwHQYDVR0OBBYEFL9TFAdD\nNGsOcfYGi/G2MWQTF4eqMAoGCCqGSM49BAMCA0gAMEUCIQCPG/6ebwMHpdZxbsV9\nZcA8lIj4HX0gGjomyAEgUod5WAIgEbFh0oVScYdbMZu/yq2gfcXJ0DCVr0s+hRsa\nF7+N4rE=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVegAwIBAgIUQx9EWfg+s2ReZ1EJRCVpOMmJ1OAwCgYIKoZIzj0EAwIw\nLTErMCkGA1UEAwwiaW50ZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTAg\nFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowLTErMCkGA1UEAwwiaW50\nZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABDDWLfwwvVELtX7nQYcV76ee4jIJ78RJ3ce+ELn6joNt0Oi2ymZ0\ncb7TE4H+Y5D22ZucTJ2VMWvRmlLWJkJ5xjSjUzBRMA8GA1UdEwEB/wQFMAMBAf8w\nHwYDVR0jBBgwFoAUrR+zC5f7X7Jkik9mdpL4RJXV60YwHQYDVR0OBBYEFAZe6UHJ\nIJgUpKY/9hLliTb4OxUrMAoGCCqGSM49BAMCA0kAMEYCIQDxL1LN5K4hNsuGsr6g\njQ9Eu4phB9MAqf+oMVDon2V+LQIhALGOghu0f4ASLxm5pG1ozv4sNDT2hlelM48X\nyiC3ojhc\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVegAwIBAgIUDmqCHT5c9NclI566D8bikFyl9QwwCgYIKoZIzj0EAwIw\nLTErMCkGA1UEAwwiaW50ZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTAg\nFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowLTErMCkGA1UEAwwiaW50\nZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABLqRAS4F/TZqtWheuqp1VDuc1MvJn6JxfiUEtxOoGHje4XWzuKV3\nnSrrq6TKA8Dzp5zHmR8KgLA9YbbrU9IampejUzBRMA8GA1UdEwEB/wQFMAMBAf8w\nHwYDVR0jBBgwFoAUBl7pQckgmBSkpj/2EuWJNvg7FSswHQYDVR0OBBYEFK0fswuX\n+1+yZIpPZnaS+ESV1etGMAoGCCqGSM49BAMCA0kAMEYCIQDXaXY9/dBtPtblAwSH\nCoPDrSU/BpZvjNNPfo3jlsSSTAIhAOKVf4IlQmP653xWXi2PIXnyMHmCErMiJpsI\nrmz9k7op\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwjCCAWmgAwIBAgIUHYYjRPvNJ/5KAEBXou6k/dalPucwCgYIKoZIzj0EAwIw\nLTErMCkGA1UEAwwiaW50ZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTAg\nFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhh\nbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASV/N6hl8bLRaEjLQ4/\nhvb3BefwSvjn8LnJ5Ces9IarzSYX00c+3ZfN4DA9xE4ULKSqjRTNTZyNInTS7rH6\nR4wuo3wwejAdBgNVHQ4EFgQUqda+yjPM+s3pO2WAvV0NTHU1GWUwHwYDVR0jBBgw\nFoAUyAih4X459oQ60yuV3Poyym1j8XcwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoG\nCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cA\nMEQCICGrtpCNrPxvB9YSL+ue7zXnXZwav7yGFvroIcvaTZqlAiAsmsRiE+P4uWsP\n59LEqI+cKixIUXpEEpGJNuDaQYpW/g==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwjCCAWmgAwIBAgIUSPS0w426Q/LX79xiA9TtVzvrKQEwCgYIKoZIzj0EAwIw\nLTErMCkGA1UEAwwiaW50ZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTAg\nFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhh\nbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASW40vb+6/GaIMZk7mm\nlhFYGWgdFWLIdVZajNoTv/CeL96JIIQT/222DKdd1Wrdduxp69LuaXPCs1hEqhMt\nlKDEo3wwejAdBgNVHQ4EFgQU4D6BuvDh6L28+7L19RvhZVolY/cwHwYDVR0jBBgw\nFoAUBl7pQckgmBSkpj/2EuWJNvg7FSswCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoG\nCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cA\nMEQCIE6vNpAqI9Ss4fhgKew5gQNl9JavBf6xBtwniuFa2kvIAiBvpLPFmn2LUeSL\n/VDr2YH27RFI4G5qLxnA3C6UUXGyfA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -453,10 +453,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert has an AKI extension marked as critical, which is disallowed\nunder RFC 5280 4.2.1.1:\n\n> Conforming CAs MUST mark this extension as non-critical.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIUMEmUaNb5v3+UFho/aKJoyQAU/XQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARH9pOKQ+b1ZmC/N9w2JS+qAcx91eYF31X3wlkY\n3ZAQcgdmzE83cnD8Lxf/IIU8cb0bPD2fBT+JrRzEYOCg05YDo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAi\nBgNVHSMBAf8EGDAWgBS1hC0JsqUbN9QHPZoR8uiHrAqABjAdBgNVHQ4EFgQUtYQt\nCbKlGzfUBz2aEfLoh6wKgAYwCgYIKoZIzj0EAwIDRwAwRAIgWNoK3TtrQo3EAog9\nGwG9S3eN8ARzx50sNWn4SlOIQMMCIEw5wK5EZ/ERtyO02U4kjnxIQRaJhO1B8JKH\nd00/03iJ\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUJ7c7GGqzmALaYeTWIJebmjOOYGAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAStam1QJ2JFy9ni348tRLcfkClEVFA+Fuine4sR\nPGOGRCyAE/Yp2soHHRflkAPi0Zab42M/hRNIcM9DV2d9aUDZo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAi\nBgNVHSMBAf8EGDAWgBTrjE+ylf8jgyaQXerVy9ckhnAimDAdBgNVHQ4EFgQU64xP\nspX/I4MmkF3q1cvXJIZwIpgwCgYIKoZIzj0EAwIDSAAwRQIgCqyrCOmb34w/pWIv\nQ4Z9tCzgSf0hQnBYGW62vi7bgBUCIQD1dEbcTck5F4jLy/WTQwDFVk3IqrFJ5tEK\nbnSTymQ0XA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUNTvpyq4F+IrekNy0raAn1HGzARYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHo6DolLId/+ghxbfoE4BzPl7UtjDHU+Gp2c6owJR993\nWYb4REDtboR9nnWuVPA+aZ+wxli2EoWbq8ZM2+DX/ZWjfDB6MB0GA1UdDgQWBBSC\nKsX2CAPiuCiPVy6Y4SFG4qjDuTAfBgNVHSMEGDAWgBS1hC0JsqUbN9QHPZoR8uiH\nrAqABjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAKFyDjoEyD5gnu7loCil\n6ovs/jh7ZjEJVVt4UKDj5mlAAiEA/aEMzyXcyv1P6aiqsDxGG1l3+Rz1QSCQH0/z\ngPeJM3s=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUSfh2F9zYRtGcm3AW4kYrdsQPmRowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNnk8fj1hkAAdeoAIS1jATPtgIP9uzD8Z5q6ft5iJqVD\ni8TYC+w+rWJXRDcsObDLpOZxeOd6h4PyXnYrw280bdGjfDB6MB0GA1UdDgQWBBSO\nVjINSfDNfNxOkFDDKab2KlURYzAfBgNVHSMEGDAWgBTrjE+ylf8jgyaQXerVy9ck\nhnAimDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhALVJGp7l+OiN2QqqvU8M\n9fYNHSgiBzEh8Cs819CilqBDAiEAimO1mu8TpG8dtKRGYAKreyneFwvbBUiVZJmM\nxbs3rUk=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -476,10 +476,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert is signed by the root but missing the AKI extension, which is\nforbidden under RFC 5280 4.2.1.1.\n\n> The keyIdentifier field of the authorityKeyIdentifier extension MUST\n> be included in all certificates generated by conforming CAs to\n> facilitate certification path construction.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUYmmx+zbEp+j+sWuX5tBPMBhLw0QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS22q2d7F7wWRFnt5lmMpOl3RJj3Uwkn4XN8ezV\nwv1IEgZ2XMd5avUbnBmrpDIH8RioTY1UH97lfZ78PdI11bnro1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU1FgAvttFdNPc6SJb/arLPiUrNUMwCgYIKoZIzj0EAwIDRwAwRAIg\nV7ysc5gR4j0J8l3yy3u5XZTdJykWVBqLlbniNoLzAcACIAHkAF3dPSFjkSdYvTLd\nrbMD7MMHPiGge6i+9+BQXNJ6\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIURW939yOWzGI3bHtQ8Hh8DtCGEO0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQuo2uK9s6jKY8JNdnueEA2pqySG3ZeRkedP0US\n4UoIF6MQ69YoBbQM250NnHARZvqrYhEyh9vCdO+FhjGmXpqio1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUkQe3TOJnWKV5LXeGV57r3BnveSYwCgYIKoZIzj0EAwIDSAAwRQIg\nUYrk9Cfw3tSOfyCFXLbgLcg6y686P2i2d7HsU19pD28CIQD84G0p4SFbYgtWx3CR\nihFVdE5RbkXZekTmywn9XIK6rw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUeD+npa2R5XIcaQ5Kj3awPaQ/ywswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMfgesT2Eonhshr2a/ahmD6OGiKSW01Ut8GtnvMpKTn1\naujtgzU6iTKV5Vo9yAJAsU00FW0HBvnU7lQMdWmBHvOjWzBZMB0GA1UdDgQWBBRu\nAahGvwu4Vbvg9QwPsDXLMJXeWDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB\nBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIg\nPf6dPq3oXAkgKwVKy7/UnJq4xmZ4zgGeWiz/QLI+8doCIQCUfAgB/z0FB86xsyjF\nkOmxRPXbDN6mKcimrEruxN2Y2Q==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUHcNBQwIkawrPC13xKGt4xCtS6RMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOvUOeKm+SWwBtuGMxK7MBXUZd8jylHxXsiVbO7tgTpA\nhQNQXu9XDWayx0j9jMOMB8ihW0KJ8miH5rNKZ0Wur4SjWzBZMB0GA1UdDgQWBBQQ\nlzbZmIL3c+DoiEUK/zYxwK4A5zALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB\nBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIg\nVf8F3HCCIhIVI7FVRph/kUC8PTf5k+5deeRBuXC6ZIcCIQDDciORAIxi0EXOlIYt\nONZKfj666/hFnN7DIniDwx8Huw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -499,12 +499,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> EE\n```\n\nThe intermediate is signed by the root but missing the AKI extension, which\nis forbidden under RFC 5280 4.2.1.1.\n\n> The keyIdentifier field of the authorityKeyIdentifier extension MUST\n> be included in all certificates generated by conforming CAs to\n> facilitate certification path construction.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIULBl0R7hlA9llKRpSI9g4vYm2BkswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ+STu2azNM4s8vZbYrmEknfKcSWKtjrTaqVw1u\nXE2ipGlArUZrUsKsB2XqGtSzzbliMp0biCxqfxgHnNtdFit/o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUWdukIAEDVSHqjzp9FX4qtFczxfQwCgYIKoZIzj0EAwIDRwAwRAIg\nZ4tQoN69t1n7OkW+seGvxC7Nt5WvfMGKLMnk/r0HR5oCIBlxwfF1h7yjoQc1QO4u\nQuqwKg1pmJJI4lkzjobYySq9\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUZ0khqcuKsuSzc3qBT2kyJjTjTC0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATYt9vkLLtg8l6p8LG72WfLGYZs5tUS8eFC0IAL\nzjwxt1CAX2n8E77gNgGHWU2Nzgve3DAf2V055W+rqGlbguldo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUF80KpdLX/7DC4dlgDwhRmr7i9D0wCgYIKoZIzj0EAwIDSAAwRQIg\nYmy1zDI39B1Dbe0jewrkK2e4UjOrusytLZioG82SgCcCIQC05GojMP2wCBlp3th6\nXiB2gZpU54KHVkTCDrMhDxZ1/Q==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB3jCCAYWgAwIBAgIUMadya50+r4hU2dWSjj/gvE8qmp4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAyNTE3NjMyNDE5NzY1MzA3OTE0OTgy\nMjI5Mjg4NTQzMjU4ODA1MTIzMjEwMjk3MDcxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBHzJnemsn/9sadPP33DHmA9iK05fgNexGrkNvUZQKLQnpykFT8RAMaylY4slIY4D\nErK5qcovcihd0HZ8Qwcd09KjWjBYMBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBTq3g0Mdc2q\nZsB8U7nNqEN7e6FP8TAKBggqhkjOPQQDAgNHADBEAiAg/s0f05rh3YAfLJ1usfpE\nKRxuHhbjoi5zoqu+3XijXAIgeJywngNmcMgWeNz6Xdfv4iLSWrYrdF9kL9vw224c\nFZA=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB3zCCAYWgAwIBAgIUdbv8XHEW3SMDCsZ5OOYh3kKFtG0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA1ODk2NTY5MzYyNzgwNTc0MTI3MTEz\nNjkyNDQxNDkyNDE1NDY5OTg3MDE4MzczNTcxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBFfNO+QlZGlvj+CcQSSXBm/jKT8YB1ZQBopoxVGgM4oJlnkhq51hP1wE3ZVTZiMG\nUVNovhfLjeKkzx8rxR9VgVijWjBYMBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBSs4RoKcQjY\nlERspjv/bm9z3rWKcTAKBggqhkjOPQQDAgNIADBFAiAw1GcYSpdor1eWj5beSCsW\ntJe4ocMgTW9s3x/mu2gmPAIhAL/f+TOVcjSfUTXIZRAXSgqdXtvIl4ue4yK8WRIi\nOt3H\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUHGuPh5WDLGhaMKnfIaTDVHnH2MowCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMjUxNzYzMjQxOTc2NTMwNzkxNDk4MjIyOTI4ODU0MzI1ODgw\nNTEyMzIxMDI5NzA3MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6Yjx\nEK9ul0CcexukuOxzKqz3h+jzZYtb9owfe/G+o6wEJAVJjQNkXsTDdoDjPeZ47xZ9\nFEsDr3kNnGikTtDhhKN8MHowHQYDVR0OBBYEFG6RMvOgiFmfW5Ik5Ox1dvT6q6TE\nMB8GA1UdIwQYMBaAFOreDQx1zapmwHxTuc2oQ3t7oU/xMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiEA+m3nJ/PLTTP1pzuSgQhZL4s8XkBCEhCPUHorNhrmMvwC\nIHIC8egEeeYqnaLEau+MNRJL3bfz8dhkyWOthlgBWg6K\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaOgAwIBAgIUZZ3QsBsU2WWhxHOt6hXOS3tAgIIwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTg5NjU2OTM2Mjc4MDU3NDEyNzExMzY5MjQ0MTQ5MjQxNTQ2\nOTk4NzAxODM3MzU3MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqjRP\nOMN8wQty54SuWv4h0jtdpIFPdhCmM8BFWRlk4gc6WFBAHMGY+dKHpyezeUlUlBzq\nokVthQ9oe9f8KNeMKqN8MHowHQYDVR0OBBYEFNbSd+O3Ud3S3m2aug1Uq4cAiU/N\nMB8GA1UdIwQYMBaAFKzhGgpxCNiURGymO/9ub3PetYpxMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNJADBGAiEA7F3sYxASG2D80DJM4bBP1T/DcqNWCtJ8E2Yi/rczpDUC\nIQCn0BsGF+mAPGLuXspIqvFsTa+zYCmqy7qz3jHTBl+rOg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -524,10 +524,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert is missing the AKI extension, which is ordinarily forbidden\nunder RFC 5280 4.2.1.1 **unless** the certificate is self-signed,\nwhich this root is:\n\n> The keyIdentifier field of the authorityKeyIdentifier extension MUST\n> be included in all certificates generated by conforming CAs to\n> facilitate certification path construction. There is one exception;\n> where a CA distributes its public key in the form of a \"self-signed\"\n> certificate, the authority key identifier MAY be omitted.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUDvMEay1h6lfhi8ZymTT/eVy8NVcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARwbipoP9VN4CA6+xiK+B16mxU1351aOo0Eih7Q\nrWQJOmpl64yNdlYzMfjd5O+4mmdjxWrubZAQR3zcdrm5Uub4o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUWaw4EHDFx67g3tLs8Ydd89PUaOYwCgYIKoZIzj0EAwIDSQAwRgIh\nAMhsU7H5EILWQnxFrZ1dmQ5lMW3sUzSmapbtxBLeVk+aAiEAscxv3lKZkOw185vk\nA29igsZI0FVhFp1IeP2OZkyo1+U=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUdudvJ2dxt1uEsLRKtKjIpcTaoTgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQTNbirodoH2uUy9xrBt+Iyfbah1szLLMXNYD/b\nQv8ytx8GUjITNmiM/2mY9PkB3Hp3f8Ow9zVYCpzjff6mlP++o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUhVkUr8r7exobo/rbF9PVpD0IQnIwCgYIKoZIzj0EAwIDSAAwRQIg\nVrfEShDnjvluMWvLY+79mgV8J5mgRFiS3w3+8fP0CnkCIQDvsWjkMMSoZpaVDH9T\nJrRT5+7+C53iwKTnq/wlfa1D7A==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUJuD7op+IMy7Upq1ZTht2yu1w25EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMpUsdEi8jQHGb9upAHxNoxPYXmQJqFIm7Gg5dUkeu2y\nNyb6iTjgvY6CDCNXoTlxpxCzcOilUDAQPXeMHLT6T5ijfDB6MB0GA1UdDgQWBBTQ\nor/IaaIcryBmG+ZakNqhiIn6njAfBgNVHSMEGDAWgBRZrDgQcMXHruDe0uzxh13z\n09Ro5jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgcem2pGOlQYWk1HX9yf4e\nf42YBg+XMcrUoy6GhTn7QDQCIQD7oau63+v++ycTmJy6d0K55J0sQQxi0733JGKS\nVJyBDw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUKeK5goNP2raW7TkmSec/vcHjK1QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABKUoETqpifHcB3ug6hle50UL7bpGgUkZdoS2CllUA5PP\nWlhZ5mVUbMx4EWTifGSy9hoLmjQrj+0FE7d5h5Ry3sGjfDB6MB0GA1UdDgQWBBTs\nJuzvCvTLr/ZYAuPXOWdwvqXmBjAfBgNVHSMEGDAWgBSFWRSvyvt7Ghuj+tsX09Wk\nPQhCcjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAI5VDWAusq0diTqRVb+j\nz/kjKDXf+32C4wesJJ02Qw01AiEAnWuvNL9DjwJCSlPY8zi7H2z+5RNZ/iSeku8Z\n3TEURT8=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -549,10 +549,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root is cross signed by another root but missing the AKI extension,\nwhich is ambiguous but potentially disallowed under RFC 5280 4.2.1.1.\n\n> The keyIdentifier field of the authorityKeyIdentifier extension MUST\n> be included in all certificates generated by conforming CAs to\n> facilitate certification path construction.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIB3zCCAYWgAwIBAgIUIAykW4LYjkQoiylQgYIu/1hyBYMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAzNjQxNTUyNDA1NDM2NTE4ODcwMjE0\nMjg5MTYwNzExMjA3MjM3NjE4NzE5ODA4MDgxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBFNNp1YcawbjqAE3w8K27/If5BwcSrXtTVSLvvuBMXRDCmGVkgTMpqBg5pgAooDO\n6pCtWcBnOn3DIw73tvMSYo+jWjBYMBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBRGDAGOVWoV\nidjahs+c0snr8xni8TAKBggqhkjOPQQDAgNIADBFAiEA8zhxvogYntHYc10lXRf9\n6wYyLjJvdGo4LYhhja86xyUCIHvKw/xRvGc4GQAR+XW1EyzyAUaj9HxgpNIdErYE\n6VbA\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB3zCCAYWgAwIBAgIUa/4ZKpZXZ63I5l2j/zQZ+UR+Uc8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA2MDY0MDg4MjI1MDY5NTYyMDExODM3\nNDM3NzI1NDY2MzI1MzY2NzIzMDc5NTQ3MjQxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBFyVYJlsbJp/6OBLdq4W55feKvpSAfkg6l9sYfPVblAd+4bYET+0rEm2tuGyh9NU\nUpRl/2d5keo2dbT0NfcRCEujWjBYMBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBQWt0z7atu7\nSwXTW+Ef38bc2P+UtDAKBggqhkjOPQQDAgNIADBFAiEA/phc/T9gV+SsSkN1GTyy\nXVa06e4vxisMUNj4t1SIUOUCIH3aoCuqM1ybtGK9dJbrR8n0qMKFWy+MCBOPfc79\nEfaw\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIUH/J1puspECYJPD9F1wb4AKY1q1IwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzY0MTU1MjQwNTQzNjUxODg3MDIxNDI4OTE2MDcxMTIwNzIz\nNzYxODcxOTgwODA4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaKt/\nGX3T2ebwL+KWpTm3h1oWFhM5aPeJJKjGCPFXDVJh+3ZhmuKMfXM9Qx4jSkuG+biR\nZ6JmrAEux2IT0VXzGKN8MHowHQYDVR0OBBYEFIGD3V2tnTM8pKelnst295VBCsBO\nMB8GA1UdIwQYMBaAFEYMAY5VahWJ2NqGz5zSyevzGeLxMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiAQb11tDbARqsYy7VaabZF7gfk3aTN/I1GetLIDZMsbZAIg\nO7zfzd5EG13paegkL7lNB9+NscJUcHuKvtzP/89HG5s=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUPSmHIfVz5ML5sdY2UO+pYsAHhn0wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNjA2NDA4ODIyNTA2OTU2MjAxMTgzNzQzNzcyNTQ2NjMyNTM2\nNjcyMzA3OTU0NzI0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfs3n\nnwqm89E39+bYgC7WfOpbMwz3PlXNhBbp689VrfZMCgQy+Ncp/eX5q1cuBgool0WF\nJLKUX+pEf3FPydWpE6N8MHowHQYDVR0OBBYEFKO+jHbJpG2iLAf7iYeetRvZHluJ\nMB8GA1UdIwQYMBaAFBa3TPtq27tLBdNb4R/fxtzY/5S0MAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiAzlulSF0mApE/XF3vswc3P9fdOiBkHhPZ9sig/ws7uOQIh\nANrfw7xutsHZFgoD4Am40hmkMTkMVYEt54DcJmvNNkeS\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -572,10 +572,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe chain is correctly constructed, but the EE cert contains\nan Extended Key Usage extension that contains just `id-kp-clientAuth`\nwhile the validator expects `id-kp-serverAuth`.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUD9S7x2aBa33FKfOKswrV8Fiu4fUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASRt2bpHcjpMEgQyOkOHPHmsTE2/nWkilxbA6sf\n2CxsaH4ONc+82Jh4aHuj2A/hwpWWwzCgFKFDBI74oF2tzAsIo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUJUKLln8y8S0vMsmHaaS8gOEjZVgwCgYIKoZIzj0EAwIDRwAwRAIg\nJJEiVn7S98qGMnchItPXMHrXS+EwTpTRLD5hBTpXrv8CIBt5Q+ybk4r/+LM79wkB\nGt4d17cFGv+6TC2YOme0c20w\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUcYhxIFsaDIdn90T9cKevcBHnz60wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARhYvrfM4hZmLOGO29nOKntVH5IeufugY7wuHcr\nFvRPjzDeRqD3z39WEOJx2Cm9pkrnunhT0xMGqCkaYhUPymndo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUsc7xC6Zp5WiKLib/N9aaB4O7rUIwCgYIKoZIzj0EAwIDSQAwRgIh\nAIfHGoumcCGO1t3iiJB7iAemUx1l22brhUvwOzCkjYh/AiEAkJoxiiYEKpZwhfKa\nHJNz6VjQ4aynsJN0VOcLzGKd1pM=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUY7j6QzfrB2QADRd2zz0JP6JI4pgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMp1fcji4koa7WmrtcajP4ujnRNrJjRC9s2sbp4wx2Fl\nJ8u53ACZVa3ImBDFp4pLIL81Obz9bev/ZqqH0969qGqjfDB6MB0GA1UdDgQWBBQl\nKRwJWIVNz6hYwaidqxgGYULlYjAfBgNVHSMEGDAWgBQlQouWfzLxLS8yyYdppLyA\n4SNlWDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAIwNZn32VKJPJZvKXVxu\nLpypnlmUNB71gZP0w5+FKGJmAiEA4GK/5ACX1212oXL6Kbpml0idaZe82+NCJv6/\nCDNWVjg=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUNecCg7pmFWQ0RXvpWbqjio8lfwUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDY43jJNjwxHCV16qMI1Z8cgmiY19TP2s5cpJrSI49+d\nrKiEhG4uoCbKUZnkZ9qDb0Y7OnRPpMUi0Ke2vylUrxejfDB6MB0GA1UdDgQWBBQU\n4NAz6znp4zUM5ftuyxxGoMxr+TAfBgNVHSMEGDAWgBSxzvELpmnlaIouJv831poH\ng7utQjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAOVeQ4okXq+Tdvin/UYO\ncD+lbCJm3Xx5Uv+cgBCOaJ4GAiEAzXopkjQhv8taLb+iMMNwg8HihucF7IA3jjZT\ntEKkZQk=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -599,10 +599,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> EE\n```\n\nThe EE is missing an extKeyUsage extension, which is permitted under\nRFC 5280 4.2.1.12.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUPjFQMG3Lm2xQSX01o9o2QAThpbYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASQDPpyqxlN8DtpMJsj02B6IpyKij+eJ9KZlD10\nlqPhgpRQN7cpdbdDi/r1TQ84Bwhd/XY75CpTcC4/hiVFy9NAo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU8EdIU63M0P1gfI0lmwUKHTj7g6AwCgYIKoZIzj0EAwIDRwAwRAIg\nG4bNcR0lbudPxYhy52kS/8vwbcbUfcS/TL96jGUU5tsCICPDbNbni/Xp1xUnOYhi\nkBOCwRfdoiM0J9g5LJZ9YWjY\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUYksmcj3F9wiBN6eb0Hmigtx4CEkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS8L/twL5pfof01EJ1u2MOREH/pDqTVpO845q2F\nSfsxg3yybhVQvxwN1dsbhdAHHUAYE4bcRBOwSiV0+8i2U+kZo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUjW6QdOw9AdHYoqo2xN8k07w2s0IwCgYIKoZIzj0EAwIDRwAwRAIg\nELKoHavHPlyf3nvCvK9j9taUJMlOPJOOE1dOs12j/kYCIGuzpvKkuSnhMH78A2rV\nZG5+ZEF04jmliuUL8Dbi6fVx\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmzCCAUGgAwIBAgIUIHbLFb24mxJO7Me/fCvLC/nDFcUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABD9mLekAGboK8H2rELXlCWsq1zxpZ/4RNmw8f0HCRNxc\nv23Z4UO1fK86FFJwflOdEIqNdsvbEIQH/AF6tRR6a0CjZzBlMB0GA1UdDgQWBBQ6\nwZvyZRx3JxeHHknEbIXeD+YDbjAfBgNVHSMEGDAWgBTwR0hTrczQ/WB8jSWbBQod\nOPuDoDALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZI\nzj0EAwIDSAAwRQIgOTXsfjmxtItZMXH8bbJpOqJEfk1wqjEluSoiLR4PVz8CIQCq\naSN8QhCYxsp/LLMuvOMeEedFGwbJbzBrCd1yU+XEZA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmzCCAUGgAwIBAgIUJ/weY7ix4j17XaWASutOy+2xQWYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJoXjweZq0A0SYkcRVI5+CdaqP6JmNI/HGa+lu0YTImf\n6dDamjlVYCiN8zMvMlBsKdPsb+tbi1ztXijFKczrtcOjZzBlMB0GA1UdDgQWBBQ7\nOSqLVEjQXxLdOqws3T8u/jhzZDAfBgNVHSMEGDAWgBSNbpB07D0B0diiqjbE3yTT\nvDazQjALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZI\nzj0EAwIDSAAwRQIhAMjag0alAR1i+m4n7DOvkXwN2RqY2IfOJmbw2V7x6ByGAiBq\nXEhYHkqgi1Rt4yOngU43FKOuL1wRBlNNnl/DFHpTCQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -622,10 +622,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName\n\"example.com\", whereas the leaf certificate has a SubjectAlternativeName with a\ndNSName of \"not-example.com\".", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIURfeUflfzTBG/D6J4mhyvTEKZgZMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARl5eS5F/y8hJlX0J8dxEngU7esLDd+NTFwMxsf\nnI4q/eZlVl/z+dX3GoXxYqIWxUlEr9y+qe2aQrMvRQIjl0oKo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUpNbgOvzPD6HeG5Git2CURnpJ8VgwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQC32G56ZVN0leeYw0qZzLWN\npR45eLtJjcI20c2GnTNU4QIhALzuSBJvKvxZiLIUrt2NcCXfLIiJx1860y1FtnfT\nxItx\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUfY2nb9zUMC0kKRpdEBv9PMW8gl0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ0Gt9JVJ0DV7MULymUU6OUZdP5tuQiiymW55ee\nLVWCMcpYMa9IovWRJ+zwqVDbQ8xQuhlkemFYU/kP+5ZQV0Nbo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUXpJ7LxsutJhGZgsP/HcE5Hfub1UwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIEcOvQ/dYMOU+YPpCN/a0jrW\nTd7vaylc/QeIAtw2B7JAAiEAntWbYOMXD5bmX5+/KAoFTOtj4J+Gifvgyv1zegQL\nFLY=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVugAwIBAgIUVGrF0niS+zshBSkzGX26o38QYfowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABN/sF9BfCUxCBAKUbAvKVY13KlLI7NEbbnoV+q5gzhLt\njd6ij2PH0JPfWXT6/pGseqo+rBHgeg/S6XBaW21xZC2jgYAwfjAdBgNVHQ4EFgQU\nmg3i2epCbNityburPJIp1D/XI7gwHwYDVR0jBBgwFoAUpNbgOvzPD6HeG5Git2CU\nRnpJ8VgwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD25vdC1leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEAm2fTVLm1zCiU\nnhLclK3eZ/CFbIzF1TLJwYZUiIdmWP0CIQDS5LKqTGAAG7QJDRfOmiQ8a8EyWX10\ncBOMYRO6W1Cc+g==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVugAwIBAgIUIb/Dxkn/khdzro2wzTpNNgYlrE0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABEpU7w4Qi2FXgeTZmRwcs407gwukuKbBPSA6w47SfSwT\ny6GQ8GlEjHY/VJBYKMsoTzdJV91HlUq8znsy/XmMkaijgYAwfjAdBgNVHQ4EFgQU\nitnIyrEHDRqKm/Roa0QAjovZtV0wHwYDVR0jBBgwFoAUXpJ7LxsutJhGZgsP/HcE\n5Hfub1UwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD25vdC1leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiBJt3EJjnbngHUd\ngjFHtjKRUi0LjpT63e+KlllJEaFONQIhANdaEPg5kWk+J01U3YGfzkDF0vKuToek\nJbXqz1VTNmt0\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -645,12 +645,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA -> leaf\n```\n\nThe ICA contains a NameConstraints extension with an excluded dNSName of\n\"example.com\", matching the leaf's SubjectAlternativeName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUcw25SP0ghSMmy49zfHkwDDTLHKowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQCYbkkLNJBI6W2mXjWw3eMlfj19vPJrH4aFapU\nGzojKgNRz9y9eolIF3r6QfsYu4E6B5mzhhRpHDZjmKlyER0bo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU/OaEe57w9WLMjQOVa3ZtU754LfYwCgYIKoZIzj0EAwIDSAAwRQIh\nAPFi5xv4XHBJUNMNeD3kTTHaw3evFOOFFNm9WNIy8UuiAiB8dH1QnYnvnWAcqbOC\nVX4NQ1d/Afkg401PUd8Y2kV3yA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUVBNSAeYMql5Mi41e0HE573FyeHMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARwL5k6jRF9n7rp8gOwpj5uDcFtR9cAzHOECx8X\nESlmvWBszrhqY7MGyGrDiGwh3SJVn6aBy2xA5gNC9quheOrao1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUw3iOFdGvdQDcnQWRDLSPRdfoppYwCgYIKoZIzj0EAwIDSAAwRQIh\nAI5ElZdh37///9X6nzghGkMivnS0BaeSSKelKh0nOUd2AiBjm8GxgK6kKDqhJ1B1\nIlnZj7EiqNC6Zqp6jxuVWa7IRw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICIjCCAcegAwIBAgIUBXEO3V3+swspKwj5Ii4B/qan9TUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA2NTY4Mzk5ODg5NDIwMTM3NzQxMTkz\nNzY4Mjg4MTIyMzEwMTIwODkxMDgwNDQ5NzAxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABPfWWkROLSfWwF2Yc1xKaHM83+/1y0UuQcdkU4JNMTXCNmzKE506vJ7WaH0x\nXReUQb0aq0v9iIPz7z24SZEXY4OjgZgwgZUwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU/OaE\ne57w9WLMjQOVa3ZtU754LfYwHQYDVR0OBBYEFCvR56CI/l6MT8FNGLSdmdTqwI5t\nMB0GA1UdHgEB/wQTMBGhDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBG\nAiEAstl8LoaRQcQ4zPKIJzlCQ8+fb0fckrOKDs9tUGvEt50CIQDU45Dh/91H1sW0\nizHVOeeImR0etXkMSNDMOa4DAjs8IQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICIDCCAcegAwIBAgIUDAtUcoet1T81Eribkj+I+g4+0o0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0Nzk5ODYwODI3NjE0OTE1NzUyMTAw\nMzkyODU4Njc2MTg4MzA2MDk0MjA1NDgyMTExLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABOauXdUDqD81BuWO1lJ71qUQ3HGQmgFGraOSigrUtAkojEEl/E3oonjWp1Yy\nA77V4wt5GJsScOkoL/iVerC57dCjgZgwgZUwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUw3iO\nFdGvdQDcnQWRDLSPRdfoppYwHQYDVR0OBBYEFDIAueiL0nW75HfQZn2Ny/Sd5MdL\nMB0GA1UdHgEB/wQTMBGhDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBE\nAiAxDSjFBWf3+8D48LbsJqcQzUxv/QedQln8aR7sSoQ95QIgSgHkYnVU1WtWlWHa\n7kjEFLF+SXldFFtF8ALzLrFxyTE=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUT5W+CLXqtSKuGFBQ0V/worslP3YwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjU2ODM5OTg4OTQyMDEzNzc0MTE5Mzc2ODI4ODEyMjMxMDEy\nMDg5MTA4MDQ0OTcwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n0HFJqhDUctmk4jql5TLn4tyTpXpz2LVUKGLw/omQesecHuM5RiFDPTi8FIUGyS9x\nfKF2c4UOlq5UaVByT0+C3aN8MHowHQYDVR0OBBYEFFVHUeA2FDlMZnPLw/nYuNbr\nbG0WMB8GA1UdIwQYMBaAFCvR56CI/l6MT8FNGLSdmdTqwI5tMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiB8c66RfspF4NYiAubkfD+g8zuid2CYcoui+/k6e7sW\nhAIgF13wHnxBeS+Utnb73nGa65K/egHhf4T7k25NhZVFSZU=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUU00RklsV/KE7TAbBWgZCr8ZKA00wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDc5OTg2MDgyNzYxNDkxNTc1MjEwMDM5Mjg1ODY3NjE4ODMw\nNjA5NDIwNTQ4MjExMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nDj+V+TUFtruAQxFXeBX9NptVCQn2q000k0WHpRCTgNuYA6Cq0vnTFB+GdolPEKkR\nXNAf8pfK0YQXsxokrY5zXaN8MHowHQYDVR0OBBYEFLicrFrxU8aknWvL9UarLoyG\ncJ2xMB8GA1UdIwQYMBaAFDIAueiL0nW75HfQZn2Ny/Sd5MdLMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEA3c/3yUE4twyLoxy100R8pEScFU8jguj010upE23Y\nfV0CIQC93K0HUVwQPQl1rHWmlxDyORDlw2w6DUYiFW5c7d6d7Q==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -670,10 +670,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", matching the leaf's SubjectAlternativeName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUX2dcethPJsAkF1aJfu470JecWdUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATEkE8PzCMVGwmfAM9wEokxT0Kx0Kz3NCMbRl1a\nbOMNahD9wz7nd0SQbG9gelk6dJqf/Oyt9yE2OtVNEkRqeSHMo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUL4a/UDO4uQV46STTBDwR4Y1+F6swHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIA++ZggFuQ2SmlqmQYwcQxYQ\nfW91oGm9im5ktQDfhyoGAiEAoIcfulHiZ9ywab90TWeN/xaeJq2i3tYzR7mv+l3N\n3HI=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUZkGenao4Gt4h+okIp8IffbBMP/IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR5lNKeldk47EpZY8QazvgLTTj8oEAAXABL4YTV\neuUg/zlB78a1rp3DiLaJttCzKvwwGUbxzJeIYk7LfbFrEbWro3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUewf8nR7UaAzvymtGcZGea9s4bHQwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIAhgUFIdeOpsW+xXNcCiAu7I\nSc+4u4T86+x8iHYTZ//vAiEAmoX2wbxJwoMnfkfOv16M6xmQf1a+Mea6a2z3Jkj/\nVXM=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUe1bZQGs5OCYmusolsR+z8B5czgkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABEXqyR8Xg6wdbuXU52KDMiSSN+VpLLZ++GmxMUMZQ2yI\ndNkuS12xIWHJty8MN1auySnKS1dZwk4aMTEDw0R19fWjfDB6MB0GA1UdDgQWBBRz\nWPks66PBccELpEU5UUQW0HkwtzAfBgNVHSMEGDAWgBQvhr9QM7i5BXjpJNMEPBHh\njX4XqzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgfrqzUMsMZmBYX+EpfDpG\nE3K++YjP+lMAIbFluXMNhsICIHsWqpsul6h33uIIFxTiBDQG5VkXXjqY0As6olHC\nvDCt\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUBI710PHmZjoX5jsl6JWE8ZxXKk8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJKuk5JTkp8X51+gFtPaOeewg6B7fStbxrLGMPxqrUVg\nWgz/h+y7nSdJUuFbl/2GZjf94GpdRCbRYLDDefZ+D8+jfDB6MB0GA1UdDgQWBBTo\n9RvUGKZpv1iuR3LlrXxs38sGVjAfBgNVHSMEGDAWgBR7B/ydHtRoDO/Ka0ZxkZ5r\n2zhsdDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgTLZy7QrZfdm5RpGUsbEe\njhdYst1p3uEqLjrXcV6/eSsCIQDPOb/0nJJ5DxtP6KiwzxP6Lje8JBZPAD8mH+PK\nL4fUQg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -697,10 +697,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", matching the leaf's SubjectAlternativeName. However,\nthe NameConstraints extension is not marked as critical, which is required by\nthe RFC 5280 profile.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUHACEEnSWee62Zghd/bveMDi9GhswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT4D4sLT8HOOXf9jWLfIB3RyZ5Oer0fkQ31i+PK\nTUFIlMNjjXdD4tIIg0dQTaVGa0sjvSG6okJJNsdWq1zPsQPbo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMNAaNKLGgTRI4YWDQHl+AzQM8pkwGgYDVR0eBBMwEaAPMA2CC2V4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQDZkzQpk48Yk1GzehPGCqdcDI3l\nwHrXPLkNXyNvRM11kQIgZm1M53mwb0XTTyNbxZlEuskPxrPYsj3lnqSa22CDvIs=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIUOTQnOE1u9Bhjn51choUrQbMyRYQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQk/CZAqyY8LpOx5+5X7khKkc7ozdDEvavaHTiM\neyvxhO/hzx5y9bVjMVr+3VRT2wDEtCT09uYqgf23kLHGLVcFo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUm98R4DHj9pK1qCUoAFLgZ2iRjJAwGgYDVR0eBBMwEaAPMA2CC2V4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQD7OHzdOsDa0BU6T8TNn7o3RZ1U\nGBhBcm3w2JzpsSL3VgIhAL/5cHD+E7TFgQaC0ia/SOzOAR5nSxbUIOFk7Dm4f2Pt\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUex159hqidEiiwZIZVJ/8lFPcU7IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABAZuHJABwOP7vJV4oNt2XkRkKiQ53ejok58+OuwJOqPo\n6jPdfu131+eVJGzjT39icMcjH0WMgCq6ICcZ0a4d/6ejfDB6MB0GA1UdDgQWBBRc\nBxd8xSbr8xw5lPaDpdfjTg5gwjAfBgNVHSMEGDAWgBQw0Bo0osaBNEjhhYNAeX4D\nNAzymTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgXU1mexZVp8mcOLuWMWtr\nS6Q/y19p07NBu8/t+D6sz88CIHOCeFC277ihkqwElNIApRwPwG+q4HMxsWWOgGgs\nFOcR\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUIlBhinzIpRJ5xJmG0zoq1xsz7EgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOafz54zKll0qiWkg4fgC5UWFBl5YOFf8JCwloFII/nd\nRfsq/Ow5YoWQ4Gp9gHqbK5f46V37tGc8aXlf+H5CecijfDB6MB0GA1UdDgQWBBTQ\n6duIHaFYytNEF78mPTOlHqZs+DAfBgNVHSMEGDAWgBSb3xHgMeP2krWoJSgAUuBn\naJGMkDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgfe/eyN4Cvzbfcqo5owZr\ntfZlWAZDfu0wd0y1AwFht4QCIBlpfuD4d5aF6lr3sa2hRkBjCMuNpmzwzttylLz5\nWS7f\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -720,10 +720,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\". The leaf's \"foo.bar.example.com\" satisfies this constraint\nper the RFC 5280 profile:\n\n> DNS name restrictions are expressed as host.example.com. Any DNS\n> name that can be constructed by simply adding zero or more labels to\n> the left-hand side of the name satisfies the name constraint. For\n> example, www.host.example.com would satisfy the constraint but\n> host1.example.com would not.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUYmDaBXYMUcSDR1qunKqp8vO6npQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT4zDHXK4fHcaCV9fjSBB30L/CY3ZrHvcJjDZnK\nEir1malp/0CRlXgDsW81q+p/pAuoXEc5j3vnd4FBl+AzfBUbo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUVN3HEkQ6XCdcHtaMxEr1UvlLZuQwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQDFOH8bm5Pl8Wt+IVn8yFK3\n7DKIXQ2hu6BAqPS0O+YmTwIgI8xTnkHC13YDLRUWH7n2IgmMSpC0scXkFtZRHoJR\nBvY=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUJvuhcqoW3+i5d6+WWKUg+g/Z8M4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASEzAbb0mxfLN+fAMVvJMx5rqopQ/0TRmSgMPFa\nEp29CluBeGVbJDhOmJAgi7ByhEzHpIj5o+Y2F8PASOXkJ6PYo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUwNJh6ZKJgT4IFD/FQOABlE7Sz9QwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDXW/TOgUQh8TD7+6malYHp\n435c/oQ5ABRrw8Tpt+jM9wIhAIa5MKtHR68BU1cK+OheEo7CdHBOHtyWjiTKo1Jm\nuAnd\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBujCCAWCgAwIBAgIURwSvbHGfHKfxYX6LvLCqP5/ADhgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGWPDhTv6dYxT1LlNEn+kNYcUHdkZ86r05LSSaEgWIxl\nJsNRGP7Unulo9kxrLfiplwGSKMNZ4nleLa6H3PdZV6GjgYUwgYIwHQYDVR0OBBYE\nFFYGIV117HCyQvBM/fn/xEahBWZiMB8GA1UdIwQYMBaAFFTdxxJEOlwnXB7WjMRK\n9VL5S2bkMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAeBgNVHREE\nFzAVghNmb28uYmFyLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIFMvu6gQ\nLbWnQjFqas9Alehzl+EnU3oRodFoOsNY8OAuAiEAg52V+s8KF32ksyPtPyMrou0F\n84RRNXBzQSjbXAaB4Ug=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuzCCAWCgAwIBAgIUQmr0fdhgKkCiTUhGTS579N04mZ8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBoCSPQWm9KmrOLOQV2Vf1kXlw4zG6XyGQFzIfhZw1Ph\nIG579OYzpTVjqgopf7OS0Ta408KC1WBQvFSu5+NVYvmjgYUwgYIwHQYDVR0OBBYE\nFPE721rjwf2pRsvZMMD55JMFezZ0MB8GA1UdIwQYMBaAFMDSYemSiYE+CBQ/xUDg\nAZRO0s/UMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAeBgNVHREE\nFzAVghNmb28uYmFyLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDEYYPY\n5kV9jFajqyGWsJXbE+XpXjQxrfuKfr/CYNO74AIhAP7sIEXq3HaDCURaxTwA+2oS\nDmE+WiIopdPp2/LCP+tA\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -743,10 +743,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded dNSName of\n\"not-allowed.example.com\". This should match the leaf's second\nSubjectAlternativeName entry.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBuzCCAWKgAwIBAgIUMf5xU4KYC5+nFbYvJzTaEsu7M0QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQHB0wHofXnoQ77FVtuuRALTNu2KQ5PNTzLzaRx\nHsfWC0zvmHsctno2g7vYojjeFsYYweTov3IFbqkCvH0G4cLTo4GDMIGAMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBRnNAFOL0X0yp7Lp3a4R515pbay6zApBgNVHR4BAf8EHzAdoRsw\nGYIXbm90LWFsbG93ZWQuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgcsiK\nVWR0RdXcTXQPUC5W67TuwzyTtxUhcTbHGFybvA8CIDxycHV7MuR5tcRwa/BRvN7U\n3m2gN/hWlbsgXkbgAerC\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBvDCCAWKgAwIBAgIUPOXXLMfq6HEue1TIRdNgEY9/77cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASLZtzwOMHxt9GIFhVSBQdiY6kw+BH5prt3tJK2\n+MVntqkirdp/sUN4hkH0PLeclR8XOHmdmtLNMWPTO6ianRUoo4GDMIGAMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBSGCaCG/Hq4jEwp5s/ZWcE/YdEv+TApBgNVHR4BAf8EHzAdoRsw\nGYIXbm90LWFsbG93ZWQuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgckjk\nTtNZFavIrbtGMpOLDxPKuL25WAs+eS2qZZEG8A8CIQClnQgCdSo+pP5VIgTh24N2\nZLkxuy6r+qepbNxj2o9v4A==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIByjCCAXGgAwIBAgIUAOiEbNuwzIRY6W3OjfBGVHyKN+owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHFuJmT60maog9OBe+LjPshDwU5vE8T7nevRMy4wIUY0\nrO2JOQEkkvYwKfkopWyCI2EAV7tQQYhgsDDn77Qcy3CjgZYwgZMwHQYDVR0OBBYE\nFHC53xDr8jEXwS1tJqOml3Jj3NdRMB8GA1UdIwQYMBaAFGc0AU4vRfTKnsundrhH\nnXmltrLrMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAvBgNVHREE\nKDAmggtleGFtcGxlLmNvbYIXbm90LWFsbG93ZWQuZXhhbXBsZS5jb20wCgYIKoZI\nzj0EAwIDRwAwRAIgIAulHaPds0PltpDJhmXCJNNM4FOOaZIjfq1qTmj3oToCIAMe\nwmh+w1Wx+BIjU7zXoo3rorgGgAf0mPLJuIS+d1TL\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIByzCCAXGgAwIBAgIUO7iB5Fq5Y1/V4rAa2JEvni0M8XwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBN2bKvVIpilG5jiZ4hSOxQEn1FbAUMaV8GdeiP2ICIa\nAXfrSXRkYftZPUxB2EwJMtyH8tNBCqcAKqFUR6ERDC6jgZYwgZMwHQYDVR0OBBYE\nFM/fo6ibk96gpNIrxVWoOYz4460NMB8GA1UdIwQYMBaAFIYJoIb8eriMTCnmz9lZ\nwT9h0S/5MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAvBgNVHREE\nKDAmggtleGFtcGxlLmNvbYIXbm90LWFsbG93ZWQuZXhhbXBsZS5jb20wCgYIKoZI\nzj0EAwIDSAAwRQIgeeZB2g+/4nzwOpff+cjEQLfWBMbKn3+rcEeALzEuWfwCIQCw\nV1q8U9EHxve9wOeDFM+dW73ZOX7rUEZspdI625xAEA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -766,10 +766,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted iPAddress of\n`192.0.2.0/24`, which does not match the iPAddress in the SubjectAlternativeName\nof the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqjCCAVGgAwIBAgIUOCMxIr1J/j3eiJfNwbUJkH75fHYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQG8BzbQMtP0yOP+uP/Ey5pE6SsCaeZTcXFiVaQ\nrXGmKpqHxOu3mGQOPrxJFN8wT3on8uIoC+Dt3Gb822vwyFeyo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUKhnDUE1Jy1iVOSaVOYQcPcBlFkswGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0cAMEQCIFgQT23CgRaAfcqW+vkeG4/TRjSG\n15RdO56z50ekRsefAiB/IW20j1jOPiq2n0misXMZh+X6mfPUh9yPdkJETg//lA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUSNrbBRI1TWpFNldhAgyk/FQKRh0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARjB7JTE7gU9qumaK9YqF+4xNlutu77jSt1Jsfm\nj1M/CRWJN5P/olwXBYlBCD9OyHZWnDR31Q3N5yjEy3ORPRqfo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU9hxf2FMsuB6tYL1H+yx0HPVvVd4wGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0gAMEUCIQC02mOQ/kDMNyREq7sT0QVD5zeW\nmJdsYhWTf/v3Pv2CCgIgP9wkWuWQv1RI881IYk6eLSPAWtsO8qESaFUpTMbSafE=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU+gAwIBAgIUDWV9rIgpcTv7dcprKVE2BjrkiSswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHNpiK9mUn+0F5BLJQ0jdURNtuiRz26p1Au4EJvgd4qV\nn+LrvgNEDKwa9mLvnSOmTcAVxgAcM/Mxi/TmrsUHlBujdTBzMB0GA1UdDgQWBBTM\nBAtpciJIH/Rz08CH1rDuztMOdDAfBgNVHSMEGDAWgBQqGcNQTUnLWJU5JpU5hBw9\nwGUWSzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEwAADATAKBggqhkjOPQQDAgNIADBFAiBhferBmosniw9eOJDethGoa6QgDJ6+\nBTmbzCew51l6tQIhAI1DNkI4sFY6Lvpq9M86DdBT64hOJM0z8XWpEmzeYx+z\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU+gAwIBAgIUTTYopyiDe49gefuVh3++csZ/+y4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABFtof41Y3rlAXB/6aqyBG9XF/t6RYXCK5ODq8nLs+/5g\n4y3hE8NX2KC2hZNz2R3WVV9Gx25Zqt3grjf2doD/NySjdTBzMB0GA1UdDgQWBBTJ\nv79eSmaMobziyDJWxiNoHZDnmjAfBgNVHSMEGDAWgBT2HF/YUyy4Hq1gvUf7LHQc\n9W9V3jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEwAADATAKBggqhkjOPQQDAgNIADBFAiEAszXJJSDE//M+QQjCdzK63v2rDDGD\njZq41HzgmPeBXSACIBiJ2xPFAPCGDTiOBhuK0qvY/E7AkVVlvNZpq7v/Dlks\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -789,10 +789,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded iPAddress of\n`192.0.2.0/24`, matching the iPAddress in the SubjectAlternativeName of the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUc0OVrLQt90Idvf63RHU9ts3WjfowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASiO7yCRdXonbhPxVyu4ZoNCh7kJHXL8l8cOn11\nk+or0CKaYzHELJwPQLMSII0+pFL0oNsHpvquMvCYukBbpNd4o3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUIsIz6MefP7cbot98724KlNTLTVUwGgYDVR0eAQH/BBAwDqEMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0gAMEUCIQC5ZJhOSEPvXI1Fx/dEr9WisRO0\nIxuVL7dBGlJD485yKwIgH1ZV35vXSX0CJ5Z5Dv1Q0RUviA4IQV4QVCcYKWPDGYA=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBqjCCAVGgAwIBAgIUapZ2UpDOohFUiITODX0cysB5DqMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASQKOXybDr/itZzTCV7POjGdT1mPLgAKxvPw6k0\n4qdFotR4efbZ2xo7isu6aE28DkeYYsHOVuskGHP4JEJ+k+Z5o3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUNb7FV5vHGicDT1tY2rG7Gz9zplMwGgYDVR0eAQH/BBAwDqEMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0cAMEQCID9WX3TV2kjRpmm6dgXlAWZiJq4H\n5p6oKy4zzS2+rGs/AiAoEyjsxApowE+fKFYtzAWLNRsHt+5EUUXdEOzgudwKbg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqjCCAU+gAwIBAgIUAqcC5J107kMLzAQ8WjRJngZ7feowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABPczUrp8inecaW5PSytdAGMC6SZhwJG1ruYzujkx1oBS\n6KX8ciMcZ7k9RS/bsEPWEZKLVPF0j41Fd/wbE9qHQtGjdTBzMB0GA1UdDgQWBBRz\nXopRxXDAktBOSgJucnpTCzv+IjAfBgNVHSMEGDAWgBQiwjPox58/txui33zvbgqU\n1MtNVTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEwAACATAKBggqhkjOPQQDAgNJADBGAiEAkeDbki9NhtJmEvnmBotp8roXZdYU\ndL8NvZwvIgmd0TsCIQCWS4fedPc/N0sAflKaATy3ewSZzmNvhJrKlMILKvmLKg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU+gAwIBAgIUQU1wv9S/jpOEMWY4zTK8dXmEB/8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABFtNCtS9vce62P9CGRVNo3Au6Y9o+Jmk0yEvUbPf1G2q\n0rI1dU7P1z7QGSjfAbIlmI1Ue1xNBaRcc0uMyUQQnrujdTBzMB0GA1UdDgQWBBRc\nb/NQbmVs1GPG7G/JB0ogiW816zAfBgNVHSMEGDAWgBQ1vsVXm8caJwNPW1jasbsb\nP3OmUzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEwAACATAKBggqhkjOPQQDAgNIADBFAiEA87bEAarlv8fGKEp/E/Imk4hkDvqZ\nSNcY8BLiYyuotOgCIBJZ2p9iRngyYdTVRxuKRBZDDfVVHK85yxErApivhhiU\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -812,10 +812,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded iPAddress of\n`::1/128`, matching the iPAddress in the SubjectAlternativeName of the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBxDCCAWugAwIBAgIUd7JZ10nu9k2SobSOjgF2ZahYNL8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASjutTPvJTQ01XoLWvv4DlCTQcC37IQf1qpCFzS\nQGLr4VVNXb1flqiOtUehjs3Zx7GqwYioA1rLOfa81FegHiflo4GMMIGJMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBR12w/4rhxEsqagouFD4O6qUt4M6TAyBgNVHR4BAf8EKDAmoSQw\nIocgAAAAAAAAAAAAAAAAAAAAAf////////////////////8wCgYIKoZIzj0EAwID\nRwAwRAIgVx5qi1Ah4iDEwU2Zl+bEbA+dMOuFXQL1cPWyNW0YxqwCIDAM1QfebwFl\nTzxLaKhUHz4fqK5UYlkJizk/AaVllFxx\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBxjCCAWugAwIBAgIUCTCfDTXgK6uR4EoRQSfZer0Bd3wwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ1R0niL0+TwpahX4LHdFUFVEhNRk5wuXi6f+X9\nSUhKMKxUMQ2pt+l3dqvTzGahvsG1FPmWI75HmizlBP5tG/Afo4GMMIGJMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBTv0wt3KcbKrUkQ3AihLvcfkzWtZTAyBgNVHR4BAf8EKDAmoSQw\nIocgAAAAAAAAAAAAAAAAAAAAAf////////////////////8wCgYIKoZIzj0EAwID\nSQAwRgIhAIa52T05+jCjgsFvUd6jeaQo7+M0NB/vnNVMNyiIyVahAiEAuWmYVTKF\nssLMbKRpzSI34sxHThv7zggN2oFBC9+fQi0=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVygAwIBAgIUOTPaER0GpFfBWyBxaklppAaHMTMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABP7Sg/Q48ZHa+aXbljPQm8Uw3F9oGEKmTyDav4uXvulG\nI3a9GkwYI7X5i1e2cvxfDjj/xAWv/k35ph5FoWe5GgmjgYEwfzAdBgNVHQ4EFgQU\nTMLFRAtrvWyQ+Z8kIx2C+6RpgvAwHwYDVR0jBBgwFoAUddsP+K4cRLKmoKLhQ+Du\nqlLeDOkwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDRwAwRAIgFXcnQZob/ot/\ncc+CMTrQIB49SxqxUbk6P5kONbfGHoQCIG+VcYWMMmyPPzKREpuuNG0wnyAZGjAg\n49nR+RvJM+Vk\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVygAwIBAgIUE6pCC+b5F4CbsDtUXcHsgxyhSo8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBbJrMgZPSMTgrKiOCEzkWcbJqYBIxt4SveRSMPxBXE5\nLu4lGueCu+JbDVsbkOQ6SJbOc/Y7Lc+43KfZ2nZHS6ajgYEwfzAdBgNVHQ4EFgQU\nElVSNhFlMdpVeBV2wgbXGpgZ6XEwHwYDVR0jBBgwFoAU79MLdynGyq1JENwIoS73\nH5M1rWUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSAAwRQIhAKvkGLRJ2LzE\nRbAizeN2oPxii4c41zsIiWKRWDyH4VhZAiBZFGyRhvsoG6eOU14SChWRQ9bbK+Fo\n1C+5kT2Q6shv0g==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -835,10 +835,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted iPAddress of\n`192.0.2.0/24`, which matches the iPAddress in the SubjectAlternativeName\nof the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIUHepYv+ek1BIx47AtYrtk7ObRC84wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASxM7+CkMgmxldDbDkR5Xbe49DpVLMQ6f+pmB/B\n3/B9X5Iio7iaEiaV17xQ7QkbRZqQciQr6dAKwVM6LUeFHV9wo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU4w6Mya/7WTy2064m+tgnLnx7H2QwGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0kAMEYCIQDhxSAgnVFkLJA4eeEXvlCifinX\nPxdT8Qlzyds2NvHhgQIhAM52oytilM8YlljT4ijrKiyOhDoagx3iUYtt/vhaP6bd\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUH9iaU3mF7CsxKc2WOjTlmf5V6T8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASFvd/hIGa4p3zffJZHVf7BQOwxP0c9NAhbHRO5\nnSbOWyZWEtzzT3d/XI/1MJDVcyBqdKDVvIYszykubu5sHAoNo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQURGbMrIJMzbyMY0yMTtiA5bZW+7MwGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0gAMEUCIFk9FFYCYRVBD4XXh6rHQhCr0MUI\nTFXKUWYiA8A6g75wAiEA2QkNjYaZ65X4LuAlECG7Ez3yVp7QYkrdgt4Pom1MVHo=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU+gAwIBAgIUDPX0z6lcanNimLFcvcatRLGhkVEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABB7HtEYzv3BSihstcoxFrpk9BSp63nW0LYQGRh/2uAgK\neRgMY9juo3UdNVdMCPIeFML6jz1VI+MFIkwYVYISXcujdTBzMB0GA1UdDgQWBBQ5\nWBW0oARE+C35c6AR9pP9GHijZTAfBgNVHSMEGDAWgBTjDozJr/tZPLbTrib62Ccu\nfHsfZDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEwAACATAKBggqhkjOPQQDAgNHADBEAiAvP6Z862kk2POLsF4uV6bsa1WdyXn/\nnzA+k+69aFi+ZgIgZ0FheMoeJPUnGZ2Ho/5rqew59i3c4r0u2bx0kQkkSQw=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU+gAwIBAgIUVqHvlNSAUjV3/Yh50my5132qy4QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHj+pVaaqVZV2lBaij4GWmO43HVCszXKMWMgiWVDK93T\n9uxLmEGneBf+c0lyoMUMt5Cfao9O1Q+UKp7wnxGuhNijdTBzMB0GA1UdDgQWBBSN\ne8zLLoBfaaM+Dh4Wen24H87FGDAfBgNVHSMEGDAWgBREZsysgkzNvIxjTIxO2IDl\ntlb7szALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEwAACATAKBggqhkjOPQQDAgNHADBEAiBUmO9+9Lt2qmn8Vtca1b88C4Q1mpd2\nMSifMDKl5GkedwIgCdqick69mURTvipk7LyObgjR7Tyg0QG1EYCoqU9vXIM=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -858,10 +858,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted iPAddress of\n`::1/128`, which matches the iPAddress in the SubjectAlternativeName\nof the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBxjCCAWugAwIBAgIUYfV+c82tsQWikYRhPPMvq6v0er8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASoe2tIVSyhbyARO9iZMIYtMRIxU4MPZKhB1j3N\ncmPEIwoRuNo7oXySB2fiGx8uHqTbwLmRKyWj7U8qudJyAHQuo4GMMIGJMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBSRkLDr7w/qfjIyyZwxi7sfx1H1GDAyBgNVHR4BAf8EKDAmoCQw\nIocgAAAAAAAAAAAAAAAAAAAAAf////////////////////8wCgYIKoZIzj0EAwID\nSQAwRgIhAOAi3UwjXip08zGlbSnqmS6N+w1PxD9G/7mCO1HnW4OTAiEAr7BSvaJy\ngHpTyyKz++ld7qOsmXyz1H+jlP+gn0i0tus=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBxDCCAWugAwIBAgIUTH8XbqDZMdqoBDVgBmq5r1il8nUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASEbYJONuGZVvQba2LLbD1kjn1bK3zyEkr+DVzP\nexfExmbujf17R7Z4CM1UY7VROGSj+8lQk3Nc7zi811HUGyywo4GMMIGJMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBSnXDYFf3XCsjZRDMO/W8mvjh6QVjAyBgNVHR4BAf8EKDAmoCQw\nIocgAAAAAAAAAAAAAAAAAAAAAf////////////////////8wCgYIKoZIzj0EAwID\nRwAwRAIgNHFoNgF+mHcedQ/aybEJhnwKJXg7P1MqpF99jPQ/bUgCIHbem0iLZjWH\nJTqCpAuEnq5IGe1S8sqj+L9VZ0rThflR\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVygAwIBAgIUOs0Jb4dhll6HLpr0RsSwdk81eIMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABP2bIjNXJqv/bLL+WuOFGFE2HdKaLDp5hjWZ3YKoKnfX\nmVSXnLJFsbEhOexGTOSme+HaN2XSCSxijIBfYB/d1aWjgYEwfzAdBgNVHQ4EFgQU\nl3JxqwRu28DNZB61OpYcVucCalMwHwYDVR0jBBgwFoAUkZCw6+8P6n4yMsmcMYu7\nH8dR9RgwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSAAwRQIgfX7vRLNX0RPR\nnEgHi7PSKeKd3r9BwL5rosAXjxgh4t8CIQD9KK6GBEjluhcOLwBsA3wSTKVH6Zj/\nWXiPB8NYTbp/Gg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVygAwIBAgIUavEC2EWS5+YC5G1bhZkNCuzlxYMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDIhruCxZGy9OYY4r1ans1w/i3hwQ2/PLU/PgLpyuK62\nuBWHEREWDd2ly+SA2rWycDsmGTpVgKNCXPjeoXVVclOjgYEwfzAdBgNVHQ4EFgQU\nQI4ea1n7j2FnnU3CJh+yAsYYjBgwHwYDVR0jBBgwFoAUp1w2BX91wrI2UQzDv1vJ\nr44ekFYwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSAAwRQIhAN6DsSIEAhL3\nfFDnkqs0foDHsDZwT6JKnSFAg9tghP2lAiB6KqMEbLwVM2sm3fcanu9ah2oeV55N\n+0J9A9bv9r7MlA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -883,10 +883,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted DirectoryName\nof `CN=foo`. This should not match the child's DirectoryName of `CN=not-foo`.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUeL9uGIslhT3IId4t3PEzWA3eqU0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARL5vENkqCZJZDDNAwXc3whlBTRHkVqFvVIMn0E\nOf3ZIY7XjozD6ETHFxPsijwhy24305UnKkZ6gOj5F73Ri3sqo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUESGPS77nHsEynPRDMfNIDaFfSIAwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSQAwRgIhAOBZpTHd7kdkFrrc\nviyFxLJIcRQayPDBOY/6pxG5sOskAiEAx7DzVBEgKRXsDv74+fO9p+lGXIIhSi9A\nyPJpQ5Eu268=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIUeIEPlgg/dMe0k+byspvlawCPp8AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASnlnK7GUptPLeXgo+iC5E/RdCPflvrgMlXuXk7\nVtX+0HXjzLke9WpXEphUiwsr5EuTE8IpkyIXnnvEecqG2/S9o3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUbFS6Kuc+OY/gQ7iCPfOxDf5w1AcwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDRwAwRAIgaFxreT1yVucFDf+M\nFl597xnrk58aHNpVsQJ3bLueWN4CIBpm0KBzsb/lV7bKvjhbTOP84CfAazQ+0y1M\n0A+fyGHt\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV2gAwIBAgIUMeM0UhAkSwo6UQOc2BkHfeUJzMcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjASMRAwDgYDVQQDDAdub3QtZm9vMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAEiha75xyucaXKxB1EvCA4Gcsvu5lbZtiA0iTylA+ZxKfYDZmn\n82tEV67hPH5JXKXU9VdNh2StXCwEtxpa7Om926OBhjCBgzAdBgNVHQ4EFgQU2lWw\nz6fyBK3OuVu0Dmpbb/chZGQwHwYDVR0jBBgwFoAUESGPS77nHsEynPRDMfNIDaFf\nSIAwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB8GA1UdEQQYMBak\nFDASMRAwDgYDVQQDDAdub3QtZm9vMAoGCCqGSM49BAMCA0kAMEYCIQDI51b2ITFF\npZDhjFdxmTwuPPct24y2v6wNO5Ekc/Dz3QIhAL2LPE8w1q0qV/oO5E29BRFsOD7h\no+8SDZ3nUFcEfOGc\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAV2gAwIBAgIUTLeb/FFDf7owZbI1X1KlkHkLFpwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjASMRAwDgYDVQQDDAdub3QtZm9vMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAE3LH16s5rf7GtxH6KCqSZcT13dG/N6G3TX2UNJHUCGNrOUlGZ\nMbDeBl14672K1bq+sJ9IIFxX4n8WqZWe/zmuF6OBhjCBgzAdBgNVHQ4EFgQUY8dG\nmqNUk9Wxbgp+5LbHM+CmoUIwHwYDVR0jBBgwFoAUbFS6Kuc+OY/gQ7iCPfOxDf5w\n1AcwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB8GA1UdEQQYMBak\nFDASMRAwDgYDVQQDDAdub3QtZm9vMAoGCCqGSM49BAMCA0cAMEQCIGdTZl8QdTNN\nVYpbtH6CA6J7ni21lXDzGQ7RshOs/htAAiBjOEecgRCzZk6NrfnEG38UCQKv3TJ0\n+FkJxLp4YlaNVQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -908,10 +908,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded DirectoryName\nof `CN=foo`, matching the leaf's SubjectAlternativeName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUSrLKhiTF197hRITsyHKfHc51eUgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASn/GbYHbZZTfJ5upEv36fvJ7SfiP9GiCeLaJ4z\nBL+tsV1IVUrNyHqlJcd6X3LGfTdYfFz3sDIonPXwGC0fG0ngo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUaOYR1LuGZAf4dx/tUHWcx+oy0+8wIgYDVR0eAQH/BBgwFqEUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSQAwRgIhAK9uq8oxh/rUuw8V\ndoaCD0FoOfIaMpivHqBco61D80DUAiEA1i46LpLCSuQhjt75R8ujBbnjEMSn9Ndk\nzTW0BHeIiQw=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUCbzbPqhklx836yfWWQzetqZtdkUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQLT+9PZd/PxEbGuDUyBpl75wSbAdYevPh+Zf3g\n+bEEEpMNMDaFacKtaHDo56YqoCCuV4mDbcs6k/bbseXHKcZYo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUez2PnjeHmGH4wa6Ir37zyc/OQDowIgYDVR0eAQH/BBgwFqEUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSAAwRQIhAJ18TGEchwTD4c7x\niJbktSfrbKT230UL271enrPCehg6AiBifI4ty5ukS0KNkGww7gLeJC04IaytfWqI\niY4cLm4ODQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUA2c4KHeCLbwbGvpe4TJIIQN29HAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAT+aM2VVD0tDZrQgEYlgMgsVzd3YHWht8ZDAwNS0h0DH3R/Pdyc1mlY\ntvyFWy+Fn+DEEG2f7Rb02jR+BPVwkhR3o4GBMH8wHQYDVR0OBBYEFJkNVDBMWRc2\njmfoczgrEccpV9rwMB8GA1UdIwQYMBaAFGjmEdS7hmQH+Hcf7VB1nMfqMtPvMAsG\nA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAbBgNVHREEFDASpBAwDjEM\nMAoGA1UEAwwDZm9vMAoGCCqGSM49BAMCA0gAMEUCIF/RZhmvZPwPtF6UNkBjHI2k\nrhk8JWAdVcC/YhPgWy6FAiEApjrczfm+OUME/ILMUGwAGynaDfgZIAvhA+bNgf5d\nFbU=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUSz0IMeesRj3Lx8t9VkVqkG72z6EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAQNs+klTCkpWJYaTQZWI6CFZ35cAYf1rIBb0+jvh0CdvwsI+WOftbWG\nxXeaAxYKLf8hdo+a3JFfUnHXyzSdpSDJo4GBMH8wHQYDVR0OBBYEFHtDxHfptAIN\nTcX+m6H3mTEYKHntMB8GA1UdIwQYMBaAFHs9j543h5hh+MGuiK9+88nPzkA6MAsG\nA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAbBgNVHREEFDASpBAwDjEM\nMAoGA1UEAwwDZm9vMAoGCCqGSM49BAMCA0kAMEYCIQC33oyL+9wM9bF0CzSGYAqv\n+Ft2dDa2r/F9S2jUz4JCEgIhAM1JWk40OyIezrDCtdvBxhydJcqpw3ZsOoEpSA5L\no93p\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -933,10 +933,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted DirectoryName\nof `CN=foo`, matching the leaf's SubjectAlternativeName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIUGF2O7qdjvwkSAbHitqbTvfS8zykwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQursKaF9KkObrnbIkShvkSXUVMJ+d1ENXEhaoc\nYArVET8JhyINin7yZfGdXKVN/dgT0HVEy1s4ta3Pmb1dEDVso3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUNJGTePbkqFYSp9x3IQ1BbGfd8sQwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDRwAwRAIgMab2SgXKD9PYdyiS\niE5O+I3Djwm867RIJ3FHxnhcNCICIAxEhIDlolbQUx7OpJvvCmDHTxRGrsfxmcBV\nQqZHiccK\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIULGLubsobHyU9HgDX25utJEe0Iz8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT5x9s5sdlDTnz1xzMrPJy3GI92svr8buB3/lNj\nhp+3nrE228kAVp2qUgW4z/LCS0BSlEFxdIinNmAWZyQd1Hrro3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUwb9W1VPXXmvicBk3skCqQJLqVhowIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSQAwRgIhAKM0wIJR4nK8FlDs\nQI6TRs/ygP8WqGIgxmER2VSPVZH0AiEA77wZcBm8rzum3FZzyARKVipSap72OEzR\ngjIvb9reicQ=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUJ2BymBK1OPtS4jjfTAaK2A3wS/kwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATzNge3ROGfSVdQ2M8VBu9SDsdILRhtkSEBpQjclMcO/UiO73wWE7oT\n4torTkd+UAlURxl5kxi4WMts4wcVkR0Bo4GBMH8wHQYDVR0OBBYEFD66o5DIU7Na\n/uNZomGqr9a1qN3wMB8GA1UdIwQYMBaAFDSRk3j25KhWEqfcdyENQWxn3fLEMAsG\nA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAbBgNVHREEFDASpBAwDjEM\nMAoGA1UEAwwDZm9vMAoGCCqGSM49BAMCA0gAMEUCIQDiT2okveLpeRRdz3U8VD1N\nZ1uOu+nITOjtNe/p0dHimQIgSWRyDtQ8vWO62s4P1b3WzagaRNMzooUXeEmdK0pD\nQ/E=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUAPxBhX3KQxrnMy/1Nq4f92416TIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAQWle5FFL5ojIZ9II8irzXpBJZ827QdUUkD4yuUsIsFPidraiS1laNM\niwi3rFDYFgrB66tTT1Dfgwq7Z7gzxndzo4GBMH8wHQYDVR0OBBYEFLDwsZvTN/rO\n/xLvrGqMidC+Xv6lMB8GA1UdIwQYMBaAFMG/VtVT115r4nAZN7JAqkCS6lYaMAsG\nA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAbBgNVHREEFDASpBAwDjEM\nMAoGA1UEAwwDZm9vMAoGCCqGSM49BAMCA0gAMEUCIQD1DdubbDL2y90Kl9sk2FE9\nWGoQkiJ3er82xy17UVo+SAIgDL1H0l1jw9oz8vDR+9IW1SxSmVFCkTy4RW9snfn5\ne1g=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -958,10 +958,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted DirectoryName\nof \"CN=foo\", matching the leaf's SubjectAlternativeName but not its subject.\nThe leaf must be rejected per RFC 5280 4.2.1.10 due to this mismatch:\n\n> Restrictions of the form directoryName MUST be applied to the subject\n> field in the certificate (when the certificate includes a non-empty\n> subject field) and to any names of type directoryName in the\n> subjectAltName extension.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUUZQUx88YeTBQUREDwzRoK/F42VIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATZBvK3rKfJprQr0JVKnvWL87lq7W0rmwv/97Ko\nY63wWMtEMMHJ8jggTudNoVLUfeok0/BwTV5zo32yr/BnyWmKo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUKTZOO24nMLN77UTk2QcOMT3G7PowIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSAAwRQIgdSmXrXMflzOE8Q01\nP/9JQQ1W2LSDiNdM12gzpghjIJMCIQDtu9gCsWgMbSLUodTabMB5/vtXb+DRqa82\n60w6k2HFJA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIUSOB1WyGs0gcOv6WDRXEELymk74cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARi+IPEy2t2X+H5zZMFK/WDDNSgqGcd1/GVVQP8\ngo/jwO9pq1OdQlY0pZolAHcI6GYrfMNWTq8WrfgC24IdlW62o3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUhpzox4JP4dF+OdIq40WRyosSs0wwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDRwAwRAIgS8mgCzuKawjK68KX\nIOe8ZXJRCZ4MNMRrK/ucyPOcfOwCIHDyobBfBBjN5/rZhgG5reXCiPadV0mbGRkA\nfBXrM7PZ\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVigAwIBAgIUYxNnoI+iQl5lYcPk6CgRglLO8z4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjASMRAwDgYDVQQDDAdub3QtZm9vMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAE4lszzIEGgkMtu14InlqrRgZQvgbaU3aW+SturwZM2M0BtaLg\nmxR2+ukzT8qrfgx2Qz01IUY7hhYVAuyFaTyBbKOBgTB/MB0GA1UdDgQWBBT1DS8V\nVXWTuhPozDQrRwhxZjGPYTAfBgNVHSMEGDAWgBQpNk47bicws3vtROTZBw4xPcbs\n+jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGwYDVR0RBBQwEqQQ\nMA4xDDAKBgNVBAMMA2ZvbzAKBggqhkjOPQQDAgNHADBEAiBMUPM9MxeGIoRFKd3u\nilme1d43qkcdI8oBVvRBjaROdQIgcz7cq9lKrrDKJARcRFeRr7/wVULjYBSnr4Jw\nWCN4O3g=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBszCCAVigAwIBAgIUYaxUE9cy0HUWShvDkAp1Zp0H5qEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjASMRAwDgYDVQQDDAdub3QtZm9vMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAEdGGCYK+A1He2kF9ownp2Vo9JdfPoCrQHLOlsAXmTr5kwrvwD\nn75JXrqf9FJTertjwKsZzb+ok3uGy1jai5SjZKOBgTB/MB0GA1UdDgQWBBRz+efz\n9pQLmSg9HiQISxxXWXtyozAfBgNVHSMEGDAWgBSGnOjHgk/h0X450irjRZHKixKz\nTDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGwYDVR0RBBQwEqQQ\nMA4xDDAKBgNVBAMMA2ZvbzAKBggqhkjOPQQDAgNJADBGAiEA/mJSdKx7fIozuLiP\nUrLZhU+pjHqhTrpgd24FbCJhZTkCIQCCE4Uw95bk/Zz0DFNhuIHA1cyLovPC6yXd\nfZeFqYkihA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -983,10 +983,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded DirectoryName\nof \"CN=foo\", matching the leaf's subject but not its SubjectAlternativeName.\nThe leaf must be rejected per RFC 5280 4.2.1.10 due to this match:\n\n> Restrictions of the form directoryName MUST be applied to the subject\n> field in the certificate (when the certificate includes a non-empty\n> subject field) and to any names of type directoryName in the\n> subjectAltName extension.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIUPObusQAiw+22e9pap9bDOiVSPaYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQWgHrxAzYaYrTOE761rW4rM+1TkFPGE0xMwDqU\nVPKoN/zMGdczzSn8pzANkz+NEmNXv44oAE4EvDRkY0fmXy0mo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUEvRxzPGnBBelc7zGYIXzj7tRYYMwIgYDVR0eAQH/BBgwFqEUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDRwAwRAIgON/FXEID+kYCspjr\nEmpQIkaT4+PytBrrSuw64g9rbfQCIHJbcArXUOXhleRq+VHhqt34CEgxoNEUaybd\nIAIIQ6Ic\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUUh7zb6mTAwDq9gT1f5cOOnX3VNEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQlyJqyQAzXWICJlXuhFFLzmP2x/BOrvVjR3eSB\nt66Qgt9JP55E4G2F0OTv2nv+9w0Au1GVdRx7Wynf6UTPXOR0o3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUX9IAKUKRNBYOYXrFBHx8t0qoQBIwIgYDVR0eAQH/BBgwFqEUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSAAwRQIgNCruiSStMijHcQVd\nUgwNmpCjX9ocJma5PayEBkOFP68CIQDIzrEVKc4eEqahYtLArxNUSW++Zi+Oipn/\nP2ilM+Uy1g==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIUS0S8RoO1x6Ha673qEdIXyaIu+nQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAQHwUT3mgkEJNbXaTZdO4nQ58wRwvnsOTv2KIRSnwRaeJ+5vHBW1ViH\nKfRCquZIN75Eb2hX213NEa0jbAKbo4H8o4GGMIGDMB0GA1UdDgQWBBQGzresejcw\na0Uzl+Ac08mmtRCxrTAfBgNVHSMEGDAWgBQS9HHM8acEF6VzvMZghfOPu1FhgzAL\nBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0RBBgwFqQUMBIx\nEDAOBgNVBAMMB25vdC1mb28wCgYIKoZIzj0EAwIDRwAwRAIgVRrUoYMkM0d9a0ec\nsL7iqQhQa9Y/6Myq2DDc7G8uJmECIG8LwlHWtBlQAJfAjLZ0zAob6h24F2pDqu7o\nuKIltOZF\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIURrwEbUrLBqfjwxSATQ3fvI5GNTcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAR7N1m0yFqiYg0GMwMrIzA/ERklrk4wj+gLd5U+htulqu84faGfdsOp\nA55haSK2igw0P4QU3lGnJQZFOhNfGEPxo4GGMIGDMB0GA1UdDgQWBBTgh4oIPsTC\n7Uqo5N0BFvuzSz3EozAfBgNVHSMEGDAWgBRf0gApQpE0Fg5hesUEfHy3SqhAEjAL\nBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0RBBgwFqQUMBIx\nEDAOBgNVBAMMB25vdC1mb28wCgYIKoZIzj0EAwIDRwAwRAIgIptFfiSe/JCAfHha\nVmjJ5VVs3XkHa82Z4aV11lmcevECIH0TDLFq+NXb5aIyXkhutCbarVvi9AsJqzWh\ncwbC+H2K\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1006,12 +1006,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", whereas the intermediate certificate has a\nSubjectAlternativeName with a dNSName of \"not-example.com\".\n\nNormally, this would mean that the chain would be rejected, however the\nintermediate is self-issued so name constraints don't apply to it.\n\n> Name constraints are not applied to self-issued certificates (unless\n> the certificate is the final certificate in the path). (This could\n> prevent CAs that use name constraints from employing self-issued\n> certificates to implement key rollover.)", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVigAwIBAgIUHBYxUl0a5EHex8vn7Kaj0AlmtxQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR7v4mMctu1Ks4uD0qX8EkBsNyQJ+PbovX2mwzl\nqRkzP8LBiK2Wg9Ak+Cq9gxYqnFkdHBms5oQmNdJL89iLKz1Eo3oweDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHQYDVR0OBBYEFB5ggAAbGglDVhnFHMf9TcCGGbj5MB0GA1UdHgEB/wQTMBGg\nDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiB94Lwr+wX4R286ik2X\nmeMVG67a9XAvkfyJukd85QTGlwIhAJ7B1fXN+QQPFKsLtTrglCVqB17Rhl/786gl\np5ZZDpZO\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVigAwIBAgIUXVTqJJ7rfJyo3CKUuZcC/3ZAXZowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARQJsNwcibVsdPZeV9DBxQZKtdRvbIIkRttc6Al\npJQPki+8Fy30qd7QZdGDDfssr5zewf8gkK8yhNQMx/16fPopo3oweDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHQYDVR0OBBYEFFgZwDEDodRk65rZig8mL+xRklhpMB0GA1UdHgEB/wQTMBGg\nDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBnOptJIKTnLv+aAuUT\n0GjR5bsQgk/JIgnHoOUTgHJj2gIgWweBXwbok5+T9HCdLWvkPZnZw6jbE3kZFtMy\n4Vip71E=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVqgAwIBAgIUSrqkgPkKHmvcgxV/gMbX4SWkkNAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQQP4qxO06qheOy8PWFbChUjg3YWQOTbdQB9Erq\nT08yoaK96u7pGYsHlgL468NoqkqMXHzyD46RWb6g2baNQoaWo3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHwYDVR0jBBgwFoAUHmCAABsaCUNWGcUcx/1NwIYZuPkwHQYDVR0OBBYEFLpI\nV4aRK2+zYa3ywAEkW//vboxMMAoGCCqGSM49BAMCA0kAMEYCIQDwcZjwYMwVkmQl\ne62S/iMqBxHqUBhN4CSJuk9V9lD0gAIhAKABLuZiyQBiRn9qxZYposyCLjC7sQ/1\nXTTBYAA5DuDR\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVqgAwIBAgIUV2cncg53SlxTQhMQp7HsQn34vCowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASlHi5LGZRemUtzM1ckGn5O5u4XhqaHC7EtrCcw\nYbk48BbqJYfwsz6M0cWWajbS941XHoftAseZZ1W8bNxY/nSKo3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHwYDVR0jBBgwFoAUWBnAMQOh1GTrmtmKDyYv7FGSWGkwHQYDVR0OBBYEFBOF\nWSKUxaZ4YWL/qBu0s+a2vOyCMAoGCCqGSM49BAMCA0cAMEQCIGCr/U/n+AaU2fmH\n46qMXk7O3Kj+MIAb3XwAmZ9Fj2zQAiBrjt2s24y+oi8dZqx1hom1xGr3Cl9DXHHP\nay3uogEv4A==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUNscNmx/gGokM2gy96n/jDK1zGskwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABB7+xZzp10sTbbVeqFrbEXqQUXFPtA/+bpRi4t01rdpQ\nD/7FxsHZRMAVAdgUXkCwtirl4lKkeYIEQgORnAnwwJujfDB6MB0GA1UdDgQWBBT3\nQ5QYpSRXPMiXP8BlC+WkVemvkzAfBgNVHSMEGDAWgBS6SFeGkStvs2Gt8sABJFv/\n726MTDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgQJS/g21TMhQ6ElabWtB5\n2xL++3y3oi5QqjbG+jsvd50CID/G0FDkwSR/LDb756uuH8h1R1iCqap/k1/BCQf0\nG9wa\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUBhcl5ZnHXcDTbDg7qeM9e5f/op8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDC5fW3mJR6TX2krqkmLhWLiVVrbk+YOaAAGH/C5q9+8\njj4R/usXMWAcfDTbz7zWkQedv13pfjNiWqK9Pah1riOjfDB6MB0GA1UdDgQWBBRU\nI2B9wIvxK6UiE5BV2amgXw478DAfBgNVHSMEGDAWgBQThVkilMWmeGFi/6gbtLPm\ntrzsgjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgYaBeM9UQgJCIcOfp54kb\ncAUs4kezScMIT3HU5x2XEFMCIEQWvLx94WPPJOE6SsABOg2c9jRLgCdHaeUNITIJ\nil6i\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1031,12 +1031,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", whereas the leaf certificate has a SubjectAlternativeName\nwith a dNSName of \"not-example.com\".\n\nIn this case, the chain would still be rejected as name constraints do apply\nto self-issued certificates if they are in the leaf position.\n\n> Name constraints are not applied to self-issued certificates (unless\n> the certificate is the final certificate in the path). (This could\n> prevent CAs that use name constraints from employing self-issued\n> certificates to implement key rollover.)", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVSgAwIBAgIUIqQ4BQlxbN9meejMyxJ0v2HJzu4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATYwwHEquRpvV1lWn/431jcnTA4EDmMdgcw4Q9i\nKSZBfakwGFMqNb2TSSiQkbl1wy8q+5P3qYqp89VWqXGVv+j0o3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUevWsSqih8uVVZYYKICUkulT6p1EwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIB8EZBeMd/3DvmUE+bnIcOOZ\nRg1lhmZQaOstbCUJLpK6AiAgowhE3bq9qzMG+oPC4NgbsP0bWPhNs//7rEkIoE/+\nUA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUZGRu10TEdXYzn4FmPeJI+17uiqQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQQndQKipDsBGlxqksTSfS1IiKZR9nXRJvDJGjt\n1sDqjRR9pbE+x7XGNKW2xT24nUSMBHjTHm4eF1wlc/B6NMDeo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUmwt/hP7c6l5XCz7BhhLB9HtydXwwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQCPQqnK6cZSu3qO4mhlN7Jl\nGOqyYPruMibBx8e500b/twIhANCb6A1zGmuxxQ1eMI0nQfNED1vN0gCc1uuMXYXJ\nPPCz\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVqgAwIBAgIUZMAzVfcsQuZlLEhL9V4JeYHR7/owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT4w93ASWO380iGRudy839v0JY3k709a/lc/Oir\nfXyjMOYzFD+Wf92RC6a2rGh++1vNRGH79X5IfwLDz9V3Dwywo3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHwYDVR0jBBgwFoAUevWsSqih8uVVZYYKICUkulT6p1EwHQYDVR0OBBYEFPka\naDSPajB45z4ydR1qT5OoFdc4MAoGCCqGSM49BAMCA0gAMEUCICY5Qv79M3+FlpSf\n90b7Eq/2JV6ZOrUxATKvtvI8e1nHAiEAuuq3Fzklndgr00hf/aPV4nt/ExmPMy+j\n5R7vro3wWXs=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVqgAwIBAgIUfHPCkFiQ4FD8nETmQpQEpPqEDPMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASBdbJFRAMMFiTKYMzmTgmn9EfeSnsSoHL8Vg9S\nWXjDn1DU6czKSH2eC2SoGt1NVeanAKuFdhoOa0vz513UKVG5o3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHwYDVR0jBBgwFoAUmwt/hP7c6l5XCz7BhhLB9HtydXwwHQYDVR0OBBYEFJVT\nGucrCmhxvgGGHHtiABeL1Dv6MAoGCCqGSM49BAMCA0gAMEUCIQDkSnQK5TqjZsVL\na3pdFUhQmp4Wfy+Z+AiUSIFQnGGT1gIgchssHdUP28ja/5Rvk2Tf2l8W9EsvtlS7\nGC6qpJVaN+0=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuTCCAV+gAwIBAgIUTwDmgcvHDwwJalk25+0wh12y5pMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATJmrXp7qrbeItX1CKtheJl3S0PkJk6A0zH6k4O\nfyYf4bLPGZmtSSLiYk7phyxhqoHTepUocsfj0JZ4Oyv6JFgso4GAMH4wHQYDVR0O\nBBYEFM0qoyR+n57BLtQuEh5zekPS2+QuMB8GA1UdIwQYMBaAFPkaaDSPajB45z4y\ndR1qT5OoFdc4MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAaBgNV\nHREEEzARgg9ub3QtZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAJlCUubx\nQCuCqtEbMVuxZGEhKbwfbYT7utrsadohkyjMAiAnYRdX8bQ/h84wg63K3z29vnHr\nndnqF0mnbu3pmK9mRw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBujCCAV+gAwIBAgIURkPy+TQAZSTKqIcxgIEQ1iVeL2IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATP7qvfCKfR73ODrV4wDvkUzICKInp9+0Wc6yUu\nh3xT23I5Q/kkJgmhBRWl/PY3denB58UMKNSU6aDtdgRlTd7/o4GAMH4wHQYDVR0O\nBBYEFCPfrih+cSUge+j3/MH9wWNONOwLMB8GA1UdIwQYMBaAFJVTGucrCmhxvgGG\nHHtiABeL1Dv6MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAaBgNV\nHREEEzARgg9ub3QtZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhALb+LZjO\nqyh3qSqCyuQbU8nfoVWg1Tg2+/MUcjUerERhAiEAtV+w0Oj5Q9bY8tR7Fy/ASeLB\nW0GooYPUxXn4SayxHHI=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1056,10 +1056,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted and excluded\ndNSName of \"example.com\", both of which match the leaf's\nSubjectAlternativeName.\n\nThe excluded constraint takes precedence over the the permitted so this\nchain should be marked as invalid.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBwTCCAWegAwIBAgIUXQqbUf/d4iV5eYCuq/CG6AHHqygwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASidsJWvO+1FSp8Nb4j7YXBrc8THfTubqP40KPW\n0kEfPEH5mwUvpCFsM9ZwDVeNyKZ/Hb4pS4KT5msNAX/4TVWJo4GIMIGFMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBSPBIXZmN6WToU/Gvp700ALoulG1jAuBgNVHR4BAf8EJDAioA8w\nDYILZXhhbXBsZS5jb22hDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBF\nAiASBMl4p30/mpaabCvpG9D7tyb7+ZSyxclYSsvbINZHqwIhAJBT7LnQl4BWXljU\n/VLiJ/HDiV11s3+mpMLvBvi9MkZR\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBwjCCAWegAwIBAgIUOLIDFK4Lyp6gGj24LEmTWT3ZrcwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASZKKuDxxM2xnEmPOVdpHRvMRIeiypXZ0Z8aw+u\nSsN+/QgChSGYQdDhvcEYvuNF3+p3reoqBdAET8M0U+yWupKWo4GIMIGFMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBTRHkQtvrQcMQ/iScHSAJDJg5UWqTAuBgNVHR4BAf8EJDAioA8w\nDYILZXhhbXBsZS5jb22hDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBG\nAiEA+eGYfWpNtEbCLrGylAsPP0dUtVAGmFvFclqrCyTr1OICIQCl82t624oUY4DN\nEMuhD7Ir1Hd96mMyRbelWQ99ZFB4pg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUbYd11K1Cm7BK7BLRNw2gfUQLp4owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJ7q9iUSC8pWDpCxW4ndmOcJHLwKJFJBColjggUplziu\nHin1kBPyQaHkrA/3yvk5OnMx1T9vwzPVZeo3U3eeYUujfDB6MB0GA1UdDgQWBBTk\njNZ9W6BBXWws4o6wHCHrljyT/zAfBgNVHSMEGDAWgBSPBIXZmN6WToU/Gvp700AL\noulG1jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgIHtgXHjYpmRuv9eFwwLH\nJNwEzKDwglGU97aPc41tvgQCIHnDP1S641hEpyFarT3gSK5gxe0fGOWIyqcCB0b8\n3PjS\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUS2sVmIQKPWqz4kZpu+WeYbPH8VAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNJ+oblveXCClZFOzHbtsdElrQhsWs/nEXBspFY0iITB\nj/d8c0UL79HnEVGh7KSSVMjMHFwh6esRdlkFgd5i3IejfDB6MB0GA1UdDgQWBBQd\njAX1LOc7A7jaTl3G4KdXpGEw9jAfBgNVHSMEGDAWgBTRHkQtvrQcMQ/iScHSAJDJ\ng5UWqTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhALk+OKRFxXhEm8SXTlG1\n04kA+X4qtIP2aWGiq6Dpp+wpAiBckfGJuF8T+LwGOsBhkMh4JFjZtkaxX/zeWp7P\nzZVcQw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1079,10 +1079,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted iPAddress of\n`192.0.2.0/24`, while the leaf's SubjectAlternativeName is a dNSName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqjCCAVGgAwIBAgIUbkEcnDnbGt0eWfD0dh5x+JIWcEUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATH+pJa1T2Nby/2KeWYk4rP1RqxFzr0fcalQGNS\nOAplVaEP/8gkFSuWXh67uxxwKv10de58qYlQNQu7qWLfAnl3o3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUYRU2vOYgpooJr5gDhMF0IZ7bKZ8wGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0cAMEQCID5ObIOjAQlrR6zEkPJXAbh+1FOd\n/ErjWtAoAJIESPHUAiBxwsnd3wOnmxJ+AB3/p5qS46FUvtRzlRgtMXVb8cKYGQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIUWnwx5zPMxNdTqE6+omi7srJ76NkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARpdyfmkh7EQQtWw/TJEG9k/TAyJ+wmnCOnyKeJ\nPGs9oeAo2ndQ2oqX32cYiIUB39H/bYtmgyehYeCuhaQJNHKVo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUYn1fr+8AP4iHhBuBgn78ba2q5vEwGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0kAMEYCIQDpg9p1YuH1Iol0aEDRnL5FIOvH\neN48CR5AzgrnJwfDzQIhAMLvjSLxg6I5CAVr/PglZRJH0bYECSlKiLRQrzOqMPku\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUBGGB3FV4bPnAtsRH+1UuCrO7ui8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABPjAz4PvrfFcXZ6Nqv46rkM92VOacQakHoHOkn4EtEyr\nCkcf/Zys8PGqtOpC431JlvGq0Ze5jOO8yc0n6/MlenSjfDB6MB0GA1UdDgQWBBSi\nsrRmGWeHDqfm3jxc2CV42UPboTAfBgNVHSMEGDAWgBRhFTa85iCmigmvmAOEwXQh\nntspnzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAOp5dXoGFReggj/Wg/VY\nzmuy6T6hCd3MY5i1g5ZjBPvyAiAwolf41nfM+4nsgHDDes8ccbUaCxRLvLl/dtTx\nVEwLTA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUdtqWihcr2CRVgvoiu/9POeNLUiswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOA1F8KouAMCgZei+eQvouPEkmIyiwQfeJ/9AYM5BWzk\nLzlw/rhdumbqFo2I7vFfh5fh4N4mrh3lHMndGPnDzL2jfDB6MB0GA1UdDgQWBBQI\nIEhNzKIEx79x12C18yOqnQ/iwTAfBgNVHSMEGDAWgBRifV+v7wA/iIeEG4GCfvxt\nrarm8TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhANbipxJrJKFhJj2i6bgj\noz9rfyk5+5kdPfVvaOLbNKFaAiA7tzFnttFqEgyvd3uT6zLjiuOM4qdDdStMp9KM\nkrY3zA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1102,10 +1102,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded iPAddress of\n`192.0.2.0/24`, while the leaf's SubjectAlternativeName is a dNSName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqjCCAVGgAwIBAgIUYDdxdnjjnMHgjTOkvcdDHI+pKoMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASQBimbrabzGnIfPrpX7Yxql8dys/3F7XuunlTX\ncM+BpzOsUnrhbcEZBokRGJkpvCFqCQYMABX5GLNTqrWuuNrPo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUwGxerf1Vgv74Dm9bdMgHYTnOU1AwGgYDVR0eAQH/BBAwDqEMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0cAMEQCICIRBUxSJ5UPBS9D09icfhpxWRP7\nrj0TqUMqkgRus2RuAiA6QH83OknTYpckWpliXY9va2WRkajXEdOa+KzVeW3E3A==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUQl1s5GYmk06U3N0X1xnJzgD8FhowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARggZJbgZANldAUZxKp95p4Nx+v29r1m5+Kdjrv\nXq8nfeMtSSKPRp4yEsZO3QLG8Lh888lPvD7QvF8JxrzehFWho3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUvkXCTs/RfFbfD9z8XEXvqno0sMowGgYDVR0eAQH/BBAwDqEMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0gAMEUCIQDf7+ebnkpiO3/ikaKOSi//8CgG\nDsBBqbCRGWterauDmwIgM7nTElFjyvD3xcjHHiuyuz+HsObvQPOVljNDSngdV84=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUNu+tDyL3WMn1JxyZRq9dBhJUXAAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDj4ftrvVSouJZqAXIBlLYyhJ2dTOSX5Mp1UXapprwGV\nN6h7ebwCRS1QrwOrkxXQ5zZLu9z8krJras8tzFlHSiijfDB6MB0GA1UdDgQWBBRS\nIZ/X3AOS8za7LDDY8nhGu2YnojAfBgNVHSMEGDAWgBTAbF6t/VWC/vgOb1t0yAdh\nOc5TUDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAIjuivanz2HbTr21DweR\nBrH/t0E6QHxlFaag/17mpH9JAiEA4FbstC2F/BsMlSuPol6jUR6/tN6uV8uB1l+4\nNnZeJKw=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUDAkHnehQd2SJHrRvZFJBHoXcCDgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABPztyPruldCE4+HbodCSz2Tz0qv444JU9ksN7ePuKWio\nW/RYuNIpwJcfGGqqfbrznxEXDpN+wi7RtRiYI5kPxqyjfDB6MB0GA1UdDgQWBBTX\ntHy2wNbJrCHCBKff4P3+OxHMBDAfBgNVHSMEGDAWgBS+RcJOz9F8Vt8P3PxcRe+q\nejSwyjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgbZltTk8rBR11xQ3/dJDc\nqoSldBG8EzMn89zrHxBfB2cCIQCKvlocWj54wMqKh/RovPg8T2bfj/27JmySm48Q\ny4/hSw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1125,10 +1125,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a malformed dNSName\n(uses a wildcard pattern, which is not permitted under RFC 5280).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUOVsikMDCbt5BsHTZb7p9EGwQpxUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARqTn8m5Qp0rU42DWd/Z+jxuffq91qqRJoTwvix\n8jPcK9B2ff6L3aFYsil6wkXhbX829wzhGDxOeDcSe+wGYXwVo3gwdjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUn0oA5JfvEHLPu/EULf9Ur0J4XiAwHwYDVR0eAQH/BBUwE6ARMA+C\nDSouZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgH30DeiJdz1XgifxnN94I\nzwE3JDNfR4/GqKOPPMr9CLwCIQDaNSgI7j5A25A3naY/BMjKYJpuN9sS7KsQJDnM\nSUyXAw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUaF9GGbQzNJqvGZDE913ZGQGyuvEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATwfFcyi0CXo2nhfv9u+EzFJO/BvjtqRPF9SIXW\n3qr+vJsXU4AhWmF3mFyJRWenCzlQJn4RwOzeOyF8HdZ6q9lKo3gwdjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUHloZL4TOFZMk4DTqFAwj5be9bXwwHwYDVR0eAQH/BBUwE6ARMA+C\nDSouZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAIZ/RjC/7c9XrARbjHHe\nn3cl3JX3zQuF7yAOBu3HP1bQAiEAg1/ZE93VoUTfvKBSY64Dep1jDPEN41Osy2nl\nOktFJtM=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVqgAwIBAgITTKOsC1L9S5aMYW4hr8Osrd3JIzAKBggqhkjOPQQDAjAa\nMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwIBcNNzAwMTAxMDAwMDAxWhgPMjk2\nOTA1MDMwMDAwMDFaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAEkaJd3v/8AFs0kUEZwuQW1BJkML/4/2cCQ3Cjh13bUO1D\nFH0qDKwHyv9rar1RATGdlSObEJ0AQshUleCByfmQ16OBgDB+MB0GA1UdDgQWBBRO\n2tcPIq7grV3xe7uRvESc5zxflDAfBgNVHSMEGDAWgBSfSgDkl+8Qcs+78RQt/1Sv\nQnheIDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGgYDVR0RBBMw\nEYIPZm9vLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIFM3tdURnpIKplNs\na9kqDquTiA5JZ484saqsu/8uHqM+AiEAjwEm6sc9+NqeOMNLjBtkcxCO4kDzIUex\neheihKF6TX0=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVugAwIBAgIUW1Kxv1bTHpA9sZsq5eIZlqS3C8AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHd1f65AqCxz/eoQx4TFC0M/XkXFxhnXAQ8a8lXjQyDL\nzWBm4nqiJCn4CH+nsM7BH61ttJ3HBEnkSk+xjFsr87ajgYAwfjAdBgNVHQ4EFgQU\nGA9djmDSfnUTn+l7mGDxt22xxtkwHwYDVR0jBBgwFoAUHloZL4TOFZMk4DTqFAwj\n5be9bXwwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2Zvby5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA6k57h4Lmesjr\nGP5qyEF4rzzGBLWp7XmhCMci+CVSR6sCIQDs/TAUWh2kaHw9Icg53lfgO8n0pCPb\nipZA+0SV/GPmcQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1148,10 +1148,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a malformed IPv4\niPAddress (not in CIDR form).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU2gAwIBAgIUQOJva3y2b41nwJ++X6f/BrhDWmkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATEZqyqASXt15UOlS/XI/bXW6UTzXYuD93NSkYu\ne1bbtaFEBGm571FABzIdD12ozloH4CKb2ZG1p9tVGukurwCQo28wbTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUW7DUjbpN3mUaf95nRCqiWGLuvlAwFgYDVR0eAQH/BAwwCqAIMAaH\nBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgPuIAOpnax/wYJFS3/aDYaVJ6SMn0jF6A\nx7Ke8vm7ZlACIQDBdqLe8t4nltXmzUytJLEu/QbyRAoaqkGypkU4JvdGcw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU2gAwIBAgIULiilcJWhuKxPizTDNGLIvsoGT/0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASe+qVNR+NkLD6klBwiL4YPO1vkW0fKgMZcObUa\n+OmGthhA+BAlsK408SogULlTvcWlSPLpoTSGESxAlc3zy280o28wbTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQULhW+XFHs469OAZmOWjVO8lXYzY8wFgYDVR0eAQH/BAwwCqAIMAaH\nBH8AAAEwCgYIKoZIzj0EAwIDSQAwRgIhAJsDqY+txtLjnSw9zebIHAgDYwNLdBjM\nezJAlCL3wHKSAiEAgsBnhkh0ofXzby/2Fa3CfRsIxWIvF1Xsqaud1cdvZD8=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU+gAwIBAgIUDX+pd7WtYyEYnaeXm/wDbmSAqF4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABKOBi6itOiIoZJim8lLR3MU6p5bM4J5ooYJJf7Of3zna\ntPQ1oTMHVNh54NzOMMSr9txt0pCqwm3xUGjDWMLMKF+jdTBzMB0GA1UdDgQWBBR6\n3tG0CdB4qSNrp6ZPXKS/tUEEjDAfBgNVHSMEGDAWgBRbsNSNuk3eZRp/3mdEKqJY\nYu6+UDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEfwAAATAKBggqhkjOPQQDAgNIADBFAiAcoAFYy7eW0TaT7p6k2BhhuJ66oFgm\nzeCWVS13IkmlLAIhAMxYfSIjC6J9R9lAa3m5t/RXoteAARifoQbR5IhgWEjf\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqjCCAU+gAwIBAgIUefGW24qkj2A+OyPM5L6S88tIMGAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGTocHBfGOvZvI0/urMoIxvOHyfDhokKYov2TFhZjwiV\nHHjDhy3V8oH4k6sIgyqYvlJzWTyOF5QUUcwKDJtyI9ajdTBzMB0GA1UdDgQWBBRA\nGyl7JCKrscySI2bWbKCgyPJBoDAfBgNVHSMEGDAWgBQuFb5cUezjr04BmY5aNU7y\nVdjNjzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAnXoehGXu0wYz9o8N0GGh06hzEi2Y\n1jJK4ml78vRr/U0CIQCwMSJQR8VGrH/MldhY5XzimGzMz94VQI7U9xk5A4RULg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1171,10 +1171,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a malformed IPv6\niPAddress (not in CIDR form).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUDwrCwoWEVOJCwgW/99r3a7k+zbwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASyRJ/1tLzZ4VScQmGcp/ZVYdhcGto3qUIbjASb\naNa/asIlG2fJBqAMSsJ8RQOQvQooGMM7Tko/yZhph3GG+F0no3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUsE8iZKQCLGzgRXvsgpLemGS8rswwIgYDVR0eAQH/BBgwFqAUMBKH\nEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSAAwRQIgZSMT3rovaSyAJL4Y\nn4RqWUYmTZDIzplCyUpt+ej5f/QCIQDkEEH9vY0CRIhvh761kxDFAKbnYcZ9MzG3\nXmt35mDzuQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUOZcqehx3b9gtc/x7nC9Oo1cbqZswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASiZAlMwsCUkF162K6IhVVd1KnBBs2HCsv+hz2U\nGtDoB9D5AHpRZdy/aoum9ht0uETkH8AUw1k5lHfvwRsMVrgXo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUlYh+rfZHBmabr9dyHpE9qTM9Ru0wIgYDVR0eAQH/BBgwFqAUMBKH\nEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSQAwRgIhAKAzWOLy+rfWuvDd\ntKBiDNJKLAD5c7sb2UpSAHc1H066AiEA+GrbygsneIZrms0P5yKJq3MWnQDZ+0Jf\nx1MUk1QeuWc=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVygAwIBAgIUOd9o1S4CBsHHGzLqaH0zlYzyaQ8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABG8C6MtCYuhWFl6dZQRtdHCTrXZTpwv7+gSSX2f84dAc\nF1GplUgRu9U1pBNmJHOpPv/rmoehht2pO60CR1q570ajgYEwfzAdBgNVHQ4EFgQU\nwBdzYKGyyEIWUdzosxiq9EcLHgkwHwYDVR0jBBgwFoAUsE8iZKQCLGzgRXvsgpLe\nmGS8rswwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSAAwRQIgNv96EFDN8Ni8\nqtPVTz3Hak827yvucwMcwhzPHUQkmWoCIQD5MHepkbZa61sVOyCVjhnSj6rtU/zx\njIujX/XZzWYbkg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVygAwIBAgIUC/8JV7a7E4dJweqs/hZrITDGYTkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABA0Lfj9Ct/b09mjh4V0WKYkk1jjqHIoAiKMSUmyLWiUU\ndPsYhJSls64VG2lrD2sdvhIGi/YqAUgA3azABeyxuKajgYEwfzAdBgNVHQ4EFgQU\nrdjbVAt3Hpqv85UlrsSvu0nK3rMwHwYDVR0jBBgwFoAUlYh+rfZHBmabr9dyHpE9\nqTM9Ru0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSAAwRQIhAJ0WI9/sQieW\nUYLmmi1DdVdDQjXE55Ww1GGT4p+XTLdfAiAPvDpXr2Uz1+FH+H6bCc13jrpWJ3hb\nR4c9zy2kUkyOiw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1194,10 +1194,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE contains a non-critical NameConstraints extension, which is not\npermitted under the RFC 5280 profile:\n\n> The name constraints extension, which MUST be used only in a CA certificate", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUU4xd4te6N5qJjX/3aRl3sOfwNScwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQnPwwhHfq5dbFKKOwg7sp5RrkBLA4t9utWkC2N\nm4uwjhy7m+kqFgfe7Tic9UiRXdnk+4qeVbQ39y7w0wV3Nwmwo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUU05r9rabHMP9NSsGmci4cc1jy70wCgYIKoZIzj0EAwIDSAAwRQIg\nCrSWHCa8BQnYd0/y/MRPSrS17sFGJascwD5LXdA3lugCIQCZlFIjXcEJXViXH4US\n8AdiUf8t596SXdZBXR1bjmmIVg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUXINn7dvOco2HtFm9y65H+Nfif1AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT7pCrZXRkXLb2aX2uAOjbXz2h4rDj+Oq/HiUC3\nQ24bn3TjrDKJVMMeK24Yy8aKgXFQpd5TQxj871sfewTmghKTo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUBVAzUawDbCHggTeaExLMfDXdQFQwCgYIKoZIzj0EAwIDSQAwRgIh\nAObVVeFGvCrgiB6Pf73F4kxh4rNtpSghlDUdoYlrd2X3AiEA0gCJ30WCHmctXjV/\nj8DfMPK1hswNBfFjBqt+4RLEpMA=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBzzCCAXSgAwIBAgIUOLhCjpMso+JEN6LVme3bEzBHzd8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABIr3zplD7dhgjfYrISYV1v22rgLwwJn5sB3YOCf2XoKc\ntWiwkDDt/2hBypTf8S72pQjPTvmIy6gH6rodqE09huCjgZkwgZYwHQYDVR0OBBYE\nFHTfRN1Pc6MdMm1P2AI9Nz93kzLlMB8GA1UdIwQYMBaAFFNOa/a2mxzD/TUrBpnI\nuHHNY8u9MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAaBgNVHR4EEzARoA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSQAwRgIhAPLxxmoxlgGMgMFp21oogVqwxeiuSWR+YXQfkZEQeg0q\nAiEA93AfZZ19jyg7t++dcMhbAyFZ9BcnUp2FYUTF9BOOwHs=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBzTCCAXSgAwIBAgIUPUFE9LYWId2lpRcOowjisBMltTEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBhgiaUiRsebPe+3mStUtoZTph7nZEiK+BvhZR87BrsB\nYOjYh35VvQcUTH8soO5q8l56At9aKysvuwnVn3vbB9OjgZkwgZYwHQYDVR0OBBYE\nFFMM450viT+LhMZocwl21Mcnw1kzMB8GA1UdIwQYMBaAFAVQM1GsA2wh4IE3mhMS\nzHw13UBUMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAaBgNVHR4EEzARoA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDRwAwRAIgBTVGPKm0wvUlWH0VmE0ogrp+wuyU14shFrg0AbTnDeYC\nIC7z8KfvE5X3UXYwS3AGpfp9PPQkbdTo0FEZCINja6Ux\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1217,10 +1217,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE contains a critical NameConstraints extension, which is not\npermitted under the RFC 5280 profile:\n\n> The name constraints extension, which MUST be used only in a CA certificate", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUG80bj9gEwjmMRuM3kQVFc2Dvn58wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATZmsniTmaiIZGBgWwJe6oy0QaEXi6Hlp0iVgs0\nsuyPbfsClHnDEYiBd7FdKwipBZv6t5wZFy8BoGl1CsxDBuUZo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU8DPxa86ewF/mZMwZmNN+iYwYRK4wCgYIKoZIzj0EAwIDRwAwRAIg\nBxpLJfQv9XGFiE29M7R85FuUGiGAKbFykAEIfQcJr/kCIGYH7GvW0OEJhGMxsbxV\nMbEF/YVGuVk0bBxUe1TkvZ+Y\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUUSXZCvJRO6nO9OBw4uLQq4ZcxyQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARkkSyHrRulXuiOnyNx/hkV7hSU+VzAg7iYYvRG\nsx5QoEYrvvnbU7zN4LMWpZMALYQz9AbiGCzZ9/VfAEtB9NY+o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU/49UjEU/oIhWQuDINfZ9mMJhHP8wCgYIKoZIzj0EAwIDSAAwRQIh\nAPR9MaI8/yTinxViGDg9nSMBpfRAz3/TXc1gz99c99ayAiBuDB+cnOprHoPuLfP4\nYoUy5osDbJeJ/Qb7C3dTW7OBiQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB0TCCAXegAwIBAgIUEkHL29KfACnydjcLLAwH4AN3HrQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOb/a0aMZIL77c4UvCuzG5Ql9J9OPrC4fG/GVuFGdocu\nHoTs9oFqztzV6vDXdeUky7YKuNoGxZSokftEH1dkjMCjgZwwgZkwHQYDVR0OBBYE\nFPEp4sURjQl+eqQ4yIj41AbVr4jrMB8GA1UdIwQYMBaAFPAz8WvOnsBf5mTMGZjT\nfomMGESuMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAdBgNVHR4BAf8EEzARoA8wDYILZXhhbXBsZS5jb20w\nCgYIKoZIzj0EAwIDSAAwRQIgJiLHF+DWra+IUQeD8bBqU3DgSzz4ByWsaiJHbKZr\nRNcCIQDmxFTGr3fjajvXXUKwGI5nPYOmh8nwAEAwkw84ucSCOw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB0TCCAXegAwIBAgIULG+mmsGcOQgg4VNLHsX/ssiQfQgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMuDQ8KKE1u/ztljgqLYO7rrYvBdFoHz8FLN1gQeti8U\nazATV2qYPXkVDt01um4cShpTo7dqYyvK9nZF8oO2qYijgZwwgZkwHQYDVR0OBBYE\nFLtwMXCP1/nzbG5K08O3S7eU6YluMB8GA1UdIwQYMBaAFP+PVIxFP6CIVkLgyDX2\nfZjCYRz/MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAdBgNVHR4BAf8EEzARoA8wDYILZXhhbXBsZS5jb20w\nCgYIKoZIzj0EAwIDSAAwRQIhAM9E5RrO4l8xNFSOXGtdZYwE1kXkq62cTR20baQG\nuMrMAiAQPTMCM4Z1cIZpcuc7hDa8ipMGExq6IKkeZYBH7UIDgw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1240,13 +1240,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA1 -> ICA2 -> EE\n | | |\n | | |\n NC SAN1 SAN2\n```\n\nICA1 contains a NameConstraints extension that forbids\nSAN1 (forbidden.example.com) and permits SAN2 (permitted.example.com),\nwhich should be rejected under RFC 5280:\n\n> The name constraints extension, which MUST be used only in a CA\n> certificate, indicates a name space within which all subject names in\n> subsequent certificates in a certification path MUST be located.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUCfYHtW9NiZIeo3oK9QcqG5Y/ypEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR3QCBF2cyS1KEtu6ZbfGPa35NPZGTY0XtORBX2\nrR2WafEfBn5JzHxCrp0yGTnoOkvDYLHcFFfp86QyIRw2ThLPo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUvGN384x5vOjpfiQoIpvO5Im0v1owCgYIKoZIzj0EAwIDRwAwRAIg\nBil75CacxgbshL6paU74QHU0CGwA1vmuUccfEz6jPhwCIGPbyW4GSL67SUcC+alG\nBTL4teXyM4t6xpFwzVwSXRO8\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUZljgqiNl4aiP2JAmylN0t1NvFcAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARe/8LhKlE1ofP1cP1rby0xMxprQskISwpXaoWW\n+H+OO6GBM0Msd2ZQ1ZX+W3Bz3UcPWGX7sAdsKgiHsgKaJ3gso1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUS+24IL4iOV20tGhzU09Pf5x0gnQwCgYIKoZIzj0EAwIDRwAwRAIg\nOUsctAUpDmW7DPjAc2rK9jHd8/fta2OCNAyF7AqQDFcCIC+bWqbJuF1JNB25D471\nGiZyWzv7rWSCe5EXbubCWL8w\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICRTCCAeugAwIBAgIUEOvbS/YwG3CC/hnujFxSZ+PTNX0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBpMTgwNgYDVQQLDC81Njg2NzU3MTc4MTMwOTkyODY3OTY0\nNjk0NzM0ODU4NjYwMDY3MTM3NzA4MzAyNTEtMCsGA1UEAwwkeDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\nQgAENHnnKMUZ3y48Y7wMvvw9hsq39/nzD1teMIHs3hm4MvqWJGO0SF8cw2oukkAi\nlS3rLimNWXJSSl6GzG3mzls3u6OBvTCBujAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud\nDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBS8Y3fz\njHm86Ol+JCgim87kibS/WjAdBgNVHQ4EFgQU/hiRFJAkOY4t95OpfBhQJfm30vcw\nQgYDVR0eAQH/BDgwNqAZMBeCFXBlcm1pdHRlZC5leGFtcGxlLmNvbaEZMBeCFWZv\ncmJpZGRlbi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiAJcKewKyvAGREs\nCBA5Vf5P2n3sXZcUtVVFrXOG9VqnMgIhAMRoeKux/8/Az+ywZJah4v8rs9NrhGds\nExincHSi+poF\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICWTCCAgCgAwIBAgIUEwvBjN9RmetW7hpuJYMtgDg7s00wCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvNTY4Njc1NzE3ODEzMDk5Mjg2Nzk2NDY5NDczNDg1ODY2MDA2\nNzEzNzcwODMwMjUxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowaTE4\nMDYGA1UECwwvOTY2MDM2MzA4OTM4NzI1NzcxNDE4NDQyODM3NzM2OTgxMDg5MjE0\nMjM4MDM3NzMxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBhdGhs\nZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHb+VQSzlP2ipxtzcce+\nMca4Bjq0yFGiT4KF6O90MFL6/lvNkcRH/gchzXjGfD+KOIK+UKuOdbjzpG4n95aE\nQ0ijgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwIAYDVR0RBBkw\nF4IVZm9yYmlkZGVuLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFP4YkRSQJDmOLfeT\nqXwYUCX5t9L3MB0GA1UdDgQWBBTrt5/SB4bbv6n/+DkcyoBar0mdwTAKBggqhkjO\nPQQDAgNHADBEAiAoBHJ1/NNspxkx9EikqxnE4Id2Wya26fdHz8U0zuFCYQIgZ+hu\nV1q/LN8l/DQuEkBxdKc2e5ATPqYconUso5ILFKY=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICRjCCAeygAwIBAgIUAmGTBkAatK33ivJDE5wu6TIxyyEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA1ODQyOTkwOTUyNDg2MDUzOTU4OTUy\nMTc4MTM1NTI3NDU4NzA3NjgyOTY4OTE4NDAxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABHPU08svyZLpLSGMOHvyZkfM4OGpuJgVw/iJNjiscr1ErTry2TYPP7tqfgsp\nJPFyJy20F6ComfXcS202D6KSpHCjgb0wgbowDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUS+24\nIL4iOV20tGhzU09Pf5x0gnQwHQYDVR0OBBYEFCG+vBN730PI6qdmImB/gCntHD/H\nMEIGA1UdHgEB/wQ4MDagGTAXghVwZXJtaXR0ZWQuZXhhbXBsZS5jb22hGTAXghVm\nb3JiaWRkZW4uZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAMwMwGmAre18\nNTbD5RxPyon/yU9GrBdz3sxJVSo6UNuRAiBgjcC/7HxkOZhoV0hXOeMqbxaeusQY\n31Xu0u0rtc1ylQ==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICWjCCAgGgAwIBAgIUWenhkFiXxOlD7UY2YOUaaoQqH1UwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNTg0Mjk5MDk1MjQ4NjA1Mzk1ODk1MjE3ODEzNTUyNzQ1ODcw\nNzY4Mjk2ODkxODQwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGkx\nODA2BgNVBAsMLzEzNTkzOTYxNDU4ODQwNTc1ODQwNDUxMTUzODEzMTIyMzQyMTU1\nOTI1NDQxMzEzMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRo\nbGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARNfOVjV67ILtvmcRiu\n0o5CEGGB5DsWmpNX0osyTm4N/sjPmDqJdaD15D6VyJk5Lfdctx4h/Twz2ng2VOjL\nm8fho4GDMIGAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMCAGA1UdEQQZ\nMBeCFWZvcmJpZGRlbi5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQhvrwTe99DyOqn\nZiJgf4Ap7Rw/xzAdBgNVHQ4EFgQUfUKDvH2Bc9jjf3EbHYinG9BzGUEwCgYIKoZI\nzj0EAwIDRwAwRAIgM0LW3qz7QBa2Yo8/mGLxNvqdyf90TFLnLlWZsr1J1jcCIGik\nKanYOYdRWvX+B8JFUbbyP9/0/HVZheZ02GWzdwgr\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICCjCCAbGgAwIBAgIUAkq5ojfZtQ6vNAWB36cTyeIFTx0wCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvOTY2MDM2MzA4OTM4NzI1NzcxNDE4NDQyODM3NzM2OTgxMDg5\nMjE0MjM4MDM3NzMxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEU\nMBIGA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQL\ntuACFlgkNaepO2QDCLoDyFc1ONutoUpCxBum8Bt40tS5aFF/zHV0VTAFBOoDt4Wf\nXcKZq2KMipzsIx5uMk2Ho4GHMIGEMB0GA1UdDgQWBBQZakUFSr5eEd3bOZFxn6mn\nGyki2DAfBgNVHSMEGDAWgBTrt5/SB4bbv6n/+DkcyoBar0mdwTALBgNVHQ8EBAMC\nB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwIAYDVR0RBBkwF4IVcGVybWl0dGVkLmV4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIFV5/pasIwwtk2IfMgkmlA9dUKyI\n3w9/ZCPjjaZ1C6fLAiB6V/5zJgDStt1NXZefwrM9DmL4zVeAGln6qkh+pBqgiQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICDDCCAbGgAwIBAgIUHVDfeJZAZpjovlWZB7TR54TW4gEwCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvMTM1OTM5NjE0NTg4NDA1NzU4NDA0NTExNTM4MTMxMjIzNDIx\nNTU5MjU0NDEzMTMxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEU\nMBIGA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQn\n2ub/Ka+NehTjvV+P41I9WLXgQmcOVx7yoK3eZTSYHq7jRRhZWMpnwBTaXCBirgJS\nc+Yi7SxQ3qeHT55nHhOYo4GHMIGEMB0GA1UdDgQWBBQ9HSqFPdMiHdt6wR7xbp13\n3UNwkDAfBgNVHSMEGDAWgBR9QoO8fYFz2ON/cRsdiKcb0HMZQTALBgNVHQ8EBAMC\nB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwIAYDVR0RBBkwF4IVcGVybWl0dGVkLmV4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDLl3GAXi0L5/ptJ96VFOp9ujCV\nbRlJzy+9U88zLlQdkwIhAPJzvJHxNLP+KKd40pwR1ffYA57jzBhUOKHH8hRzHWoL\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1266,13 +1266,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA1 -> ICA2 -> EE\n | | |\n | | |\n NC SAN1 SAN2\n```\n\nThe root contains a NameConstraints extension that forbids\nSAN1 (forbidden.example.com) and permits SAN2 (permitted.example.com),\nwhich should be rejected under RFC 5280:\n\n> The name constraints extension, which MUST be used only in a CA\n> certificate, indicates a name space within which all subject names in\n> subsequent certificates in a certification path MUST be located.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIB1DCCAXugAwIBAgIUcnO+P2qWdGhfVfvNdm/VPFQpH6gwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASKr5CxYdIX/LoJlefdfHDlpBDnt8LogGKTwl3r\nvOA5rGP+Bw3Aecu/PGQbDsDLKirmKyv+BT0Ce67qcnxP5kUYo4GcMIGZMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBRH2cSUY5oyl/94GXpFJkEYqQ2YEDBCBgNVHR4BAf8EODA2oBkw\nF4IVcGVybWl0dGVkLmV4YW1wbGUuY29toRkwF4IVZm9yYmlkZGVuLmV4YW1wbGUu\nY29tMAoGCCqGSM49BAMCA0cAMEQCIAux1ajuwE8DfbyLt9+LoQgJCUz9pqxkMuuh\n2V71IV3LAiBh7NMAK4xehpJ44E0g12fg/ALPWOjPvc4veMfYunkUEQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB1TCCAXugAwIBAgIUKi2bdgP6xj8ak8v9Kp0iN/+1LdowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASCVCdyHOGRRYTa3gad7A885JAz6JsBNE816Tmi\nekYVIWhqDnO9Q8QJ9bFUYXH3LQrq7aDtKsE8AfJJKVeOiOHPo4GcMIGZMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBSt4tpo1IGLR6+bJZqGN2J3+n1qXTBCBgNVHR4BAf8EODA2oBkw\nF4IVcGVybWl0dGVkLmV4YW1wbGUuY29toRkwF4IVZm9yYmlkZGVuLmV4YW1wbGUu\nY29tMAoGCCqGSM49BAMCA0gAMEUCIDlPz08pqe5AXv4VK1Ig3/T6cZgl+iEh131U\nUGNq1KFnAiEA38Iw8I2nDDjjDBRYhkaVMhD1vTfP7xQ918Qhwa/1p9s=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUZycYgfL/KDqx16JzHFLs/2lX42UwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA2NTM0MDYxMDY0ODU1NDQyNTEwMDA1\nNzAzMjE4ODQ5NzI1MzgyOTM4MzAzNjEwMDAxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABFzszmCnN3ip3+7/uCzEIyJZVNqTQoJv1MfaRmm5KfqZMHI94pTP/b75wTfl\nzPVCqn2qOqjPjYoT9ZBVjjzsV4GjeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFEfZxJRj\nmjKX/3gZekUmQRipDZgQMB0GA1UdDgQWBBSiYichv87ytYfnTDWESvJ4NqE+dDAK\nBggqhkjOPQQDAgNIADBFAiEA+lZLKsz6saf6E7U+rTwXg/d+jiy12Aa/1wRkuzs0\nRa8CIHjOWaWTNfocEVE6V2685jTPBnnxJhqqFG/NMjEx32dN\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICXTCCAgKgAwIBAgIUIq8gxBd7Sw7jCUEw7xCrYLsnkrwwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjUzNDA2MTA2NDg1NTQ0MjUxMDAwNTcwMzIxODg0OTcyNTM4\nMjkzODMwMzYxMDAwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGox\nOTA3BgNVBAsMMDU4ODg5NzkxMzM3MTg4Mzg4Njk3MTA0ODE0NTI5MzI2NDc5NTE5\nNjY2MTk0OTI4NTEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbTbC0cH1qwP0+tbN\nY+3D2AxdTOSbxr95cAk87rpE5LC5wCLp5zvtOjbvNANcmIRtYciGAY4TQjSPTzbd\n9OEUBKOBgzCBgDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDAgBgNVHREE\nGTAXghVmb3JiaWRkZW4uZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUomInIb/O8rWH\n50w1hEryeDahPnQwHQYDVR0OBBYEFJt0QJ60H3a9F4CE1WZbmvc9MQPAMAoGCCqG\nSM49BAMCA0kAMEYCIQC0J/mGt9QYBTK7FgMhYlZYgzoi+GUQNSzGyzG/3se1TwIh\nANxFOvX+ZBYets1/Y7ehII6esLVw91fndq2nnO9FyHKn\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUHhXOEv/XhlDEZUKeziKrtyNcUicwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyNDA3OTQ2ODg0NzE0NjM2MzY2ODY4\nMTk1NjcxODg5ODM0Mjc1MTAzODU4NDc3NzAxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABOI/s1jmbUdDH7zFJuSu5ItVkd+Z+oi49BzXKktbYB/tHIAcYxE0WWoeZjhE\ngIFqQ8tk+4pHeQMEIBRg9W2t4WyjeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFK3i2mjU\ngYtHr5slmoY3Ynf6fWpdMB0GA1UdDgQWBBQRF+OTrgGxZYktl0Yp0kdkNCCp1jAK\nBggqhkjOPQQDAgNIADBFAiEA+p2IGYpyxkGed8FpVYAt77xtP7j95wRXbxfVJh6t\ntdACIGzf0HDEGpcT6KbJACDTJ7jh5qbr8zJKFkQz74ddIBup\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICXTCCAgKgAwIBAgIUEL5MvYJf4jpnlBuZdDW9LRE8Wz0wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjQwNzk0Njg4NDcxNDYzNjM2Njg2ODE5NTY3MTg4OTgzNDI3\nNTEwMzg1ODQ3NzcwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGox\nOTA3BgNVBAsMMDE3MTc1NTk5MDM2OTk0MTA4Mjk5MjMyODAxNzMxNTY4NTkyODMz\nODcxODQ3ODg4NzEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAER8nDuLc69e7K+r3H\ng5WOKbfFq1dF9MSd8ceS6w4OcIH3QISlhccLVClpRAUg684V47VDr+t07Ax1yE7a\n6H3OzqOBgzCBgDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDAgBgNVHREE\nGTAXghVmb3JiaWRkZW4uZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUERfjk64BsWWJ\nLZdGKdJHZDQgqdYwHQYDVR0OBBYEFMUHP7sJs4emnHfj73v7fjBMdtyNMAoGCCqG\nSM49BAMCA0kAMEYCIQDVsQ38QObun4XpOFbeGSx7bQ88LUmk3keYty+l6TH1BwIh\nAP4WJo4/34MJBexUuxHfg7FI9MN9/D5P5fxNKcue4m3D\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICDTCCAbKgAwIBAgIUOBFTP1qbjTgKhH/eUN3wgYCKHl0wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNTg4ODk3OTEzMzcxODgzODg2OTcxMDQ4MTQ1MjkzMjY0Nzk1\nMTk2NjYxOTQ5Mjg1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nKd6D8ZiudCB0oEAVkS/P9pa32TjjjnEZqgorvET2t2ELZW8jn2Gym98FYGkA4poF\nOkPUW2icB6uHAfmH4cGPjKOBhzCBhDAdBgNVHQ4EFgQUtc5o4DCxTO9PeDWQJjcB\nRzQU0fowHwYDVR0jBBgwFoAUm3RAnrQfdr0XgITVZlua9z0xA8AwCwYDVR0PBAQD\nAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCAGA1UdEQQZMBeCFXBlcm1pdHRlZC5l\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA9M40BOmE0r9hxZwnfOSj07OC\nXlwZcH65S5yc144+BgQCIQDj3yJdD/f8s8rr0vPzy+G+h/M0gQtP67NtOrM73iyL\nvQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICCzCCAbKgAwIBAgIUQr3+1WAxV6hqAoZFNQ5QF9PcV6kwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTcxNzU1OTkwMzY5OTQxMDgyOTkyMzI4MDE3MzE1Njg1OTI4\nMzM4NzE4NDc4ODg3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n2JVz2bCHFtie6YhX8PkoaBCUWOZQB7KkxzSeCJhZJS+Mx7uHileznoNdkHR+vvhb\ntFoDT+aoX7Imds+LSh7mv6OBhzCBhDAdBgNVHQ4EFgQUruJ6/XVstknWjstZRfnB\nUq2at4YwHwYDVR0jBBgwFoAUxQc/uwmzh6acd+Pve/t+MEx23I0wCwYDVR0PBAQD\nAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCAGA1UdEQQZMBeCFXBlcm1pdHRlZC5l\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBWpxzMSEEYG5jYhRAFQsw6H3TP\ntVXyplEFSNF0kZQ9KgIgBkaQBElMFEvn3UVWpqBAy10aMG2M+XwTzJnz1q2CcII=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1292,13 +1292,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA1 -> ICA2 -> EE\n | | |\n permits: permits: SAN: foo.example.com\n foo.example.com bar.example.com\n bar.example.com\n```\n\nICA1 contains a NameConstraints extension permitting `foo.example.com`\nand `bar.example.com`, while ICA2 contains a NameConstraints extension\npermitting only `bar.example.com`. The EE then contains a SAN for\n`foo.example.com`, which should be rejected under RFC 5280:\n\n> a name space within which all subject names in\n> subsequent certificates in a certification path MUST be located.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUKuMStBpwcjj4Ih/uvtC5mugtvmgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQP5BWUqyCUCzc8asAjH/OVW088F7TXcjl1HN8S\n4titDqsih3HYDzUkaiA3+K+drBqm/xf2XXR2hre+HsFHhkJdo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUay+PN2my62VE+rUqHlrQt+Ld87swCgYIKoZIzj0EAwIDSAAwRQIh\nANqblD73YI7jMPFIZGyb9ekwGIp+9AvIMXKORCTeXlXIAiA2cdg0RF8R069I9iwc\n7wED8AQq7XpMwpaJQcQ2KFmRJQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUA6kAgOwi9hKKsiEHLLBI2JPFhj8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATQCT7fEp3o8oMs16orul7lEDY2NFk02bhXgwhX\ncAdvewQEqaE/jQ2Pi1emNfEQSRlLk+W5prQIPLvPkszmlNj3o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUCygiMPkCi/9vACnRpTotd0MvpAMwCgYIKoZIzj0EAwIDSAAwRQIh\nAL8SdA1H/IRuau1L1OgXh8BgHwE5cAhw5dOWjCEu80WVAiAYuKI71Ga+REg1cf5Q\nv+VfGadw35gCcPvqPAbNkepIig==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICODCCAd6gAwIBAgIUJKlHUmfhkaWVNSFE/IMneM5/GgswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyNDQ4NDE1MTA4NDE3ODQzMTA3NzEx\nMTI4ODA3NDMxNDg2MDUzMzY1MTkwMzI0MjQxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABEunJ0RzzHz6y2HAMnEZ8qF/cpvKp0uOodsTnHrhwVwHbfGcDYR37MxMuBP6\nhaxvWp3OAqGWaJkTKUsoC3gPg1yjga8wgawwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUay+P\nN2my62VE+rUqHlrQt+Ld87swHQYDVR0OBBYEFKCYVXBgcPwmisIJRXTp6EfWmJPN\nMDQGA1UdHgEB/wQqMCigJjARgg9mb28uZXhhbXBsZS5jb20wEYIPYmFyLmV4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIBCbLnWIS+5ASM4HTgE4qV7I5aAJDUMH\nN8NPfLGeK/kOAiEAyxXju6pHMisluUxXdRN+Gevn2kXcBDp78EusFyTvRUY=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICdTCCAhugAwIBAgIUPrgmBTDQQTVvSth/0lkdNfy9ajowCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjQ0ODQxNTEwODQxNzg0MzEwNzcxMTEyODgwNzQzMTQ4NjA1\nMzM2NTE5MDMyNDI0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGox\nOTA3BgNVBAsMMDIwOTI5ODcwNjcwMTc0Njg0NTEwNTAxMjE0MjM5NjIxMzk3ODc0\nMjg4MzU1NTg1MTEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0LCdxSbTIcZxX0Sw\nbXQXsepRUY2JWmuRa7SaacWhGk57M6a4KJBAsuxrdrxBQghcv/RA6u0QUV2WMV+D\n7i7HlaOBnDCBmTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBSgmFVwYHD8JorCCUV06ehH1piT\nzTAdBgNVHQ4EFgQUyvQd+zopLjy6ag2PRSi/VOQ2ti8wIQYDVR0eAQH/BBcwFaAT\nMBGCD2Jhci5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiAxk4naId6L9+wn\nZ9kc6fsZ6+45THLe+Edi3AaFwdlvoAIhAPCZJGhZyePUjMuCOJDLdl+G1A072jXE\n4xO0hAmBcYQ8\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICNjCCAd2gAwIBAgIUavjrhPE95mnUa4tKcq/TNhAJKI8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBpMTgwNgYDVQQLDC8yMDg5NTg0MjEyMTA0NTQ5NTgwMzk2\nNjMyMTE2NzQ1MDQ1NzMyNjM3MjYxOTgzOTEtMCsGA1UEAwwkeDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\nQgAE59987ZCFM3L2iO19H32OWg/7JXV49vptaRC9T92+zB/JOdujv1wqkkEBiCfQ\nJEvt37pJ2FOr8qWEwoC9R/SwfKOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud\nDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQLKCIw\n+QKL/28AKdGlOi13Qy+kAzAdBgNVHQ4EFgQUe070GW0ga6jsSnsS2QZZBisr7xUw\nNAYDVR0eAQH/BCowKKAmMBGCD2Zvby5leGFtcGxlLmNvbTARgg9iYXIuZXhhbXBs\nZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgMnIb809bCHpY/uZhBAw32HJW96Rg3w5d\nI3m90cNKbCUCIEeGXBLw+3vlVxK6H7U30AGzSVCJHuXAcCuoMYpouoqY\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICdDCCAhqgAwIBAgIUe7X1G7u0Mi8Nqci6ifI99PGK4OEwCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvMjA4OTU4NDIxMjEwNDU0OTU4MDM5NjYzMjExNjc0NTA0NTcz\nMjYzNzI2MTk4MzkxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowajE5\nMDcGA1UECwwwNjEwNzA0MTIzMTQxNjk0MzMxNzYxMDk1MzMxNjI0MjMyOTgwOTM5\nMjY2NDAyNDQ3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRo\nbGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ7o3MM74RZSq6Kbak0\n4vGdwbi+R9Tfkwb425zebaGdZYMV1rxNFPSouN7V1mg5Gm4xIgCs0JwIfQSH38+R\nhcOqo4GcMIGZMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQP\nMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFHtO9BltIGuo7Ep7EtkGWQYrK+8V\nMB0GA1UdDgQWBBS8IdhYP21jrgzQdFSEWsBDcbuWSzAhBgNVHR4BAf8EFzAVoBMw\nEYIPYmFyLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQCXabV5hTVbqsce\nnbhwYq0jLxKH1e/soXxGKG0FhJSCbQIgZDM9D5GzrvzGnqJ64+WVDT/InGWHsQE+\nrDeRs1uvgsg=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICAzCCAaqgAwIBAgITW1COdfWTI17XNw0T2Lk/Xf9uhTAKBggqhkjOPQQDAjBq\nMTkwNwYDVQQLDDAyMDkyOTg3MDY3MDE3NDY4NDUxMDUwMTIxNDIzOTYyMTM5Nzg3\nNDI4ODM1NTU4NTExLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEU\nMBIGA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARh\nDBsqX/ncyM5SAJSQXVEzTLfUsBo5C5ogukU+aKz/omMrmTvlcfq+n0so53fCjwMd\n/ZoHnGq/2HXJiBpFZYamo4GAMH4wHQYDVR0OBBYEFOsfs4r9NCOFwLmbBiqGGg4o\n7QzvMB8GA1UdIwQYMBaAFMr0Hfs6KS48umoNj0Uov1TkNrYvMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAaBgNVHREEEzARgg9mb28uZXhhbXBsZS5j\nb20wCgYIKoZIzj0EAwIDRwAwRAIgcn5JL7MeBXPTowFj10uytpMDH6Pg0NvtIehM\nIobblUECIBtdX1naivnUVsODGgcmTRwOW4jpwvHof8f7s27wTKx9\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICBTCCAaugAwIBAgIUaICdC3OZBpTzJmVbtY8YGk4fRyUwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjEwNzA0MTIzMTQxNjk0MzMxNzYxMDk1MzMxNjI0MjMyOTgw\nOTM5MjY2NDAyNDQ3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n8B0B2KyNx2GhnAQzCmktP66hJfeZOhWaqospuDuhkfTGgztiQB60jR9YZJB+26F0\nvoYLeZOlXVodJ7fxM8uPdaOBgDB+MB0GA1UdDgQWBBQg10TOTwRsHtnyC3OvB915\nbknmZjAfBgNVHSMEGDAWgBS8IdhYP21jrgzQdFSEWsBDcbuWSzALBgNVHQ8EBAMC\nB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGgYDVR0RBBMwEYIPZm9vLmV4YW1wbGUu\nY29tMAoGCCqGSM49BAMCA0gAMEUCIGCXpOsGKiE1Nu12Kjw/03gbiVATjrGvK9ev\n5/2pXsbzAiEAj5dzS6RQbFKAuyAosveeN2ToX6HyG3BJYBIDLidgYaw=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1318,13 +1318,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA1 -> ICA2 -> EE\n | | |\n permits: permits: SAN: foo.example.com\n bar.example.com foo.example.com\n bar.example.com\n```\n\nICA1 contains a NameConstraints extension permitting only `bar.example.com`,\nwhile ICA2 contains a NameConstraints extension permitting `foo.example.com`\nand `bar.example.com`. The EE then contains a SAN for `foo.example.com`,\nwhich should be rejected under RFC 5280:\n\n> a name space within which all subject names in\n> subsequent certificates in a certification path MUST be located.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUSU9D2PV5ol8SMNYpSNnAC2ZTMvwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARSERd8znWvkU9ODVYKXPZ5j4EuYDzHqbrwLFHt\nDg08Vj/BNIWz4S5bmFyzu74+D5AH0Q5v7SyLfZVRKqIy24Oto1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU0JLoEstfGGn9/RdADD7zLsLYpd0wCgYIKoZIzj0EAwIDSQAwRgIh\nAID6FcKmlmlADwmYC5XhOpNbwEnvOB34rbVO6VAhaTvQAiEAg546YpAmS2iBsDHo\nBTN7ONLmmwbuu5YE1SWYEKAdm8o=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUMdoagyhu3n6iWUdD36ZM95dA+kMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARLnuocptpW1Nhw9PHgB37hbWrwxt2D7T1EpaVE\nCQg7rxox3i2iyyxrNXegOOqZhozmXxx1ckjrfePUqR+t0OCBo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMzYgrx1jH0X2SUoK50mN0mXVvPMwCgYIKoZIzj0EAwIDSAAwRQIg\nBpy/fWRw09lCSCI3JpPr0IYXpqPI0GOa7l107BNBbJ4CIQDCsD83dHYzYQo8awwJ\ndvOa1zZsKZN2Q0EfX4IAbM/6Cg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICJjCCAcugAwIBAgIUO0iYMBf2KqD37/CFD4yuhNYWjjswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0MTg1MjM5OTU0OTEyNjUzMDc1MjYy\nODIzNjAxMDcyOTgzMzg1NTg0MDQ5MzIzNDgxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABEGo8/2GiX+XIIuDTT7QI3egCCn6mGqGUEHaGBLQDePCvuv57ita43tinE/R\nGAPPXOHP9bDImSTtQD2IYCuhdOmjgZwwgZkwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU0JLo\nEstfGGn9/RdADD7zLsLYpd0wHQYDVR0OBBYEFLHBzTpVWHpuN9iaLcWOHoden+xe\nMCEGA1UdHgEB/wQXMBWgEzARgg9iYXIuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSQAwRgIhAJXEyFQDqFj54d+dv/F8F6z40xWmN4Cb7tRboLvZQlxYAiEAtMtzWbX7\n+ES+t7+9aJCdisMSEZHhWiIx5iI4CRL7+Zs=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICiDCCAi6gAwIBAgIUf5W4TfZasBvbnEkPk8U5HiV88v4wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDE4NTIzOTk1NDkxMjY1MzA3NTI2MjgyMzYwMTA3Mjk4MzM4\nNTU4NDA0OTMyMzQ4MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGox\nOTA3BgNVBAsMMDMzODQ0OTM2NjU2NTc2NjM5MDEwMzE3NzQ0ODQyNTUyODQwMjI5\nODE1NTczMjUzOTEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/Qx5cx6G2r6xWxeN\nSYX0/eBl7E1GPiNVe5eoy+5WrURRzdub+Sskoesw9WYYKKrvwfgV59mSHVueR+Mi\n9CIqRaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBSxwc06VVh6bjfYmi3Fjh6HXp/s\nXjAdBgNVHQ4EFgQU409OlwsZXhYfU5qOe0R8Ij0sAsMwNAYDVR0eAQH/BCowKKAm\nMBGCD2Zvby5leGFtcGxlLmNvbTARgg9iYXIuZXhhbXBsZS5jb20wCgYIKoZIzj0E\nAwIDSAAwRQIhAPeZfbHzseSgNsozDU3Q4BmC1Iz3dkPEXLNvlgMXNYnaAiBDDG3c\nK/Jm3G4js35O6ivHkB2pZSnSENvorDovm9ZypA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICJTCCAcugAwIBAgIUAOryAAlySjGoirZkfVsa57nlmjowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyODQ2MDQ0MTk3NzM4MTY4OTAxNTUz\nOTA4MTg0NzE1MDE3MTE3OTAxMDgxMTM0NzUxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABLCEaNkyNhE0JILfANlPFOELPOhWqfyoso7re/Ft48KJmf4d7U41r/eTjhxj\ngNG3kHX2bX7md9m8WlMr/Sr7Gb6jgZwwgZkwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUMzYg\nrx1jH0X2SUoK50mN0mXVvPMwHQYDVR0OBBYEFKL5QF6xMeHcHLPiwDEpcy3Ewj+t\nMCEGA1UdHgEB/wQXMBWgEzARgg9iYXIuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSAAwRQIhAJYRl99pz+2tIS6mnA7UcFiqOOPB5/ZZIDoxMELMu3jpAiAjCI6TP7uK\nd8+/m8D/odEGOo49EUOQMIbCBWo2EL+nlw==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIChzCCAiygAwIBAgIUFYGM/YrGnol1NUZGdn0lDlVdfO4wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjg0NjA0NDE5NzczODE2ODkwMTU1MzkwODE4NDcxNTAxNzEx\nNzkwMTA4MTEzNDc1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGgx\nNzA1BgNVBAsMLjUyMzk0NTU1NjIyMDgxMzA0MzEzOTY4NjI0MjUzMjk5MDY4Nzkz\nNzU0NDg2MzQxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBhdGhs\nZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEuabK9UOnnYWJ9EMnf/\n9Q8KxeYONFF3sNM2sL2hieTzlntD3nxbsZnYfaI3ClYYl6AtCqoFc6ts8EOW62bd\nIpujga8wgawwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUovlAXrEx4dwcs+LAMSlzLcTCP60w\nHQYDVR0OBBYEFPEdiyMTtbJtHgMhAcQ5lUE8RhdfMDQGA1UdHgEB/wQqMCigJjAR\ngg9mb28uZXhhbXBsZS5jb20wEYIPYmFyLmV4YW1wbGUuY29tMAoGCCqGSM49BAMC\nA0kAMEYCIQD6kFnaF/0LHWc9yrl3GXkve6U3hd/4r8N9x/TifwfyAgIhAI2XKX8K\naXmxgFZl6KVAkP/q4IO3ulGWTTbdc9QHxzPi\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICBTCCAaugAwIBAgIUXMaiuCWhNlDI/H7Xtgkyz56BglwwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMzM4NDQ5MzY2NTY1NzY2MzkwMTAzMTc3NDQ4NDI1NTI4NDAy\nMjk4MTU1NzMyNTM5MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\njcpWSTQz/DIqIAM2+1a82MtB0pppejk+zama0OTBXFI1fYIDvPwxT9ee1bIvkegB\nYEroOUM1Y18ypFKU3vxl6aOBgDB+MB0GA1UdDgQWBBT/oseXjxvAUgoQAUSMAXRF\nqmWwTjAfBgNVHSMEGDAWgBTjT06XCxleFh9Tmo57RHwiPSwCwzALBgNVHQ8EBAMC\nB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGgYDVR0RBBMwEYIPZm9vLmV4YW1wbGUu\nY29tMAoGCCqGSM49BAMCA0gAMEUCIAklnMTNpvtFtbaDEQGt7tYi8x8hj/boLrwf\nELHThtsPAiEAhiT7mvOZd7cwNa+BXpUPgTdmvgDgAyyk6KmhiKzc6ws=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICAjCCAamgAwIBAgIUFyU+D/4/mkztWe7+WZ7vfMSPPjIwCgYIKoZIzj0EAwIw\naDE3MDUGA1UECwwuNTIzOTQ1NTU2MjIwODEzMDQzMTM5Njg2MjQyNTMyOTkwNjg3\nOTM3NTQ0ODYzNDEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMCAXDTcwMDEwMTAwMDAwMVoYDzI5NjkwNTAzMDAwMDAxWjAWMRQw\nEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABG0Y\nRftfut1LhVBi/njzERIFvcNTs7nK1zC/oXk6L8gVF95W8ikw4L8U4N0B+d6zIacb\nJEjwmIQtIEAWwtpNxoCjgYAwfjAdBgNVHQ4EFgQUdTLIATMjUXAmO04eqTtocPuc\nYbowHwYDVR0jBBgwFoAU8R2LIxO1sm0eAyEBxDmVQTxGF18wCwYDVR0PBAQDAgeA\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQTMBGCD2Zvby5leGFtcGxlLmNv\nbTAKBggqhkjOPQQDAgNHADBEAiBkq/EUgLcXu2fiBwngwOVATWGSK0EYeoBEPNUf\nPDSxYQIgK+V4VbZ/CpfqHlaDRlWazhiAFIOig97SyZFkp2vdxL4=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1344,12 +1344,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA (NC: example.com) -> EE (SAN: .example.com)\n```\n\nThe ICA contains a NC that allows `example.com` and all subdomains,\nbut the EE's SAN contains a malformed DNS name (`.example.com`). This should\nfail per RFC 5280, since all names MUST be located within the\npermitted namespace.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIULx8j7/3PlSTlh8t6gJdaCbEWg4kwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATuqQEzbcZRMCuiDqzayagcfIZnfVRfo7mc6Fgz\np98E6V/kutUggQN3OEyX+Nx66pc6D4Wjw71nUBRhJ43Zw8eyo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUmQ8i3wPqndGRGkbLLEwhD3FjMT8wCgYIKoZIzj0EAwIDSAAwRQIh\nAJ3E8AUO/tkeeGOFPAWYskseybe50jxd9ix45rw1k0ifAiBoZRB3/XCerxHQtfQO\nopCx/W1dPdWKYRSMsf/Ir/K6Mg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUWCCx49VxhJQiM/golbzbaq6R8j4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ5+PU2SiHoTefr3cH8RFwOxqI2i0/vPsZEmndU\n5iUTQ69V29Z+nJG4tEfnWlVWkP3FMh+6BkxyShhWehFhqCG+o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUGm0DSxEvn5mnbmPMgZV4e4omR1UwCgYIKoZIzj0EAwIDSQAwRgIh\nAIMqgqVimfzWKF4Dlu2ry5NHcpeJJ5dbVKu8YAbPZUJHAiEA6OSrx1Db5bzFBXc9\nH4WTw8zSYAULQ9W9XXFUM9i3jtM=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICIjCCAcegAwIBAgIUdDJusykPBAar0kInSA2PA783/vUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyNjkwMTcwMTk5MjQ3NDA3MjYwNTQ4\nNTIyMjIwMTcwNTAwMzkxNDQ2MzI3MTQxMjExLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABJV7riSnG7zO/Q2Y+2aRhrIlQUC3Kw0xH8SnkekiPJoHiXVnVcy2d60Q2fhZ\nxPBETwAlgfSs1Iu4Ur92rv4I2nOjgZgwgZUwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUmQ8i\n3wPqndGRGkbLLEwhD3FjMT8wHQYDVR0OBBYEFJWpLQivVbj6Rbrzn57ZbRZQ4X/Q\nMB0GA1UdHgEB/wQTMBGgDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBG\nAiEAi5gL0EBuzfQNUHx87LTVVnxVmgI/X7gUhyEQQC690UoCIQDYJFOnpPNwne57\no1lVN+RUQgYcMdyvNd8iCsY6U97eMA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICITCCAcegAwIBAgIUCJ4NH2a4TzDkHGmYUjE5ZdloP0QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA1MDMxMjAzMDgwODEyNzMwNTIzNTEz\nNTYwMzA4NzU2MjA5Nzg3Nzc1NTE2NjM2NzgxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABKlhw0KdLDK3MPFU0jrFf04S2nC0lKh0AWzzc8Xjn0CPITcdrjcT45h04uwZ\nzl7jQgYvMADRRQsQC2PYjj22nA+jgZgwgZUwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUGm0D\nSxEvn5mnbmPMgZV4e4omR1UwHQYDVR0OBBYEFGE+DrsddE/vF5S97CIXcNRiruHg\nMB0GA1UdHgEB/wQTMBGgDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBF\nAiEA1ZIDahSemmBj8gBnFD9Yw2WI8s7ypendXcTuiADxVKwCIFwBwqrToPrUAxa7\nf7CEQMP930PpHy9ao0WNPqRMSlph\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICEzCCAbqgAwIBAgIUNZGTleUSuSKf3AYAYMnWDzhQCoEwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjY5MDE3MDE5OTI0NzQwNzI2MDU0ODUyMjIyMDE3MDUwMDM5\nMTQ0NjMyNzE0MTIxMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nbV7jP/50RyPzQBdMc4/i3oFqBCeaM9Rg8NSBY3CwQ1ipx1+XsoGQGG4leAFzoZR0\n0v5WqaVGQEKfS1uZUO5BfaOBjzCBjDAdBgNVHQ4EFgQUTzoYL1u5TWFE2K5BRuoY\nCelMc9wwHwYDVR0jBBgwFoAUlaktCK9VuPpFuvOfntltFlDhf9AwCwYDVR0PBAQD\nAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCgGA1UdEQQhMB+CDC5leGFtcGxlLmNv\nbYIPZm9vLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIAYJ68+ORQn/NHE/\nTbMvKaGRU8Ij0VrVCROCwB6eAEpCAiAr8LUx4QBg2V+kgEvcSYIjIsw45+hdJ2KX\nnYflG034rg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICEzCCAbqgAwIBAgIUWHP7FOUyhtAAha7P//AyB9RFaZ0wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNTAzMTIwMzA4MDgxMjczMDUyMzUxMzU2MDMwODc1NjIwOTc4\nNzc3NTUxNjYzNjc4MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nAZ898JzxG6uBAQbxlRn29wWN81C0rDFRDGYspB/VCnQ7ENHUu+JL3RkCJwsvXJxS\nBWj1yNqUGTSaTey7Q+51KKOBjzCBjDAdBgNVHQ4EFgQUftpdfvIqp9f2Lt/z+0TA\n698ypAAwHwYDVR0jBBgwFoAUYT4Oux10T+8XlL3sIhdw1GKu4eAwCwYDVR0PBAQD\nAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCgGA1UdEQQhMB+CDC5leGFtcGxlLmNv\nbYIPZm9vLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIFbvO5IP1u2puzUC\nxXGPh3MTXxdZvnMIs7yEhoMPqy0mAiASEnNeLo8orktBVrdD8Lci/zgxatfRrvhs\nEY4VPXLV3w==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1369,12 +1369,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA (NC: 192.0.2.0/24) -> EE (SAN: 192.0.2.0/24)\n```\n\nThe ICA contains a NC that permits 192.0.2.0/24, but the EE's SAN\nis malformed (containing a CIDR range instead of an IP address). This should\nfail per RFC 5280, since all names MUST be located within the\npermitted namespace.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUf8+GIOmMbhWg0ReZ2NZY9WPucvQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQhbS7hAWROcFXhELUC2yvC4ipRr0lUxHCWfaj1\nJ+6fTR5HVPFAldXLmH08h+fPYCUb81p36SVqmU8b/2AMDxQVo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUoqKmJ3SATErMAn4OxSCr2sI06UkwCgYIKoZIzj0EAwIDSQAwRgIh\nAIGKOnWNt8MEHPQVYAJ4CgqMWwMBJY8OTW0wKFhmazUeAiEA7l/DweTOaMuGjP/g\nVgBVYho8kjfwx7Oo+GIptCYvI24=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUMci4LTQBOIUs73OdTXmqJcjyDrYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASOwHjQBhHHR+SuVnb29vM/MA99+EgDkw10yleX\nE2oe70SXCKxABvpCKRiguu1JreBxmqbSHsaOrpIBdEzWSla8o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUilp/yZqnKN1DRQWa157nJwEzi1owCgYIKoZIzj0EAwIDSAAwRQIg\ndjk2aFbWFYv6On1ygtxpcYpJbq+xvFM1jrvkOnt8U3kCIQCzNkhNk4mZK9ExN0jc\njMdi5U8On/oXl5zhlq2Ruff3rQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICHzCCAcSgAwIBAgIUc1wV+q5Jh+2NbchZjnWXFLIhJv4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA3Mjk2Njk3NjYzOTY1MTMzMzMyNjc2\nODcxMTE4NTEzMDE5NDcwNDIwMTI0OTI1MzIxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABPEQnDg43Vgpokqh+A3Mq0i8eJBx4YHxLHT1SbCLoywD0CjVrhLhlPqEGwhx\nedx6kPnYtKkvs3ESmjGLAfKAOq+jgZUwgZIwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUoqKm\nJ3SATErMAn4OxSCr2sI06UkwHQYDVR0OBBYEFEbWhmik2mY/JJifi8b+mQo1Kcaf\nMBoGA1UdHgEB/wQQMA6gDDAKhwjAAAIA////ADAKBggqhkjOPQQDAgNJADBGAiEA\n9wTiWy+r1QMB5ka4Ym3WEe57p/dM6AqrpR0JnN4x9LoCIQC9QniNI8Fe0RuKqIjQ\nlDiMFmLohnjfdChTqMbw+FfTxQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICHTCCAcSgAwIBAgIUZdWrUaJ0IJKSOxpMyjfz5ZiFYkwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyODQyMTY3NDA4NTI1MTg0MTEwODcy\nMDk0MjcxMDIyMTc3NjczNjA1NDk0OTAzNTgxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABEB4Ie5iczRg+fOh9I1j9CSbkxZuINEQS6PiCQrS5e6DY7RIwuhBYyWNdc9v\nyQWIF11fxhj1z0P2bVXtlrm6dFejgZUwgZIwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUilp/\nyZqnKN1DRQWa157nJwEzi1owHQYDVR0OBBYEFHsatWzmeCQP5qIQKCQxek5FjXQD\nMBoGA1UdHgEB/wQQMA6gDDAKhwjAAAIA////ADAKBggqhkjOPQQDAgNHADBEAiA8\nDvqljiZHeAVHTscv4y+is35wtQemNXu3AGtBRYECPwIgECBVEnTAsHQdrNTJkcZB\nsCpa5Nl2V4JJLmzdFgeD+dE=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICBDCCAamgAwIBAgIUS/nEBlQQotXfCQvXPxIBZHTYUzkwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNzI5NjY5NzY2Mzk2NTEzMzMzMjY3Njg3MTExODUxMzAxOTQ3\nMDQyMDEyNDkyNTMyMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nza8+o5qE7zdZHWYFOGyJ+j2TdPiLsKbkCPG+1Og4DXgf9Jzh9clI1B4odcqErakw\nP58CU4W/0UuS0lXSumKDvqN/MH0wHQYDVR0OBBYEFPGTC2gOiXFpyFKlY0Ogrnkm\nmqlBMB8GA1UdIwQYMBaAFEbWhmik2mY/JJifi8b+mQo1KcafMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAZBgNVHREEEjAQhwjAAAIA////AIcEwAAC\nATAKBggqhkjOPQQDAgNJADBGAiEAxsS/kv9OeumJD0c1YUtujSLV7VVFAeImvVwq\ncyX17z0CIQDViPCIm9rDLZW4CXHMX28dF6+FP0UfPqR23dH28VsKMg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICAjCCAamgAwIBAgIUAZkxONkBbTSvIPtrnIvJUqXvHyowCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjg0MjE2NzQwODUyNTE4NDExMDg3MjA5NDI3MTAyMjE3NzY3\nMzYwNTQ5NDkwMzU4MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\ntPyM3ZZD+qMrVVwa3u9Y4Y4fsEOssAkLpspPCGN3cIUT/d2WhLbfAnptHxBnQQlQ\nKegw15KJKSMIYbsq4IqaSaN/MH0wHQYDVR0OBBYEFFQh6mEL9JLRsEK0AbWmTDDX\nZw6CMB8GA1UdIwQYMBaAFHsatWzmeCQP5qIQKCQxek5FjXQDMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAZBgNVHREEEjAQhwjAAAIA////AIcEwAAC\nATAKBggqhkjOPQQDAgNHADBEAiAeEJVX0/CdDKqXrKlWzz7VvG9nPdK2Owr24kow\nfpRVtAIgSXKMF4K4nWM6FUdybKEJ7y3u8i19kRPwK3/A3o86yLs=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1388,20 +1388,20 @@ "max_chain_depth": null }, { - "id": "rfc5280::nc::nc-forbids-alternate-chain-san", + "id": "rfc5280::nc::nc-forbids-alternate-chain-ica", "conflicts_with": [], "features": [], "description": "Produces the following **valid** graph:\n\n```\nEE (SAN:X) +-> ICA_B' (SAN:Y) -> No root to chain to\n |-> ICA_B'' (no SAN) -> ICA_A (NC forbids SAN:Y) -> Root\n```\n\n`ICA_B'` and `ICA_B''` are certificates for the same logical intermediate,\nbut issued by different logical root CAs.\n\nThis graph allows validation through `EE -> ICA_B'' -> Root`.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBeDCCAR2gAwIBAgIUfeCgNhCCROUQd412zVHRcQNqm9AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATk6gQ5zPMPyHCsMP7zYzIfEIPzpNHtHppnu9mG\nM+n1jw9ihxk4eFcpPUSKnedT3ZiDnF5Mo9V839OTHVsdAD0Woz8wPTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHQ4EFgQUJr2K/bbLUaKjWYaoQ865\n/Ht+gncwCgYIKoZIzj0EAwIDSQAwRgIhAOZTYjgpFDfmFwYr7IVhc3Ggf3nVbTUN\nL/GDcH7D8GZAAiEA9SScuy2Oj1/1Ne/h5U6Gs6LIDQ8FMhC+UlFvklHlicE=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBdzCCAR2gAwIBAgIUC6UTECne+/vvV4F78EH2w0g9SowwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT+s5LhRSrdcPTVxpNvrrbSzmD/TXlzdoITlEOF\nFOf02yTO4e3mgZa48KXzhJwtQAqxCGK34IM+SSfmpNSBCIpyoz8wPTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHQ4EFgQUGYiJq/Nl+keJADcCpSLm\n/wGLCDkwCgYIKoZIzj0EAwIDSAAwRQIgeNlONqi2SjW+4FiQszsfMpr1KeD8zahy\nTyZIqPlpklACIQDC+PC1q/Mv+ExFFTwLOSFq+p1W4ePtWlvfnMo3b4Jtqg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICLzCCAdSgAwIBAgIUZru7f1TPEBZOXpD3Fhfz1vYFvrMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA3MTg2MzMxNjk2NDAzOTE3MzkzNTkz\nNTQyMDg0NzcxMjI0MDYzNTUzNzAxNTQ5NjAxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABPNirLJXT7vix+GbHOOOgPJG5LYri+51jUdbR/56aj1LgSD3+zbL+VF+VnPb\nVWyNhY2cobl5M1cGh7Yvws0SIFujgaUwgaIwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwHwYDVR0jBBgwFoAUJr2K/bbLUaKjWYaoQ865/Ht+gncwHQYDVR0O\nBBYEFP7e2tksrF691MH8Wx2wUf56D8PiMEIGA1UdHgEB/wQ4MDagGTAXghVwZXJt\naXR0ZWQuZXhhbXBsZS5jb22hGTAXghVmb3JiaWRkZW4uZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSQAwRgIhAI4wUGSFTjIZA2RIda2b6phjdqXT/fsjjzPX0kD2ApKH\nAiEAl901kTibmlbB2TfjwzH4XOdiV78BGKivnY1W9qkFRpE=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBvDCCAWKgAwIBAgIUQMWPrRLJd+rL/xmmlNQO+ZafpzUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9hbi1pbnRlcm1lZGlhdGUwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT+sCdT2wWjpBMgTTDQSX9S4xXQUiN47gUYD6WH\nlfzLQofhmPZXMGOzuD+Ko2fggFihbuTGvFQdz5ZR10OAq8IGo4GDMIGAMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMCAGA1UdEQQZMBeCFWZvcmJpZGRlbi5l\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBS2WTcvV9mo8K/y4y/Z79fSEfGpujAdBgNV\nHQ4EFgQUSvW0579hET0k3X2Af4mLCIm3xV8wCgYIKoZIzj0EAwIDSAAwRQIhAKWi\neL+Up4BEofEhfGsF7TywGBCiC2Vakfpcks48Mpt9AiBq7OjYQXnvh+rnD1fYAbl3\n1Quw886bGysmDhoEvJV5Bw==\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIB6TCCAY6gAwIBAgIUIQKWZZkhLALNePjk5+B71+ToFEQwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNzE4NjMzMTY5NjQwMzkxNzM5MzU5MzU0MjA4NDc3MTIyNDA2\nMzU1MzcwMTU0OTYwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBox\nGDAWBgNVBAMMD2FuLWludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABP6wJ1PbBaOkEyBNMNBJf1LjFdBSI3juBRgPpYeV/MtCh+GY9lcwY7O4P4qj\nZ+CAWKFu5Ma8VB3PllHXQ4CrwgajYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFP7e2tksrF691MH8Wx2wUf56D8PiMB0GA1UdDgQW\nBBRK9bTnv2ERPSTdfYB/iYsIibfFXzAKBggqhkjOPQQDAgNJADBGAiEAkzn7AOxV\n/vrcbVl4n7FZY1WttdKECp/ZX8a0XlVFQMoCIQDQcHSDHs4wALWjtfUOiNB/n1r1\nS7+3BjmJU127mZZYWw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICLTCCAdOgAwIBAgIUIJq6SFkjCfInaJKT9JqG1EELFWUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBpMTgwNgYDVQQLDC82NjQ4MDE4MjA3MDQyNjUxMDMzOTU0\nNzk3Mjk3NjIxMDE4NDI0OTQ5NDI5MzEzMjEtMCsGA1UEAwwkeDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\nQgAEp8l7zaspOLuvWcAu++UTClPaC100hHEfVFLhi45XS5k7rzqRwNR8DHFa993a\n3SGlqErvzDtQHc4pDF++xzKvXqOBpTCBojAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud\nDwQEAwICBDAfBgNVHSMEGDAWgBQZiImr82X6R4kANwKlIub/AYsIOTAdBgNVHQ4E\nFgQUuLAW37fdQvtNCGkS8tvI1aBUm+wwQgYDVR0eAQH/BDgwNqAZMBeCFXBlcm1p\ndHRlZC5leGFtcGxlLmNvbaEZMBeCFWZvcmJpZGRlbi5leGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiEAyZ+DDxC/t9DrpnxZTO6BlVcGNt7UgNsevxhx6FbGNmcC\nIEqzTO8kJak7c3F4T1PSjqp+jw7FuECtYjKK2QxUuMC7\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBuzCCAWKgAwIBAgIULAgdCU8C3iKCISifzKYxBF5iZNkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9hbi1pbnRlcm1lZGlhdGUwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASsASWTSvZBgMHLIEmmkPcNC0yVPR6pKJF39Vt5\nnF8mVfEe/6nqXZlM0jg+T82EokVg6QfhCnUX7yinG2CVDHvWo4GDMIGAMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMCAGA1UdEQQZMBeCFWZvcmJpZGRlbi5l\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBSYzSTWzN+7Cchm37qzAnWObiavxjAdBgNV\nHQ4EFgQUyJHRIQfVhgMd20mJw+lF9oZCvNgwCgYIKoZIzj0EAwIDRwAwRAIgdn9a\nwUfZSeS6iJd6PGIltR0i4TcIfagcgLUEHqavB8UCIA4mooK9V0LKz2kJ2oD2PI6R\niH3wViupzdoaDJ6GuaNE\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIB6DCCAY2gAwIBAgIUUXg/Sy0k3+fH/PdPJnG5RkZ2tSwwCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvNjY0ODAxODIwNzA0MjY1MTAzMzk1NDc5NzI5NzYyMTAxODQy\nNDk0OTQyOTMxMzIxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowGjEY\nMBYGA1UEAwwPYW4taW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\nQgAErAElk0r2QYDByyBJppD3DQtMlT0eqSiRd/VbeZxfJlXxHv+p6l2ZTNI4Pk/N\nhKJFYOkH4Qp1F+8opxtglQx71qNgMF4wDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8E\nBAMCAgQwHwYDVR0jBBgwFoAUuLAW37fdQvtNCGkS8tvI1aBUm+wwHQYDVR0OBBYE\nFMiR0SEH1YYDHdtJicPpRfaGQrzYMAoGCCqGSM49BAMCA0kAMEYCIQDOoaK+tcRv\nFkmRaiPd334K5ETF8XpVFoJAyAlMToK00QIhAOOPiFJ4kS0obDgRWNfgNbEZ1KRr\nOqrusQygd2/VQBAE\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBxTCCAWygAwIBAgIUIsLlkdyWPSmnmY3YWJ7FSG3Vi8swCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPYW4taW50ZXJtZWRpYXRlMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAgMR4wHAYDVQQDDBVwZXJtaXR0ZWQuZXhhbXBsZS5jb20w\nWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASo9MFQE4jnVh6MUBxvdISDKkKRzJnt\nVQEvgj1tpw9iqauU53clSVpLldyY5GgfHQgnAU8lRHwIIlro2mG8i0qKo4GHMIGE\nMB0GA1UdDgQWBBTKtmvoLrrmZy+99IRqwJaqD0y2gzAfBgNVHSMEGDAWgBRK9bTn\nv2ERPSTdfYB/iYsIibfFXzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwIAYDVR0RBBkwF4IVcGVybWl0dGVkLmV4YW1wbGUuY29tMAoGCCqGSM49BAMC\nA0cAMEQCIAO4oDlUdU9SEfuYVl24yEAaK3M4+DUofmPaxFzUmrD7AiAPrs+PznOf\nkgbJ7oQDA0cNeXUk6DUzIqstl+Grb0w/NA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBxjCCAWygAwIBAgIUV00iFUuL82VAbNwSGELO6N0BIiQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPYW4taW50ZXJtZWRpYXRlMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAgMR4wHAYDVQQDDBVwZXJtaXR0ZWQuZXhhbXBsZS5jb20w\nWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQBVADsZQCShCAwl3Zee/X3SwWjNUUw\nG6K+5CuXk4WEtXRJcR5yRSGjLURNpUfrW3cuxFHzAuO33AmpmicsMGDco4GHMIGE\nMB0GA1UdDgQWBBTK7GHdyPWPtDI0IzNdg2zE846FdTAfBgNVHSMEGDAWgBTIkdEh\nB9WGAx3bSYnD6UX2hkK82DALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwIAYDVR0RBBkwF4IVcGVybWl0dGVkLmV4YW1wbGUuY29tMAoGCCqGSM49BAMC\nA0gAMEUCIBqsjBV5WD/BHhu2vv+45BhsKQFB7Ff3X3NZj7o61NIjAiEA5zsAqqqO\nXexx16MCf0ptGxDPP7iG8xMSPA/B2slAv2M=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1414,6 +1414,34 @@ "expected_peer_names": [], "max_chain_depth": null }, + { + "id": "rfc5280::nc::nc-forbids-same-chain-ica", + "conflicts_with": [], + "features": [], + "description": "Produces the following **valid** graph:\n\n```\nEE (SAN:X) +-> ICA_B' (SAN:Y) -> -> ICA_A (forbid: SAN:Y) -> RCA_A\n |-> ICA_B'' (SAN:Z) -> RCA_B (no NC)\n```\n\n`ICA_B'` and `ICA_B''` are certificates for the same logical intermediate,\nbut chained to different logical root CAs. Both root CAs are trusted,\nbut `ICA_B'` is issued through `ICA_A`, which forbids `ICA_B'`'s SAN.\n\nThis graph allows validation through `EE -> ICA_B'' -> ICA_A -> -> RCA_B`", + "validation_kind": "SERVER", + "trusted_certs": [ + "-----BEGIN CERTIFICATE-----\nMIIBdjCCAR2gAwIBAgIUVn+XFA8OhX6VQKw4aRdbylSsddswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQVw2B+bMSkwOhgxEQvQDmqwLKKPVe4tEuOA41t\n4ia17Kyu0hdjDneX5VsXPl3IMSxU+8G4pCBO3CPaRSLnkE1loz8wPTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHQ4EFgQUoi+XbApL4jjMDaQtZ4Vw\nOoIxrfMwCgYIKoZIzj0EAwIDRwAwRAIgY7GW1yh61Xkt126z0B+6Sikxv5pbslq4\nBbCS+vV9C88CIBZ+O/Fjkrh9Dh2hkUTGo7zcIYpGSMdLzglSWhJa3zcb\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBdjCCAR2gAwIBAgIUObH+4q0WzCeZ+UDyMukzCBUmQuQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARddByfMu9wvo+7pISFaLzVBSeEkbQrPGW0xgue\naLv53zXMtbtSWsM4r1j1ZggVl4t6ELLSZ2b3sbUHwv2ElMyHoz8wPTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHQ4EFgQUBFGKMMl+6miQpjSLLgBN\nDD5b26cwCgYIKoZIzj0EAwIDRwAwRAIgUVZcc64Ap4uCPMfn/J2wyKQ6rzBXtg86\nWCh4z0OScncCICSr9NiYZlg5LiJBgAgb9cnfXvh3837cnAH5hMskgFMI\n-----END CERTIFICATE-----\n" + ], + "untrusted_intermediates": [ + "-----BEGIN CERTIFICATE-----\nMIICEzCCAbmgAwIBAgIUUpZaeTy5bGzgtWlKGQfy1Xm8l9kwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0OTM4MTg1NjE3MTE5MDA0NDIxMjEy\nNDg3NTgzNDA4NjAyNDk5NTQ5Mzc3NjMyOTExLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABHEe/LGBriYj6y4aEK3uJ44Ti3yWEYwkd+MXgD9KOdn41Lsht9VUjA32ZEbI\nj8vwNEOgjdwr2Faubv0dLaP95+GjgYowgYcwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwHwYDVR0jBBgwFoAUoi+XbApL4jjMDaQtZ4VwOoIxrfMwHQYDVR0O\nBBYEFPiTXwaG9Bt+GJb7fD4L+/eXr6OgMCcGA1UdHgEB/wQdMBuhGTAXghVmb3Ji\naWRkZW4uZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAPyi5SHuf97xGGkR\n7HksWJ+2CZQ2+sCco148bCbZPl/LAiBRaAXhUK7QnOVKLG3xaxlIOVA0x6NKCRT3\nJyu6seriPw==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICDDCCAbKgAwIBAgIUNNzy28FuEoiPIpT3UW7kzsZ5WCkwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDkzODE4NTYxNzExOTAwNDQyMTIxMjQ4NzU4MzQwODYwMjQ5\nOTU0OTM3NzYzMjkxMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBox\nGDAWBgNVBAMMD2FuLWludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABHmizF+HlUz6hhAOsM5PpCEsjVjIFlmiMPwIkbQ1pcZdXkxHYJn28uNgRrEP\nKcUOrOwjZMX79I0VJF4ANHYoYDijgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwIAYDVR0RBBkwF4IVZm9yYmlkZGVuLmV4YW1wbGUuY29tMB8GA1Ud\nIwQYMBaAFPiTXwaG9Bt+GJb7fD4L+/eXr6OgMB0GA1UdDgQWBBSIk7ksStoFDPmH\np0rqOHDd/DYNKjAKBggqhkjOPQQDAgNIADBFAiBiHsEDyVg+dJBC4xKbMIRV8+Ah\nLnOh1YLAOg9xVRPJKAIhAJpasiiUABQPzwb1wlUHBO4EbezSq9vM4jZl6uFPof98\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBwzCCAWqgAwIBAgIUY2QFS80jQqEkSzdMjdk4oOyGRzUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9hbi1pbnRlcm1lZGlhdGUwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR5osxfh5VM+oYQDrDOT6QhLI1YyBZZojD8CJG0\nNaXGXV5MR2CZ9vLjYEaxDynFDqzsI2TF+/SNFSReADR2KGA4o4GLMIGIMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMCgGA1UdEQQhMB+CHXVuY29uc3RyYWlu\nZWQtaWNhLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFARRijDJfupokKY0iy4ATQw+\nW9unMB0GA1UdDgQWBBSIk7ksStoFDPmHp0rqOHDd/DYNKjAKBggqhkjOPQQDAgNH\nADBEAiA1h6MMiyjwmE1v/KI6FkujVl8thsWDw60+nvTmXa9Z0QIgHDn0w8S0zaZ8\nOHe5m6x/4USxtBkFoSgsHFEFNEhRY0I=\n-----END CERTIFICATE-----\n" + ], + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBzjCCAXSgAwIBAgIUao8vsrlXwD6tbn2uhY5GJGcuNpgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPYW4taW50ZXJtZWRpYXRlMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAkMSIwIAYDVQQDDBl1bmNvbnN0cmFpbmVkLmV4YW1wbGUu\nY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjX1BjaZ2VHU1e95XrZJJNNLR\n7YENP9XnpmjfkqFokC9KUcKcNVFbDtgqG4eFac/qvd+5YWuJQKBK1jtejyVeNqOB\nizCBiDAdBgNVHQ4EFgQUVYziY8eLDjxpxxwLTWCLvnR+TxMwHwYDVR0jBBgwFoAU\niJO5LEraBQz5h6dK6jhw3fw2DSowCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMCQGA1UdEQQdMBuCGXVuY29uc3RyYWluZWQuZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSAAwRQIgUWgkOT/aaIlJE+frphkIoLYsEni72enPT+TkVRIaOU0C\nIQCV5l45KKWEcNWo0xm6WGaONQJze/6P5hvj4a1ibAJ1Lw==\n-----END CERTIFICATE-----\n", + "validation_time": null, + "signature_algorithms": [], + "key_usage": [], + "extended_key_usage": [], + "expected_result": "SUCCESS", + "expected_peer_name": { + "kind": "DNS", + "value": "unconstrained.example.com" + }, + "expected_peer_names": [], + "max_chain_depth": null + }, { "id": "rfc5280::san::malformed", "conflicts_with": [], @@ -1421,10 +1449,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert has a SubjectAlternativeName with a value in ASCII bytes, rather\nthan in the expected DER encoding.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIURNMstPOVku4SZpVBpI8U5tajIIQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQt9gm85IaNRAcOwhN+uGghbIT0W8IDdeMxQXIs\nJR8omSelZO8iig2RTaDYKFToK+A4fQKqW5iGWNlhrhgMRYhyo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUgeLH4i0xjIGKQshw0EPeZvePrC0wCgYIKoZIzj0EAwIDRwAwRAIg\ndgFF8W8J65sEaujzlxIRMQYj48aWMwDuBBoGAdKvNcMCIEt3SlgcUGbKIY44uklP\nBcN9zlcNea8DEPkGo9CAh80Z\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIULQWeT+cEMd0MsmviJGHcda8UVeMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASkpgrmIHiGazyMyjPIDV7y7RrpRSTI0KDuLCvl\nDPc7ohkNMeCI0kbwObyvzmYHgAnO2hh/TF41WGYHIgCS1xq6o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUiYkShG4Pkb4auA4X8aXvm0zynEEwCgYIKoZIzj0EAwIDRwAwRAIg\nH7RLb+jbtYy4OPtlQ+cbyde1fKBO+ACBRCvjG8L6RlsCICh/Y5GlHctCEUjD8GIy\n2w+YExeWDae6sV9knvpE0w3M\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVKgAwIBAgIUMJFPBfvIvJVDJuo2qPq3VMh2tLkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABCFkQ8eThUIlmhp0Hju2KomfTUVifSmatu91UrFZh6h8\nLEEiHoFj1r/qV/uxbr8A4NRdmnugyoKfndB4YIhZar6jeDB2MB0GA1UdDgQWBBQm\nbP10yjuMBXA3gfRmUEroyK89iDAfBgNVHSMEGDAWgBSB4sfiLTGMgYpCyHDQQ95m\n94+sLTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEgYDVR0RBAtl\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiBJha1a38rmuTdngn9aqYstHPL2\n8tvfcNqaY6njj8P7uAIhAK1VsM3I+qaAJP5NJLM2QgpgVNnmcWT0M8XxheR98ICn\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVKgAwIBAgIUQLX/xNTyOe9fB1KdwCc561vOI9UwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGZq1shrzO9H/sQJVs/IPDAE2NYiWuGVe+c5oPviC1c+\nZRKTmxr/GbZ4nS6lg1JvBPvjtCwlFhvi0BY40t0/aa6jeDB2MB0GA1UdDgQWBBSy\n1tkRWwtgz9Z8/gJDwscIVcHWLTAfBgNVHSMEGDAWgBSJiRKEbg+Rvhq4Dhfxpe+b\nTPKcQTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEgYDVR0RBAtl\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA/LAGJiLUJKScQ7PoGBKUrabf\nLvf8nAq0rLNVszuW90MCIQDbftrVpfHtzXUb1wEZr/WiJxKVqzMjAx02q+fPPqNB\nKg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1444,10 +1472,10 @@ "description": "Produces an **invalid** chain due to an invalid EE cert.\n\nThe EE cert contains a non-critical Subject Alternative Name extension,\nwhich is disallowed when the cert's Subject is empty under\nRFC 5280:\n\n> If the subject field contains an empty sequence, then the issuing CA MUST\n> include a subjectAltName extension that is marked as critical.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUKleJy+xbkTkLLo/9GlBprPffi8AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARdy4yy+06NHcqVVdP4TGETc7uLAKBbjWZ6I66l\nXHnZI7TQhgkno3OwAO+t5r4wuEPdM3LFAYD5Zmah8atDa4Mio1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUN9UHO3iliIaNUeK1pbFl+tRNYVAwCgYIKoZIzj0EAwIDSQAwRgIh\nAMfjdzVK6IEW+78ghLiK5DGRjHpUnq0TCj8Yi25LIiWRAiEAlv20SHlgT6lwX1XT\nYJkntSMY1TEAaJT0X//Yr6DmcME=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUGkh0iHeQ8qn2MWA/yxFbjUkRx00wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR0K5QJ7wzRMhBY51nTG1mFT4ZbTA4lq58s7VRr\n9uEa1HKvD1ArX7DWHNHYQ8IhqTQjgzjerC9QXgyGLbzqIR2Ao1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUKRKhwUjTSMwSl8PYCNsWArU11FIwCgYIKoZIzj0EAwIDRwAwRAIg\nCU0BSj6XuZZQH82D9MrNwZIDbwV5wigzpzRQOt1oGN8CIAhvLu+TI6gErhAF/LNR\nqnuPtexCl1BZbqCrqV5+fTPB\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmTCCAUCgAwIBAgIUKDEcXUBsqkE9lj6M48Ilp4BVPqgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEA2nTn23/\nDeAI5YcUw9NaRNEihANF7fvYKHKi3yt9vc0toCJvcMJp8vkADFQcfV01UUMouGpm\nZvKKVDpX/q50kKN8MHowHQYDVR0OBBYEFBu/KdcwAjnFUNrc9thif8PEooWjMB8G\nA1UdIwQYMBaAFDfVBzt4pYiGjVHitaWxZfrUTWFQMAsGA1UdDwQEAwIHgDATBgNV\nHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjO\nPQQDAgNHADBEAiBDEVPRzYs7M80RYTHxJk4IaGZ1m+w8DdOzuVGhU9n6nwIgb25+\n1tjCFtGnoNr3EoYsGRHno4GpD7zymqJssHc6yOI=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmjCCAUCgAwIBAgIUAccIL1wZTBhPqH5urPDD6E/Uzs0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9fGhAhNe\nMvRAZuBgaEBKaXIjC5ibpAAxIQRmes1CNJ20cZ/kcgOLGKqf+qjWa3bicmlytcN3\n/c5oAC6v5Q4AAaN8MHowHQYDVR0OBBYEFF+nPkKOENCDvXdlhEikTvSvUZzqMB8G\nA1UdIwQYMBaAFCkSocFI00jMEpfD2AjbFgK1NdRSMAsGA1UdDwQEAwIHgDATBgNV\nHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjO\nPQQDAgNIADBFAiEAwZmfimfsDf+VRv9XmCSDCGhq1KDnZSXz5qfhypG9MiQCIGvr\nk2OWakFnCsLVrwkkzHXk1PI4DpxzQa7a8UN49SK+\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1469,10 +1497,10 @@ "description": "Produces an **invalid** chain due to an invalid EE cert.\n\nThe EE cert contains a serial number longer than 20 octets, which is\ndisallowed under RFC 5280.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUOR3n2sSefVpvHos7JFf8E6PSLlgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQLjwseM4B1hiK93yBoITVkyb8H0fsjH+k/2EEh\nMGjAC6Dhdit23sNjlh8uGJvJ1Xk7PDzw6mE6f53C8HL70k+ao1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUvGCwVODez7/UKaMfdMdokgjIwOcwCgYIKoZIzj0EAwIDSQAwRgIh\nAI0TSmY0me1lM1h68yIN9NT01w0lLWr0eWYIBBQhTwuEAiEAx60Z6ARiUStYyLnr\nP7oGc22ok2k6qe9ijSFv8W6yt9g=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUf+U+JZDZIY6hhvK+LeNv/It6xucwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASnjUnUn9ZWFHX7gfbg2WT7uXoQ2wK2D+T2B3Xm\nnNPfVhdkTcB9zn2nJgq14rj7yRa5WkT+lKG2VO05NnW6budqo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMmOBmZCmpIkyAtBBpCyCAy6zSlgwCgYIKoZIzj0EAwIDSQAwRgIh\nAPPHgc1t733hPSc+sViWh+jfLt0St8cXguJoIVRKSkQyAiEAmNuOCNUnAT/C0vNh\nLDsV5wMtVVNYQJXC6QpB6DS6Nf4=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIXAI+i3XXKvKM9Q5tCarYMSQQYv0a+eiQwCgYIKoZIzj0E\nAwIwGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoY\nDzI5NjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqG\nSM49AgEGCCqGSM49AwEHA0IABLBygROe3CK2Ecim/FGQX4bHkR9OPhDYQ9TDveO2\nQS+k4wLNg18nbcp3UiA7sfTiCPSV5HoQaCCJ+fRXEY6Pre6jfDB6MB0GA1UdDgQW\nBBSMPZv+abWFnG8lfC84hUD4FZPH6jAfBgNVHSMEGDAWgBS8YLBU4N7Pv9Qpox90\nx2iSCMjA5zALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0R\nBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgD/PftGuLG5vitVlt\n/Zsl6S1VjpdHOsTSfX2L4T2biCMCIQDrHIQVXhgml5ehlOfUW0dlS3NLM82G2xpd\nKAvMZgB+kQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBszCCAVigAwIBAgIWYPkOnSrDgHOzsBQnWkdnnbLWhqXz0TAKBggqhkjOPQQD\nAjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwIBcNNzAwMTAxMDAwMDAxWhgP\nMjk2OTA1MDMwMDAwMDFaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEoAcCUo8KA25P1qp5vBtdZcYtGpMcpTbWx3FSYVCE\ns+Oe4OqX7lQBA32Nlj71A+bF2+3RFChgHrvuGnQmds3uo6N8MHowHQYDVR0OBBYE\nFL7sNWyBojI/m74CaWVOtKu1+Et+MB8GA1UdIwQYMBaAFDJjgZmQpqSJMgLQQaQs\nggMus0pYMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA0IozRuwvMxAComHe\nh0F6ISiDDzZwt43Zsvr7qmknKU0CIQCwh5Z68lJDVssyPgKAfM5zgyxM8D+O0et6\n5fMAg1FfXg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1494,10 +1522,10 @@ "description": "Produces an **invalid** chain due to an invalid EE cert.\n\nThe EE cert contains a serial number of zero, which is disallowed\nunder RFC 5280.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUGebFTLUwFXqfrrll3Uw2T6S7lx0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ22s3HmP28OembhsakUIowOCCGt7By8sC9+Gej\n8wiXNvio0s0u+ALcKVOdakPltLq5+jVq6L4TIfs/VY0R27bHo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUmF/0/6vkeAgxyMXzkAiSsCZx/zgwCgYIKoZIzj0EAwIDSAAwRQIh\nANqsWZ6K6SiP0ZLuCT50y12KGe5Jr4nh9WrBJoSlTziEAiBkI3vC+bKFU0zjagXR\n9H2h6kiNrBAB81bliC+7dbz1vQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIURpiMFU25SeB5/fIax4XCSVVa3uswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARaLSQyRFdWzVXi6+Hv5s9kFJniLkeuSM74/z8Z\nAQMtfC7ecrXRKKSxp4ES7KNgqeqOHPZAZrTLLo9Ea30t7gMHo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU6yFQE8fuPd0mow844kgqbg9UOtYwCgYIKoZIzj0EAwIDSQAwRgIh\nALwLMp5mZYxzjvmYryavKV2tidvyj2j30FqEeiwHRSccAiEA1+me+SisvsEz6s71\nD/6Igcoq7DdSsuqZC0oLyyNYGkA=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBnDCCAUOgAwIBAgIBADAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA94NTA5LWxp\nbWJvLXJvb3QwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/4N+\nPQnsLvLiHmTxA5ctO8oZWPLeYVdcgGJnCOH27heRqdgIkMCFiMuG72cri3Ni56NW\n8gTXn1G/LfCvT5h8aaN8MHowHQYDVR0OBBYEFEq6jt64AqmDAUrwkVX3ki61zED5\nMB8GA1UdIwQYMBaAFJhf9P+r5HgIMcjF85AIkrAmcf84MAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiBj86GS433VbYBtYvYO3tSQsIMqFpSblXSxl/jTVSJh1wIg\nK1h7+jALsl5Mc/QlHtcDFxpMoJZikli7+z+5waoKaeY=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBnTCCAUOgAwIBAgIBADAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA94NTA5LWxp\nbWJvLXJvb3QwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy+A6\naWptlZLVjFPOgbxHdPBsy2FcxdMq4oiqaeFq5f5bkkNmWe1n2qlU5Ymk4KOOMRpH\nGLJ8a52Pi2o2+9LxiqN8MHowHQYDVR0OBBYEFI+OAL2yg0K/j8PT3nRJTWfc+Xg5\nMB8GA1UdIwQYMBaAFOshUBPH7j3dJqMPOOJIKm4PVDrWMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiAp2E8Ze4KD15ea+fWjDgeVg+Ycs9A89WPUoVelwxJbKAIh\nAJCAQnbHuTCe4KdL7fcSB+1p34mGQagcSctNzlTAxNpe\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1542,10 +1570,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert has an SKI extension marked as critical, which is disallowed\nunder RFC 5280 4.2.1.2.\n\n> Conforming CAs MUST mark this extension as non-critical.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkzCCATigAwIBAgIURDuLWC9Ip3nDtZhZTDbrePmNJwswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT5EqSMM9/eCc6295EV0cSSVMUVUPGIzorfIQUE\notQfI9N/vT03DGHM7Ia6I3WUIblsYT4gBg2vRW+83dCdEzZKo1owWDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAg\nBgNVHQ4BAf8EFgQUiEBgFPXQ44mIkicQIE16JTurEPMwCgYIKoZIzj0EAwIDSQAw\nRgIhANKOs7MNV3S43Dgfsps5G02XJmDAsbv++rtWaihxC9S1AiEAxbNMFV9ZANrA\nJvGGengM1Q3aucszPJaOD2IoVt5xlWc=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkTCCATigAwIBAgIUPSn7PpYOAZoSiAua0rCQ5TcGB0AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARf4RZz8Kb9aJ3sxgeJESc8Rz+RoZwuP05iNCDV\n57JqUJM5AdwWNn5RM5ld2Z499jC3K/RM6YXG/JaRLZQqitcyo1owWDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAg\nBgNVHQ4BAf8EFgQU1A776SZ6pRpv4YXrdQlsyq6NWhAwCgYIKoZIzj0EAwIDRwAw\nRAIgYEP9OdO4Q34kxou36FqAxKxDZ6mzIe3k5WdPCpE2ZPkCIA/0yrACAzuEBwW/\nK9WX9WYI/AtXozeoG9SIQdfFJRVm\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUXwDpHknASKnvcUKktqNamR9WvAAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABPmbDnhPLJggueX3niBqOkjkC8Qr/lUJSB+L2si+0AUM\noS9K10nkxbJU9MfwLGIqa/IQnJYYxZDSDck24xxUkgCjfDB6MB0GA1UdDgQWBBSD\nvl6yswRxjyXTtHHaRBM3kFBpAzAfBgNVHSMEGDAWgBSUD16HRlm2PVavx+EzsDBl\nkn52nzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAKrvMQeU6PG8ZYjRncCq\n1cbR576cq8JSo/ByICpypQBjAiEAnUlcsb345ICeniWFckyoMqv9y/zAdFNCWZZK\nIStyd8Q=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUGcH/DjVs50H0ICr/pkPU+CF9y1owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBXKORcQw+JEqjVWKUoaXPu9isGN7CsMuBQ3n6uZleMK\nxpdbQ9agT2T2c7FJkC50QM93omdtEgMD+z+OK9LhCF+jfDB6MB0GA1UdDgQWBBRG\nP/WV+SfTLDBdZ6hcnUjwy5NqczAfBgNVHSMEGDAWgBQcQhMVEIUeoHyGwNwwpJFI\nC1IxhjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgU7s0n8TxoZHlHviWHWsS\nB9MRxC9HK4bZK4Efz+lF4ncCIE8M4Hos28geU0fgrNsYZEyZ3CMInjhVzt7Jfukz\n1PwX\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1565,10 +1593,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert is missing the SKI extension, which is disallowed under\nRFC 5280 4.2.1.2.\n\n> To facilitate certification path construction, this extension MUST\n> appear in all conforming CA certificates, that is, all certificates\n> including the basic constraints extension (Section 4.2.1.9) where the\n> value of cA is TRUE.\n\nNote: for roots, the SKI should be the same value as the AKI, therefore,\nthis extension isn't strictly necessary, although required by the RFC.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBcDCCARagAwIBAgIUJQ384E9gTcR0MSUmRxI1L2vciQYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQPP6iHjvn1/Hlemg+3DVtqDI23W2mHMONmgsQW\ntkym50AImqIU9V0RgBuNK1R3bLiWXsTvTNzL2zkL+3wt+Or+ozgwNjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiEA5eLZvTfK7N4sNBucw/M1V7yWuoDpmaK+5lEZ8/Ir\nEecCIGaOCPAiihN/lkBLZqzmEsn7IbtqhcU50CO4n3JLdt/B\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBbzCCARagAwIBAgIUG7S7gbxJ3g041W+1/OZTqyLMYhgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARWcYegncqFxFP/bLh3YsyuUrQZO6fbb7N+TrMX\nc7xugbRJU1rTq+fIf6A84ErPhnHCGiQfAa8i+tMFBnUqsbgSozgwNjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiAuQNck57uulRkvU3dlgOYZGQ1S/cmz23zkuK5VOzdD\nOgIgNq3CFF4V/XPKGLzna97qoXhUo7mv29X24QqP0invzwg=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUEV75QZ49oTAPxP0mTfoQQRQnPNQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABD23bkvt9XujG+tfPwWxDt6GGklToEW9Im9zflW2DuCK\n2OYJhEwbcPSlnDq2yP5AFXa0cbyXHq8BVkZRdb0RNJ2jfDB6MB0GA1UdDgQWBBQx\n+U/npFbNojshXDdd+fs27dC/tTAfBgNVHSMEGDAWgBSfBGu9k1azUhrX/4Ub6moD\nS02ZkzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgT3YS63M5kHVU3kgEMEao\nkauJEqqlPnIFoPMPu4dK6ecCIQDZFavdt5cyLvZLp+l0ge2/bljuNbOGlK4p01+g\njZR1OQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUbobYK62dnfGx6nlsutLun+vtRsQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBqq+Vz/9ABhu9lB/1wC+vzAu+pYKhtmgT4XzAe6Yk+c\nOcwi2uOqM4j9Xfe3zT2YMktys2SAWIjY0+LFRnpWkXOjfDB6MB0GA1UdDgQWBBSe\nUuyRsyYxfVJDqyam9DtlxI1ALDAfBgNVHSMEGDAWgBRHUWLAEPfJtP3/9DfKWkS5\nGMOAcTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAMP+CBfkrzAdo1pFVaGb\nTLGvi57mzCDtOhF28yQXL9tIAiEAoMLXI4k74dLWaUlV2qvtQOuV32RwoqsiBJua\n83B1jzg=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1588,12 +1616,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA -> EE\n```\n\nThe intermediate cert is missing the SKI extension, which is disallowed under\nRFC 5280 4.2.1.2.\n\n> To facilitate certification path construction, this extension MUST\n> appear in all conforming CA certificates, that is, all certificates\n> including the basic constraints extension (Section 4.2.1.9) where the\n> value of cA is TRUE.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUVJT1xlLDjojDwT+cnSwp0mU7nrMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARnJTEVmTBUwz/pG+/v0KHV3sgK4g4wjAIalQs4\nTq2q5ET6R6RoRA8QRMPRBqdjB1+2LvEffjbMmnX+CC8c96lCo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUJ8wv3NGToF3Q5uH54NU16q5/5XswCgYIKoZIzj0EAwIDSAAwRQIg\nNH7u6yKm1RGp3vqHoQ18rl+HjgvkS1aN20WhGsUbdo8CIQDHyTZRhQvkHR02CJGW\nmZg5zm6fMz7230Lfp/TqVGhgmw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUR4btApR5q5wktk6t7xbg6iSrO6EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQX9ujpQ0kfk6J50AI32zmYs5PV4UiFoNoGfsin\nNjqIiymbT+vmnevmpDe9d9yU4ku/sDduudT9vux6OeexTGpno1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUTWKxejkZNgZObHABZwGCoU2wYBkwCgYIKoZIzj0EAwIDSQAwRgIh\nAIWWbx/lbezfnvjSwtzaRZq63yJN08efoBRwZDu/a43uAiEAqvO8mMiqaremOaUM\nxPs5F56pVsdXNsTphoiOm1l8hiI=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB4jCCAYegAwIBAgIUGBFO8eU5Wb/IJaLNDpi7l1bSyHYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0ODI4NzcxNDUwMzQ1NTkwNjgzNDYz\nMjk5NzQwODIyMTIzMzU1NDM1OTk3MzQ0NTExLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABPAh0eBvRcxcRsIxqfst/m9jxR9g92tpxtXT3ssT+cKGOorN7nTLgO4lBcYZ\n4WYU305xddSo3U6KG72pAuN4zaajWTBXMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFCfML9zR\nk6Bd0Obh+eDVNequf+V7MAoGCCqGSM49BAMCA0kAMEYCIQCniMTnpPP0jWMrlC1d\nA1EaJVC1+cm7he2DgIQcvgpyeAIhANRsUsSjYJSU1QcfxExEWgp+MJug3mrU7NLr\nmdhUeFXj\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB4TCCAYegAwIBAgIUJ+l/9tGipRFCW+jtE6Wv6kwtNg0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0MDgzNDcyOTEwNzQ3ODM3NjI3MDA4\nOTg4NzQ3NjI2NTY0ODcxMTc4Nzg0MTAxNDUxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABLzQ28aDcKRUt5kKV4jfDkb1dAfUPgNkpE6m03SeP1t+9n7UmuJ9JSkVohqT\ntEqMacFKmf+SlaqCoqXBKBMaX52jWTBXMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFE1isXo5\nGTYGTmxwAWcBgqFNsGAZMAoGCCqGSM49BAMCA0gAMEUCID55Zq2Vqg88kRkg0jgx\nunfvP4BPnzNTuHbkdT8npCQrAiEA0S3F8jv/xI9sq2EvZUp6u5k8H8xuD3ZlsYA6\nYGCIF5E=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUa2n/FZPVWHgDMRN3MxirAaHf3JswCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDgyODc3MTQ1MDM0NTU5MDY4MzQ2MzI5OTc0MDgyMjEyMzM1\nNTQzNTk5NzM0NDUxMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nExI7ZKRxcVry1RDKjzkrW/MMXF9c1Qb8lYntPmOnFS5MsHmdj/MInR056DiLT+ou\nrJcMVcebsVfpONQSAq5PZKN8MHowHQYDVR0OBBYEFDPgVxC2A/XjPaqQ9II1C+cN\nronGMB8GA1UdIwQYMBaAFBHEUpZ2ZlWRlASShWYNoP8av5pIMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiBG8OTMyrIshNIQYTCVsSyBP6L2d+LAUJ+SAIqjyBL+\n1wIgAZ8HSsbR9/v3BOyPw+o5nBgeopu2QBCRH3W9vhoXZgE=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIULisc1L13QIl6l/I2h0S9+ATzdUowCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDA4MzQ3MjkxMDc0NzgzNzYyNzAwODk4ODc0NzYyNjU2NDg3\nMTE3ODc4NDEwMTQ1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n8MZC12d2YT5At7rV/MhVYdv7potCBZquPV55GUn9SA6i4Eq5LGW4CUE6bawZxKfP\n0+FeJedL4kz1TPkWdLgThKN8MHowHQYDVR0OBBYEFCezVEsaHxBLTYkv8C2vAW8t\ntoPuMB8GA1UdIwQYMBaAFOyDauUuw0/xnZSmyO/bafwY+cyCMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiEAidazO6rN5T7p1k+VMsJhenpxVjVWQVsUT57gNCws\nrjACIBL9EQvsCQncVElZu0aC/2aKD3m+gS28vPMJqZWPneyu\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1613,12 +1641,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> EE\n```\n\nAll three certificates are well-formed, but the root\n(and only the root) is expired at the validation time.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjDCCATOgAwIBAgIUAgxhjm69ilhalPZqJd9DzYhclfAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTIw\nMDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAE29f58pbL2kTbf/hIZXhg88QyKEZg/syOJ2keQFiX\nVY6jD/iCBmzw5PTr45ynOmopxZ6OP/rm+ffGXYsAWINw0KNXMFUwDwYDVR0TAQH/\nBAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYD\nVR0OBBYEFDrewvsCpTkrUP6E85nzE+dBBaNhMAoGCCqGSM49BAMCA0cAMEQCIA5e\nYnYSh+Q1UMqllGBIjkadhwOFnEM4EQU+LHSc+mbdAiARIWt894VqPNCesMpbDfIb\n8XGLbW8gm2IUmgP3Wt5I/A==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjDCCATOgAwIBAgIUHpbCz7qyXEyP6PLEC9xEt5CyqNgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTIw\nMDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEKwhuFAOu1ObiTIE9/BD6fEzFG+jvfKmIAF8WDyUj\nSK4Y4r/6sR7hM+pDvSRXfNXEKW/m3GoPCwKRcBD/JKe/wKNXMFUwDwYDVR0TAQH/\nBAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYD\nVR0OBBYEFDfzgy1k+CMBlU0Y0OdB9EACgCJmMAoGCCqGSM49BAMCA0cAMEQCIBkp\nP8hcyerv+rV+6H/TsdlEAnTvy+tdN7Md/0att7rCAiBsG16fGhgBhTq3X+rtnqLv\nfJjE9Mj5LUfto5orpjHTaQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaOgAwIBAgIUWGSiBAtQrmRMAFylGDpb3WyJ9pcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowaTE4MDYGA1UECwwvMTE2OTQwODg4NDMwNjA3NTk2NTg1OTI0\nMTk4ODQ3Njc2NDkyOTYzMTkwMjY2NzIxLTArBgNVBAMMJHg1MDktbGltYm8taW50\nZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBGQpWyXoSbWXszvOepkhmMC7QHeUG35z1Fdq2gJGnMUSU4xKs3HO5sfEiD+FvOEs\nqxl8Kb9qyjF5b4qfOmETtw6jeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQD\nAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFDrewvsCpTkr\nUP6E85nzE+dBBaNhMB0GA1UdDgQWBBSxgbVOBJJO/YDFvf/9it2qYKpcIDAKBggq\nhkjOPQQDAgNJADBGAiEAhx/AFtL7aEt7gy945zaShTO+uXWtlKAYoyQ8eE/rfEIC\nIQCxUUPvXd4/hpDShApV8exBglB11Dgj5FxPsCNIlGo4ZA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaSgAwIBAgIUCy+AurWLer5WSh65aHVYg1fMP2AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowajE5MDcGA1UECwwwMTc0NjMxODA1Mzc0NTc4MDAxNDI0NzEx\nNDY4MzY5MzQ3MzY3NDAxMzg0MjI0OTg0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWlu\ndGVybWVkaWF0ZS1wYXRobGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAATRGyI1Kzs0tRkz+1CT/PEJ/XejN8iurxvXiXVT0kjvVH6u4NaRJrA5ObzAP6yd\n9Isp++0D9nM5LH1DK1VB6B+jo3gwdjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE\nAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQ384MtZPgj\nAZVNGNDnQfRAAoAiZjAdBgNVHQ4EFgQUPh7ysfeUVUjTCWITTVDgSkezf58wCgYI\nKoZIzj0EAwIDSAAwRQIgCSMkA3mVRO3+BdgJ7eaC5UVHvpxb/fe//C9GHuUTnjIC\nIQDBR9apezsxLY+x7F8m/yj0JA2LKPg1sXyfZKFl46l1Qg==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUR2DIrSbj6aEA+Xf6VLrOJhouQMAwCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvMTE2OTQwODg4NDMwNjA3NTk2NTg1OTI0MTk4ODQ3Njc2NDky\nOTYzMTkwMjY2NzIxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAeFw0xODAxMDEwMDAwMDBaFw0yMzAxMDEwMDAwMDBaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEq4AR\nYHEpLzwQ7AKQH+A+GhmYi6wnIt/heEZ751NwFqDH9NCdCjFtJECXJdLyFktNEXlj\nKT9kgfuxiQV29mDTb6N8MHowHQYDVR0OBBYEFKChCXheBQ/TYegRcZT2aZ9k+Pit\nMB8GA1UdIwQYMBaAFLGBtU4Ekk79gMW9//2K3apgqlwgMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiADR03KW/g0h1jJG34j6Y9g5KeGfJS1779p1X+w453gBgIh\nAKIMKAu8+x9SBL/1Q5mgewYe6PvNAM/oA2NHBQJ3A7h6\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaSgAwIBAgIUVi78h8OaGp3WqRJ+vylcuP3c6dYwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTc0NjMxODA1Mzc0NTc4MDAxNDI0NzExNDY4MzY5MzQ3MzY3\nNDAxMzg0MjI0OTg0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwHhcNMTgwMTAxMDAwMDAwWhcNMjMwMTAxMDAwMDAwWjAWMRQw\nEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLD8\njOyk15t8D8d+RevkeOhqeVA2AbObBkBjoXeZuJU21qrUojRy6mAqrqPaRquHcYUX\nE9CaJna+eR6NagsCP2OjfDB6MB0GA1UdDgQWBBRcRBWBYeCthsdkqjaVpwBVa41C\npDAfBgNVHSMEGDAWgBQ+HvKx95RVSNMJYhNNUOBKR7N/nzALBgNVHQ8EBAMCB4Aw\nEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSQAwRgIhAIE0atBcRJFfJJ3/v8qk/fQXCN23Bh1JrsuPdffwaXiZ\nAiEAq/aFOvKgWyXdP3EjZSO3fTo2vhKUUMkdM3jkYvXs5OU=\n-----END CERTIFICATE-----\n", "validation_time": "2022-01-01T00:00:00+00:00", "signature_algorithms": [], "key_usage": [], @@ -1638,12 +1666,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> EE\n```\n\nAll three certificates are well-formed, but the intermediate\n(and only the intermediate) is expired at the validation time.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjDCCATKgAwIBAgITLl/RxNEbg45XF/lwHZNq5A2EhzAKBggqhkjOPQQDAjAa\nMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwHhcNMTYwMTAxMDAwMDAwWhcNMjYw\nMTAxMDAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcqhkjO\nPQIBBggqhkjOPQMBBwNCAAQVIava9aXMtO3kZ9B6Jh8Lp5TiykB2U9IjrsriypiR\nr/FxPLlHhr1WukJZ92Xa1G41epFdkAyntXW/bx1JMYFxo1cwVTAPBgNVHRMBAf8E\nBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAdBgNV\nHQ4EFgQU0hIW0yn7HW0fRUy/lA2MlZ+M8uswCgYIKoZIzj0EAwIDSAAwRQIhAPHw\ng2WS5TGaM7uJqVvmAQkDDVbI6qzvIR7qEGEX0wJMAiBMcd4oGAJNiFcmdFcemGXi\nxi/DM9Wgwkd2ZHarEx1Ehg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjTCCATOgAwIBAgIUFPtiq/E6cv14cbsfIGDCv3BZD+YwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAE/w348qX4VOlx7jxyorD2+1ZZ7edlBmhixx7RxC6Q\nDelSrq3xB1xe0qsMz1HleLkDv2lw0djCNmjOG9BdDENgkaNXMFUwDwYDVR0TAQH/\nBAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYD\nVR0OBBYEFG+BLUUr1gHX9LsSOXu6QncsZ8/wMAoGCCqGSM49BAMCA0gAMEUCIQCM\ncHk+0t/OUbypw4isVeTZ1oiAh5lnV8ApBZ35mmprXwIgfoJc3kaU9u1MCK66Vwma\nJJw+HEMMoznuc76xqOn1Nts=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB+zCCAaKgAwIBAgIUdHB8YxPfK+NKSsOrgm3GqD+HLZMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTIw\nMDEwMTAwMDAwMFowaDE3MDUGA1UECwwuMTAzNDE4MTMyNjkyNTA0NzYyOTM1ODk3\nNTM0MDIxMDg3NTU5NjA0MTcxNjg3MTEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRl\ncm1lZGlhdGUtcGF0aGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nNXHn5uazQAbnDDXVY3f69h03lhDO1IBxj0x46AXfgpYsm8qdGoHBULruf5FRCEDi\nwkWWrMyEPOt9b77r9muWd6N4MHYwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC\nAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU0hIW0yn7HW0f\nRUy/lA2MlZ+M8uswHQYDVR0OBBYEFMm6ipk6lN+LWlHNVEsE0nhPbdgZMAoGCCqG\nSM49BAMCA0cAMEQCIDUzvzJe/9viAeiXiOxXl948dU/J9HE+hs2axjSMj1LQAiBJ\nEGGtzb+NYb7T5g2ME6DIbZ4Ri5XxpC5hV5zDlj2DKQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaSgAwIBAgIUGwaPSi6vEPPfcgGar7RxGXzwtsQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTIw\nMDEwMTAwMDAwMFowajE5MDcGA1UECwwwMTE5Nzg1ODk3OTc0MjYxNDY1MzU2NDky\nMzM1NDQ2MDczNzgzMTM2NjIxNzYwNDg2MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWlu\ndGVybWVkaWF0ZS1wYXRobGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAATr/Y+o/X5OOq/yuBeRBf3kAqaUmCpL176LJeY9r2d9cz9A67KhjKwSKj/eL6PP\ngytRowzYyGSQ5P6YBhFFMs/ro3gwdjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE\nAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBRvgS1FK9YB\n1/S7Ejl7ukJ3LGfP8DAdBgNVHQ4EFgQU30a5/sGpjf/GA1Ar9De37L3cpBUwCgYI\nKoZIzj0EAwIDRwAwRAIgNKNP3mUhjMAm5wRUze4ppynU+6SpiqxRgtG9RAx3zbYC\nIDgOMdbAW+nerMWoMa9qjLicPhpqnEH8Yb/zEvKWL+cl\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaKgAwIBAgIURV4X691yCaAhKkTBlw1WTmf1Bf4wCgYIKoZIzj0EAwIw\naDE3MDUGA1UECwwuMTAzNDE4MTMyNjkyNTA0NzYyOTM1ODk3NTM0MDIxMDg3NTU5\nNjA0MTcxNjg3MTEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMB4XDTE4MDEwMTAwMDAwMFoXDTIzMDEwMTAwMDAwMFowFjEUMBIG\nA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATjcuC1\ng+gWZn/HLBzfSCDGGpnFQBdEaQX7l3t/GyNypJ5lONWvQtXydYWf7gDm6aB77ex0\nJD/7ZVptESSrgTjDo3wwejAdBgNVHQ4EFgQUxCr/5QuzNqCI77/GmM4G5fBm2Xww\nHwYDVR0jBBgwFoAUybqKmTqU34taUc1USwTSeE9t2BkwCwYDVR0PBAQDAgeAMBMG\nA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqG\nSM49BAMCA0gAMEUCIB+CZfns85r9iY8U8OXnI+5o67rI67F0p/Mcn1qvTp5vAiEA\ns+niqO5bK1HuyJoXhPYLq/rhkWbqkBXxVWqjpm062p4=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaSgAwIBAgIUd0DAM/Xd6MAwe7Ihu0CDLGk7TWYwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTE5Nzg1ODk3OTc0MjYxNDY1MzU2NDkyMzM1NDQ2MDczNzgz\nMTM2NjIxNzYwNDg2MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwHhcNMTgwMTAxMDAwMDAwWhcNMjMwMTAxMDAwMDAwWjAWMRQw\nEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIDr\n0pOrhF2lHSuJPvtObNaMY9O9SpKArqSpQXlEthOt8naWXUHPB4uRGN4RfRz5noQm\n7KZ/xH9HJsynJeZNNKejfDB6MB0GA1UdDgQWBBSZ0nH0oE/nUAM3/9uAgpjBASn9\nJzAfBgNVHSMEGDAWgBTfRrn+wamN/8YDUCv0N7fsvdykFTALBgNVHQ8EBAMCB4Aw\nEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSQAwRgIhAOP4BPLWNRlmQRRpH6ZcA9lT/FwsMlsiebXDk/lZ9pIv\nAiEAqV8eH6WbVer++ewW/87PPtgvZ8rTbdJXqSq4mir4wss=\n-----END CERTIFICATE-----\n", "validation_time": "2022-01-01T00:00:00+00:00", "signature_algorithms": [], "key_usage": [], @@ -1663,12 +1691,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> EE\n```\n\nAll three certificates are well-formed, but the leaf\n(and only the leaf) is expired at the validation time.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjTCCATOgAwIBAgIUIThM9VUBx6fV/qiGwFw85I/4h2QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEgXVj4OJp6eLXZEVSz8sq/Ls2C6ja47zZSoVbQSbK\npQIjPzAYOOKf0WWLgEuVWS8Kv4xDJCCGRKPcVviVJMvA3qNXMFUwDwYDVR0TAQH/\nBAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYD\nVR0OBBYEFF06iBfJ3tNiybwscQeWRze7C+uDMAoGCCqGSM49BAMCA0gAMEUCIQCc\nBpKf51VMXWY4a5IufUWEvPspF8fY6C4TTI70OKHyIgIge+XKn2uT1Tf59nw+EMf8\njNwp2XeqxeanKa/JLPW473E=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjDCCATOgAwIBAgIUQpbOCgPUxiPM8QNxb3XsM0OL/SEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAERLLCJzLridVkwGiigwLZCeltue0JgO5lcRIhtG7c\npID9zzm0nYb9Q7GHmoiuX9fBs9P5LXvIBn8qFz+v2hbqo6NXMFUwDwYDVR0TAQH/\nBAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYD\nVR0OBBYEFFL8lNGhzKOfDMYahMXDThoVqKnFMAoGCCqGSM49BAMCA0cAMEQCIEIQ\nak9SSh/jXfaUzseckzBFFQZATSDzjt5maNfRBA4iAiBx/gYIy6r/qmyc1Eb5GxoP\n6M4KCZoAbLB7yPZHnlLxaw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaSgAwIBAgIUH9xiuVy1FeToJEzGmUcfljhMiwUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowajE5MDcGA1UECwwwMTg5NjUyMjQxMTg0MjA4NzUwMDM5NzA3\nMjYwODE2MTc2MDE3ODg5MTMwMjE5MzY0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWlu\ndGVybWVkaWF0ZS1wYXRobGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAARleKh7ysnuA7/isLunwEjfRtcfTOt2DMNU3T+zg61PrAQr1Zq1UUn7h5vOvfdX\n4AiyjnZdn1B7ohSbJYEHI/Umo3gwdjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE\nAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBRdOogXyd7T\nYsm8LHEHlkc3uwvrgzAdBgNVHQ4EFgQUSaknOtJ1lYXSRtjnqj9yRDpzqscwCgYI\nKoZIzj0EAwIDSAAwRQIhAJYBE6/5dTjhHQDVDXePxrW5fllkZJiI14V/jktEEITd\nAiAvaqqsRuMNM4mrRLiz2I8cbc7XOZepAyHst+gs3Y2SUA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaSgAwIBAgIUGRJaA01H0SmoLiFwVdVIjeK/Mt8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowajE5MDcGA1UECwwwMzgwMTU2NDUxMTkyOTcxMDgzNTY1Njg5\nMzQ0MzI0MjU3ODQzODEzOTMyNTk2NTEzMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWlu\ndGVybWVkaWF0ZS1wYXRobGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAASbhFXSCpn9IxFQN5Ppx3Xsi96532+950sIJWjwp0yzgr14hzz6oGLnR7alL+38\n0mYy/WzQmlVzBfJYfGye1RCko3gwdjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE\nAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBRS/JTRocyj\nnwzGGoTFw04aFaipxTAdBgNVHQ4EFgQU+Q4N2njYaF60BbNkhyitA2FqvacwCgYI\nKoZIzj0EAwIDSQAwRgIhAL6z69YfttXdrLA5ygE64nOYikmY1Xg8Iusd/SkqSOac\nAiEA3cZxusdSlWxD+WM2cgPmmN4ULaCvHSk4UT3AWX17UEk=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaSgAwIBAgIUJYCzWIlw1zD+fWWURomeFbE16PowCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTg5NjUyMjQxMTg0MjA4NzUwMDM5NzA3MjYwODE2MTc2MDE3\nODg5MTMwMjE5MzY0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwHhcNMTgwMTAxMDAwMDAwWhcNMjEwMTAxMDAwMDAwWjAWMRQw\nEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOSs\nRObBWPWpJnLFeqKVdoftOHRrVKWK5p4kt84XiWqWDNN5LF2uUS4Sgd+KvfsuXndY\nCzOHVVuXnQBlsOPwX3SjfDB6MB0GA1UdDgQWBBQ72fZKF4toIrJU5TjB9imHwNhF\nrDAfBgNVHSMEGDAWgBRJqSc60nWVhdJG2OeqP3JEOnOqxzALBgNVHQ8EBAMCB4Aw\nEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSAAwRQIhAKO+6Ww1Zp67mIblOehRzVh6MjevVDtK5DbTp9lJmTkL\nAiAL1SjFlHQ8OH+L8AjQM/BB4ctJsklxAuV8ntkP67A2Gg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaSgAwIBAgIUZ+KNsBqrTBfQzwrZXWIwYqI8tU4wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMzgwMTU2NDUxMTkyOTcxMDgzNTY1Njg5MzQ0MzI0MjU3ODQz\nODEzOTMyNTk2NTEzMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwHhcNMTgwMTAxMDAwMDAwWhcNMjEwMTAxMDAwMDAwWjAWMRQw\nEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABP8U\ndW7c3CUk2GJIwFiyTWRinr37GltQYBNHGGh5R3nBxI/2FPG25lwcFI2C6jZfaJHd\ncCajZr7CBB0ntpUKOrGjfDB6MB0GA1UdDgQWBBSMS5Loa/MLBICx+xE0q5EvH1U4\nNzAfBgNVHSMEGDAWgBT5Dg3aeNhoXrQFs2SHKK0DYWq9pzALBgNVHQ8EBAMCB4Aw\nEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSAAwRQIgSIW1AxCGvLjtXC2XxRKt3zNu8vKH+fCDdjUhcvjYtbUC\nIQC0hJG/ppk7q/5+8E/3s8RTnTOWhbJPOK3lOFNfmrCa5A==\n-----END CERTIFICATE-----\n", "validation_time": "2022-01-01T00:00:00+00:00", "signature_algorithms": [], "key_usage": [], @@ -1688,10 +1716,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is invalid solely because of the EE cert's construction:\nit has an empty issuer name, which isn't allowed under the RFC 5280 profile.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBczCCARigAwIBAgIUYMwCVfHAxoToWQWeW46nEJJ1SzswCgYIKoZIzj0EAwIw\nADAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFzEVMBMGA1UEAwwM\nZW1wdHktaXNzdWVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErHkrod5aTq3F\ntQ2W90WdrYEezqPccqBi0c4HkEnRh7h7foMtSmIHL0ggSR+ddM5I+iQmvs1QZnji\nBdapK0SmS6NXMFUwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0R\nBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFHKpVpDEdkhhGLUs6iWVdo1Acn84\nMAoGCCqGSM49BAMCA0kAMEYCIQDsS2RS+C94G2CZ7B7sYuGZMG1VUgehSQhKN7nN\nkTZ2LAIhAJ8RWP0C3zKnpGh2uPWR0DN5jYREFWP7qQuJvUU8t06B\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBcTCCARigAwIBAgIUFaUIlp4yzS51FkWILUn+eaG2+ogwCgYIKoZIzj0EAwIw\nADAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFzEVMBMGA1UEAwwM\nZW1wdHktaXNzdWVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETPQaUxebbG+j\ns/vpTtTwNuEcFj3dMaAwLLU8MCwlk+U+L+Gy2ywoBKvxObn1UrMF7J+7XDK+zMmP\nLkSEu9zfBKNXMFUwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0R\nBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFPogqJ75TFaW2jLDAbsnBi3QWoMU\nMAoGCCqGSM49BAMCA0cAMEQCICh5k5Xcp72dcAm6Fs446OdMpf9Tp9A1TH6kCmYY\nboKSAiBj7D2kbiT+c/52B+teq4bNI75mFLan3cu8mBTXVz3ZCQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVOgAwIBAgIUXq1WdriDZPq4Mn9tvSl1EwQnpYIwCgYIKoZIzj0EAwIw\nFzEVMBMGA1UEAwwMZW1wdHktaXNzdWVyMCAXDTcwMDEwMTAwMDAwMVoYDzI5Njkw\nNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEG\nCCqGSM49AwEHA0IABEd5FKmTW/vNyybeRNIwCED1tBqumccAyYZ6bEbUnKayySwd\nnEc+6U62RDFbtQGgUw+9cxBW1+try9nppM06UgejfDB6MB0GA1UdDgQWBBQDpwx9\n5FaNFJILnFlQnqKuX1Uq+TAfBgNVHSMEGDAWgBRyqVaQxHZIYRi1LOollXaNQHJ/\nODALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhALncCTa5+vlHhIMtG390rDbO\nzZvERaYKpcxwTJQN2bdWAiEAwSz+pTjaTXmlK5gRBrglTFkYA0VrZ5oyF3wXDWQ/\nrlc=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVOgAwIBAgIUc2E41/fytqLXglc7xnjkO6/PUsQwCgYIKoZIzj0EAwIw\nFzEVMBMGA1UEAwwMZW1wdHktaXNzdWVyMCAXDTcwMDEwMTAwMDAwMVoYDzI5Njkw\nNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEG\nCCqGSM49AwEHA0IABLSJSs3oFPSfVw6sa47g66uQ4n6FG1fdAsPOtvp4KIk16VhH\n+UHD/h4QRs8WM8pqXMxj3LoX9oXtrNadBzVQN6ejfDB6MB0GA1UdDgQWBBTULRyU\nP8qDIKgHBDT7rfkKrTb7QDAfBgNVHSMEGDAWgBT6IKie+UxWltoywwG7JwYt0FqD\nFDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgPM7+HclqO/jTyk03zRya1xtv\nrrWMEObUdLNq/QL77EICIQCot+XVuzAK+Q+aHHcjlo4L1b7Lf4dBnF/6z8OMjJdg\nfA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1711,10 +1739,10 @@ "description": "Produces an **invalid** chain due to an invalid CA cert.\n\nThe CA cert contains an empty Subject `SEQUENCE`, which is disallowed\nunder RFC 5280:\n\n> If the subject is a CA [...], then the subject field MUST be populated\n> with a non-empty distinguished name", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBdTCCARugAwIBAgIUdPoncMyYqFYT5MFvCw8BEOuOVCIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhjpBUI3B\nG8zqrpFCxxZxr3Qh5K4gXFrCWyHth1cZwmc2Oai5krNb7TYNz8h0Owc6KPo7c7cR\ny2EW8/Zlvsf7n6NXMFUwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYD\nVR0RBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFBO5X44mvNqZx1U4CZ6ILRdE\nWtwBMAoGCCqGSM49BAMCA0gAMEUCIHUscFLMWytZBrlatuJ/rD46/qpVtIQWC2pU\nWj2eMm89AiEAnE+24I+YtTob+7XOd3P7dVgnmclabrdk+8uh9E09Eo8=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBdTCCARugAwIBAgIUJaxx9TYzUBb3AlAq0ARpz/psTtMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjnUKJcwt\nOIqAAIgh+ttQvBn0/6qeVwbm5gssCeEtl+soM8OWXpmhd1e20hoJtb1p8JlVjJW2\n1zVvGal32oOtmaNXMFUwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYD\nVR0RBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFFVE5ftxw2ar5MsK6iWsdY5m\nNBnDMAoGCCqGSM49BAMCA0gAMEUCIDLaT7o+P9p9CserkqmbJNaVh39ThB+ZCvV6\nhpnH7x7QAiEAsVxsv7K1UfSocqcTdrL7GsxWRBrlQiJqE9SADlPsMzw=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBlzCCATygAwIBAgIUVMNLWxGrhTKYzm9jEvlVMymp/hYwCgYIKoZIzj0EAwIw\nADAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwL\nZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARRDF/UTOHKSHzZ\nDahFWz1AQDkaG+XNbQmtq7sO2kXND0W8UcM/L6Pl+oIbLnIXF+6s/h6g6dJtcqv0\nZzTq414co3wwejAdBgNVHQ4EFgQUOc1/+DmgpYwk3mWp8MXVovTlNPMwHwYDVR0j\nBBgwFoAUE7lfjia82pnHVTgJnogtF0Ra3AEwCwYDVR0PBAQDAgeAMBMGA1UdJQQM\nMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMC\nA0kAMEYCIQDRv6dd5ft8tP3i6W263hDgIgYKG3JVIT68vfXQh780uAIhAJge3NYQ\nTTfFP3g5LUoOsiuULkiX9ijyvRTBEf8PQ0ul\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBljCCATygAwIBAgIUQ3hm81Q1V+toWG33XH151/hkI0YwCgYIKoZIzj0EAwIw\nADAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwL\nZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9lGQuY1+jkX4r\nP2c8sprrb73SGIjsaTWHJvRgso7Shqu/Ex/akkKi39iuh4lIsbiPSGduoyyJX5DK\n6wAWu7uJo3wwejAdBgNVHQ4EFgQUwSxOlvMabsMx3phRXBFqIFyhY60wHwYDVR0j\nBBgwFoAUVUTl+3HDZqvkywrqJax1jmY0GcMwCwYDVR0PBAQDAgeAMBMGA1UdJQQM\nMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMC\nA0gAMEUCIQD1RNZ1P186gPrA9ZnPutEmNDlCvIUUAPXI5WrMESkMUgIgJhzAZgJS\nUGNQ4f3TNhp0bG3rPmEsIHeCDF/jLLt8/fw=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1734,10 +1762,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert has an extension, 1.3.6.1.4.1.55738.666.1, that no implementation\nshould recognize. As this unrecognized extension is marked as critical, a\nchain should not be built with this EE.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUYP+se+ADqtp7UP/JE+J2mLaDV6gwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARf+fKYx6fYH3Lck5RPgngxcw07rnePPfi5pkZA\nNzaoBFew+GlPu1VhRXl10QYVO2ATdBzLIQO2CiVqoEqPdD7bo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU+qIiItHiQqu9q228+dTY2ONBlc0wCgYIKoZIzj0EAwIDSAAwRQIg\nTteFeZOmN3ORa4UqB5nF4AuERyiJEwq/Bck8ClZQga4CIQCvDH50dlTS+fRjcpzN\nwbeSBHnLN9byMTivMRU32PhXFQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUCg2YRJkViIAvT7Yd092GufWeSlIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARKr5I/1S4twbsaDw/MtPT3VtRT8SN8PPig/h5E\nQ0g+QG83dnLQy1fZF00/LevsQh36shuEo8jS8Zs8fFiwdTHUo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUVErEQ6K4KiWH2umuKqCC9pJS440wCgYIKoZIzj0EAwIDSAAwRQIg\nDlm7+T06fSPKEb4jjeNRkL84V0EnWaXP9zIc4m/ILGICIQCcyolp3Fila5XUmOyU\nsD8eBi6GSNdZyErSDeskWJfz3A==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBxjCCAWygAwIBAgIUA4ghCaQbzgPzrd1bCkugjGPUKHkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMP+TIJcJ0VBTTbf06oZ7srDETPxHuY9dUz+DAgaeii+\nLmvk7L/0qv/J1Ns3EHQ0XCUa/AKMmJZ2DqIJbiW4oBqjgZEwgY4wHQYDVR0OBBYE\nFLMD/YXPKzABTX3zWmnrB9rdpOvUMB8GA1UdIwQYMBaAFPqiIiLR4kKrvattvPnU\n2NjjQZXNMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTASBgsrBgEEAYOzOoUaAQEB/wQAMAoGCCqGSM49BAMC\nA0gAMEUCIHB1LM0voMU+9cOKVY4gvXljltqWvz8eXnqmhege6ThAAiEA8Tv5clns\nzJdI/iqbSDyn6cexVOA7JIUviAwZHrQer/c=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBxjCCAWygAwIBAgIURwPCIgBy0ptZ+JhE37GV7CgTGOQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGVq+s36dTKktSyI44OkWhD2lAitBr+2ILqFJPllpctx\nQnJ81RnpLuB9YimRUjCT8GLIz+ZJy+kk9aZDo4izFEijgZEwgY4wHQYDVR0OBBYE\nFPLOK9HRGwKvadRK80I6XZCjG6XkMB8GA1UdIwQYMBaAFFRKxEOiuColh9rpriqg\ngvaSUuONMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTASBgsrBgEEAYOzOoUaAQEB/wQAMAoGCCqGSM49BAMC\nA0gAMEUCIQDT2sdHW0n0l5AYHpj3vy/dcaaGJ9lu0Iarj2+4bA3HiwIgDH9cWygJ\nPPLdrm+VRZfY6X3Yu0ZOsrEjRgxRJ3jWZGg=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1757,10 +1785,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root has an extension, 1.3.6.1.4.1.55738.666.1, that no implementation\nshould recognize. As this unrecognized extension is marked as critical, a\nchain should not be built with this root.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUYC8URnP3PS56BMRA5HNiiN7xSk4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT0dZv6VgecUfFlxmuV+P8qEuyk1O/WwW9tW089\nThyrzRAgX+nPWNnCdTYtC8G6OvynBC/Qot6UTgoht70AHBEKo2swaTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUopfHJjIZaWlcGV+G/7wHKHI+pNkwEgYLKwYBBAGDszqFGgEBAf8E\nADAKBggqhkjOPQQDAgNIADBFAiEA5zTc3ed4vCPCHjQqfLvWD+8oREVo1nTNHII7\nxZt+DgcCIDFQh0/UUKsskN8CyCZpkn8zA4eW6nDYlzkT15hjxIbD\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUFi/wKNJ29yEf5PPYMspXoSBdsPcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQu77TB7U/gK6p3aTE/nmXdAvGnLR2FtUsqTB1c\n4Wn9d/0VQO2H0GXV1w8sFc2/J+CAjKnaWS1KPFQW/d7wUix4o2swaTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUjxTwDoj04HVdagR1xgUimiLy6nwwEgYLKwYBBAGDszqFGgEBAf8E\nADAKBggqhkjOPQQDAgNIADBFAiEA4b50Bx+o2fjqybLQyxxv/Oeer9/hccP3D00f\nMXrZxWACIGxffKhLgnnzfChzY6HM7R1CEusZUl3MfPKcsHVN4EzL\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUPjpWR/Ho8VA7VxVMiflf09kMmGwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABF4vsCks06shqRfGFpOVJ5g8Dou5rhQ0fIWueHiAh+Nj\nFddx3LbjJ51YkU5GM+7dztQSaNgSb/yJUmfHcrT64WmjfDB6MB0GA1UdDgQWBBSD\ncRW6RJWkZf0pVzRatIkzOUKvHTAfBgNVHSMEGDAWgBSil8cmMhlpaVwZX4b/vAco\ncj6k2TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAMq90y0eRalppJwXGVU2\nFks+b9dcT76zjUY+auBOW4LQAiAVmetEhQR4gwFkvCWmIQqEUH8hMgRnT/3Cvvtx\ncX+1PQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUQ/I2bv9AF6HM9cdp5xTdQDWjAtUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOgcRNMo3qH8mjpJAtLRq+0EbL3+zpal4kSkzv829hZE\nUc5ZgoMwQ745s431v5XxBTfQ73xK3Y1W0CA74DKnvKijfDB6MB0GA1UdDgQWBBTS\np4qF2XL9fFVXJaVGZAuCNQTQ4jAfBgNVHSMEGDAWgBSPFPAOiPTgdV1qBHXGBSKa\nIvLqfDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAImSevlH8UrxM/dbJJ7B\n4BI/d5UR80ZeuQirPiyuXRBmAiAYVsuGGkF25/REmbloAndUPqdtgSkgnjO4h2Hs\nD4KIUQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1780,12 +1808,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate (pathlen:0) -> EE\n```\n\nThe intermediate has an extension, 1.3.6.1.4.1.55738.666.1, that no implementation\nshould recognize. As this unrecognized extension is marked as critical, a\nchain should not be built with this intermediate.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUWIM0txZmzzODHGKuUqpXY58AuSgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARpJ1N6102w6a0lvIccO+G+lzWl+LvGjo+2E7/x\nVRGWsItlr14tay2ZboS2IyfGXLif/bV5airdE9Ak8HA2Xl/go1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUE7VaEZTOuSodhdJnMuRxunzTMo4wCgYIKoZIzj0EAwIDSAAwRQIh\nAKgZUVAByd24WtNgSmyXX9IU8O/M5DjePRdhy9qcYwY3AiBk+qBLiv5b3NMSMPAR\n/y5i54lQLUm1L2iMLBdK72BQkw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUERKfFeVbGV506v7AdAXMvhveUdkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT3KtMFvcsuMqLxLCHnH1IdEdBy0UCN8Ql19EsP\n3jSamHNvdBx2uKwv/u95R9a1f8wnPIPdMwkZzhp+ROu1xL90o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUrZewkSI/n6FCg11hjDBmO+zcMo0wCgYIKoZIzj0EAwIDSAAwRQIh\nAJphLMmbn8vBalXPM3U2nSPhVu2d9G2vxcXUvVcni5t+AiAe5cUs7UMYGpibFXt4\nZK8lw3J/mM7I4qtPS2H8NO60Rg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICFjCCAbygAwIBAgIUW8CbIUlYYAqtF0gql+0CDwol7WEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA1MDUzMTcxNzc1OTM4MjM4MjA1NTU0\nNjIwNzY1NDI2NzAyMjg1OTI1OTI0NjgyNjQxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBGIM8+e9oAXB3IZElJWOojg1x8l73I5tgm6Bl/bYi7CxXDI1mLaF1PrmdCNki9Vv\nReo6f+9RM9URL8eVPt2rv/ujgZAwgY0wEgYDVR0TAQH/BAgwBgEB/wIBADALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUE7Va\nEZTOuSodhdJnMuRxunzTMo4wHQYDVR0OBBYEFGww1N251uHs89reklPojXBPt3JJ\nMBIGCysGAQQBg7M6hRoBAQH/BAAwCgYIKoZIzj0EAwIDSAAwRQIhANJvKw3w1BpA\nZyDrTrjoEJSjLI+FSTevLheMPP7bN+22AiBidfeJV4JXBEh85vBpPm8dfCkoI+/s\no4NW9RZXajbGsA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICFDCCAbugAwIBAgIUEWfQ65NGLtT478K38MzsxDIyWYcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBmMTgwNgYDVQQLDC85NzQ2ODExNDgyMTgzNzkwMjk0MDE3\nOTc1OTQzNjQyNTA5ODYyNzM1ODAyMDA1NzEqMCgGA1UEAwwheDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\ns7M22Iz0TX3fSk4iNK6btgtKte804PtxTp9TLQONFUsgQ0pXD4KIE/1+dEw7Yl2u\njWgJRKVetPEQutWkfsF6kaOBkDCBjTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1Ud\nDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBStl7CR\nIj+foUKDXWGMMGY77NwyjTAdBgNVHQ4EFgQU17z3flNCG1uqPhPnRVK9KAnZpR0w\nEgYLKwYBBAGDszqFGgEBAf8EADAKBggqhkjOPQQDAgNHADBEAiBm+laV3DFPjrS4\npsFUqMOFqblQ85NOuoZqHVwC0o8hvAIgZpCIwq2rQBu340DseQa6xpi+sOZCNEPl\nRIYy2i6ZpAA=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaOgAwIBAgIUUKdpVT+1feaJa75cndohsiL3rAMwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTA1MzE3MTc3NTkzODIzODIwNTU1NDYyMDc2NTQyNjcwMjI4\nNTkyNTkyNDY4MjY0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4Kf5\nVPgPpxOWbwR7wNUngyBPmGqlUXPIO7SDK2fFZGtysXKCNQILQOwLiJiOos9WqDjm\nHIcrxcysf43BhLw+E6N8MHowHQYDVR0OBBYEFOhKh5I0nyM4EuwG3XozGwengFSy\nMB8GA1UdIwQYMBaAFGww1N251uHs89reklPojXBPt3JJMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNJADBGAiEA7YGv4hzIDNLTbf3Ko/DedpRQ+r6vB5Jr3sZqhUZwjloC\nIQCyY/QSSOpSkq2LDB2vpG+36OYb6gWbVd/m1hZFZ30RUw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaKgAwIBAgIUeGquwLtohla8t+3lyUM9oxhnP5owCgYIKoZIzj0EAwIw\nZjE4MDYGA1UECwwvOTc0NjgxMTQ4MjE4Mzc5MDI5NDAxNzk3NTk0MzY0MjUwOTg2\nMjczNTgwMjAwNTcxKjAoBgNVBAMMIXg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tMDAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIG\nA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGv8E/\nitqPZvwoaCl0/V7LhU6B8WyMOhsSjrG3FjsIg1Ul3sK56EWjH0iD9V8aR2nWhRrv\nNclEnDtfDIcKVrwko3wwejAdBgNVHQ4EFgQUp3nr4CMBmXpb14MtRsZxr3xXo0Iw\nHwYDVR0jBBgwFoAU17z3flNCG1uqPhPnRVK9KAnZpR0wCwYDVR0PBAQDAgeAMBMG\nA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqG\nSM49BAMCA0gAMEUCIFPPhUR6wYzAEcSduAoMzV2h0sUKaREMu5OqQaffNeVfAiEA\nnOTlcB6sN8pMPptvd2i6T+zecpbLAOn5T3pevNl5TOQ=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1805,13 +1833,13 @@ "description": "Produces the following chain:\n\n```\nroot (untrusted) -> intermediate -> EE\n```\n\nThe root is not in the trusted set, thus no chain should be built.\nVerification can't be achieved without trusted certificates so we add an\nunrelated root CA to create a more realistic scenario.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBojCCAUmgAwIBAgIUFuapVi5gg3BZH/NUfEX33tbFyDQwCgYIKoZIzj0EAwIw\nJDEiMCAGA1UEAwwZeDUwOS1saW1iby11bnJlbGF0ZWQtcm9vdDAgFw03MDAxMDEw\nMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowJDEiMCAGA1UEAwwZeDUwOS1saW1iby11\nbnJlbGF0ZWQtcm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJsz6vSzQ42j\n3cMj+VVg0JsESTarAkOfgIbvCCORTGXiXCsvlO/MS3iBE/yOQmTHPgOxJDJG3Ubt\n08kdVYDnQ56jVzBVMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1Ud\nEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBQnmyTloD7qqAILMpMFWuLWgg1A\nlDAKBggqhkjOPQQDAgNHADBEAiA+fTGN3ilh9vu90gAxmQVhFc78YnkTfj0sD2Gf\nluhnXwIgMpIilB0nlgbULdzUT8sJh2IqSb0pej5PBf/HjfmxqtU=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUcecB8htOdab3yu9EIpWgP17/xt8wCgYIKoZIzj0EAwIw\nJDEiMCAGA1UEAwwZeDUwOS1saW1iby11bnJlbGF0ZWQtcm9vdDAgFw03MDAxMDEw\nMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowJDEiMCAGA1UEAwwZeDUwOS1saW1iby11\nbnJlbGF0ZWQtcm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB3nPpStgmBY\nc/WRAn6xUo4ihWEY44kwiv/Bc9xS368TlWjV3D9pvXNEcxF/Nb831AzMFpRUIcFk\nTEVC5gR3H1+jVzBVMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1Ud\nEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBT1FkNrmkeevTfqVEZ2FlMjnrLi\nTjAKBggqhkjOPQQDAgNIADBFAiEAztTsVauu2fTGS1GTwMlNfbrEvN+0V51sslsG\n8a2ZijoCIEFF4KXrJbKcsQb3Noiqc3kfDO/bS1f8VehtwaYHYIMt\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUQcbLDAwAyBIHRBEu3j+A9th24nkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQyiYBEgYizEmJ3StOXJvmkPFtW1ZZBDVx0ke+1\n0EcsDqnZa/DPlE/b5ARwem1O06m1VBPLEcrkql/U6LO+mT9Ro1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU17djLAnRvtSm9N8d8KDmc1s60q8wCgYIKoZIzj0EAwIDSQAwRgIh\nAO1YIJRm7c8d03tiOW5S2/Srx9RQHFFpxOYUyzFNk3LNAiEArpHFScWz7NUcum2S\nF1LLYf/FxSUwZUdBqcAvRBWUHCo=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaWgAwIBAgITJD55BNrpIdyj2OzWjTNtjs8NCzAKBggqhkjOPQQDAjAa\nMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwIBcNNzAwMTAxMDAwMDAxWhgPMjk2\nOTA1MDMwMDAwMDFaMGcxOTA3BgNVBAsMMDM3NTUxNzYzNTU0NjI0NTk3NjY5ODIw\nNDU3OTcyMTkxNDI3MjI0MzkzODQxOTMyMTEqMCgGA1UEAwwheDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nSH8MKoaH0O69g9hCnLYXVbhZmWO9F9Zdi+pnBaSxGXRQNE4r/kvOzAw74wKDJ1qL\nm4jdQDLhWAgHdaPCay6CmqN7MHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU17djLAnR\nvtSm9N8d8KDmc1s60q8wHQYDVR0OBBYEFC6FZtqDAnrHQz4lcNWOyl/DRi6UMAoG\nCCqGSM49BAMCA0gAMEUCIHE6zApCQ/3jSDyDkMkBgwrtsNdAbXbx6Rubw8DZWyL2\nAiEArOjOCfaa5s7lqDXUl3Dymcav8yze6SqeGJTUM+cXiA0=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUKZV481DZFlXcP0qFcHdRXoIArDMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASVeCKXVmXaeQu0U//kWJklXwoc97adTtdeVbd8\nxRsDEkMBqN9bku3jPpDWwaVNKFbd1cPS1MjTpJ1hAWIPlj3Oo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUJ7YxiV1R+SsJulwLzCZt/RvJpYYwCgYIKoZIzj0EAwIDSQAwRgIh\nAJQO6lA5qxr/iZ+5qaArX9YJc9vJDZGzL3kXFPaiS6VAAiEA117ikQUTSeHs2Jox\n4eynw76dvIBHV3YqXtyuxic2JYI=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUX7TC3VFAFEagwtl7JAYHPf/eFuUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAyMzc0MDE5Njg5MDg3NTA4Nzc0NTU5\nNTU1NzUzNjExOTc3ODkzMjIzMjYwOTI4NTExKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBC+FNsaS/wvaG7gdByxDHTrfdFac7vxSNZpOGJy4qGh6zjlxdzle+uWAww28qHI2\nhJ6Gbk47/ie6wVB6EaBnNwOjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFCe2MYld\nUfkrCbpcC8wmbf0byaWGMB0GA1UdDgQWBBQzWcZsDgWVvUJCKe841sruVVRcazAK\nBggqhkjOPQQDAgNIADBFAiBW8XEVU3fnnaylP3CsAY/taDngNslPOtxMUENyNEvP\nwgIhAPcGUfe4wYzbbo3TrhxEZoV+D8Qsk6nbgKQF0SXEGUlJ\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUNCDk7mONC122qX6bGeTQXXE9QYQwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzc1NTE3NjM1NTQ2MjQ1OTc2Njk4MjA0NTc5NzIxOTE0Mjcy\nMjQzOTM4NDE5MzIxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWB0R\no9rcr61T83sak7jWyyOsZ5SJCYMso48Z9t5CjJyeKAS+UIxyXHRpKoxDIj3KLcOk\neJBQumRi26KxBxRik6N8MHowHQYDVR0OBBYEFLs0q+cB8xiOqEon/sr4w/EnUri3\nMB8GA1UdIwQYMBaAFC6FZtqDAnrHQz4lcNWOyl/DRi6UMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiEAospcymgvxSjZVmlgh2yKwPXtvL84mQEoO1ptDASFBsAC\nIBtJKh4C3cCOpHXSfBB0bQTwxiK2PV/5RlHpjPQ4TfGZ\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUc4vzhZZDI+vQqIg4fQj+AKhO9cAwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMjM3NDAxOTY4OTA4NzUwODc3NDU1OTU1NTc1MzYxMTk3Nzg5\nMzIyMzI2MDkyODUxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEt/Wf\nDHNtmrKHr907dNxj8eA4dz/nV9GlortEPYzLw25NwJkwiM8G9N0RkPhj0zprkelz\nBHpyyNSmlSAIcvA6/aN8MHowHQYDVR0OBBYEFOvNDyTwU7s/PzLutB0Lzj7Witq8\nMB8GA1UdIwQYMBaAFDNZxmwOBZW9QkIp7zjWyu5VVFxrMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiBXeQ1aCYZqgbJnPLdhiYhM/o8uP7/3DEe3rFVBVMioXQIh\nAK5G81wfwp84pKgG0T1evkEK64O6l2bY/YTmsgfW3hEB\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1831,12 +1859,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> EE\n```\n\nThe intermediate CA does not have the cA bit set in BasicConstraints, thus\nno valid chain to the leaf exists per RFC 5280 4.2.1.9:\n\n> If the basic constraints extension is not present in a version 3\n> certificate, or the extension is present but the cA boolean\n> is not asserted, then the certified public key MUST NOT be used to\n> verify certificate signatures.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUIBdIpMviQTvog7+p8jNqHPx8LP0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATkKV+TPNeL+GFKxijo44Ms5K9tl5yik70KpkUd\nVEzY3CJueSqr2HOQaPWSZPyFVSI9DJE2bBldKTJYdo6ocb3Xo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUqHgzXwlAEfON2RUe73gr7wqiPX8wCgYIKoZIzj0EAwIDRwAwRAIg\nQuZnCthrS3r8sa+ZjxHPMmLilhBdDI4ym4ryH5rp6o0CIBvzOYc7PzLLFXqYc4qY\nkv8AP8WOXeKGk611sA0e/UfY\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUTN7kSI6K2Ffv6XylcfAWu0s9hEswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT7/AzoyCtRh8JeicM0Jq1a/fTWu14OjSv040uO\nIDX/bTVCFN++P/CRfyocQBdEhcCr2yBrKWkSdfBjFZodETPuo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUWHD+GitPbfhARkhE0HrJA6aXKgUwCgYIKoZIzj0EAwIDSAAwRQIh\nAI5Ek8gK5mEksGGIr7r7QhJDhqX1lVLOIne3NRnJMTTvAiB28cAoXxoJiq1rZaP5\nz64nGZ6KBvNbwhTpCtrSfyTu8Q==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIUHhbPDxEv0G+wO7SZJ78A9h1mo28wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAxODMyMDY5NDk5Njc4MzIzOTYyMTY3\nOTQ5MDYxMzU1NzIyNDk1MDk5MzM4ODY3MTcxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABEWfQPlOjASQjnfSyttp4KJo3UjgoEp/GRix8OnQbsdBPCGN2mPHLOhxIz81\nzyu+cOTE6Oq8KQU6a3lLmogODdmjdTBzMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQD\nAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFKh4M18JQBHz\njdkVHu94K+8Koj1/MB0GA1UdDgQWBBSQa8NzvjlcarF4Tl4blwaZtAaGXDAKBggq\nhkjOPQQDAgNHADBEAiB5Wvcy+yq9Rk687ZVORtuq/2Go5oarziehD7MbAcM/jAIg\nZGw70ScSUSDTQ20i2bKFoVssAnD/FfT016E8c1M6dL4=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUCmidt7qlA2bsSSZpw5eb6yuAFNwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0Mzg4NTM5NTAzMDc2Nzk3NjIxNTg0\nNTQyMzcxMzY3NTc5Mzk2ODIxODgwMzUxNDcxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABNnEAfVjlC4Fc2EqCAhkgefdBpb3kTMToq2PcwQV+R/pDYWwiMYgkdiKM79k\nlAp1LIFvqdDW9qH2RT02pRKyunyjdTBzMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQD\nAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFFhw/horT234\nQEZIRNB6yQOmlyoFMB0GA1UdDgQWBBTw+7w0TxOXhQxHA/pb17VV2lyrVjAKBggq\nhkjOPQQDAgNIADBFAiAP7nsWHedek6MoQxGlru5RXI0TE65wEtLvOTHqESeWlgIh\nALUNSq+PzqkdJtQ+cesuCxTEsR+YutqAQKpWNdhprDbs\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUR2bdbWQM8F1//6cvL5h6ZNt/UhswCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTgzMjA2OTQ5OTY3ODMyMzk2MjE2Nzk0OTA2MTM1NTcyMjQ5\nNTA5OTMzODg2NzE3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nlyrMHL+T9vr5tumHwsk4fRkZZRL9md/R5fBqzTV+YLgBVZaBzYaA/NiSEfaacnyv\n4wT+YnJWqPiSqKNrhWH9v6N8MHowHQYDVR0OBBYEFBm11S9crzAlCK+c2lqko/+s\nn1/RMB8GA1UdIwQYMBaAFJBrw3O+OVxqsXhOXhuXBpm0BoZcMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiEAopnTBTSEQy667Y5LIBeEnwshOQIZ5eb/bbEn/Urb\nWoUCIFRAAeM87eD6grWpJD3adGtKCNI3KYMq51dj5OR8r0ef\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUMuXHIHxRVEztnRKaFanubhLges0wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDM4ODUzOTUwMzA3Njc5NzYyMTU4NDU0MjM3MTM2NzU3OTM5\nNjgyMTg4MDM1MTQ3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nTEdlE+fl2xB25WhYnUDndgzn9ssA3zhqen1b/XcanKGZS0Wr1RJeQwXV2nx19c2Q\n9P4hJJROp74H0WGMnB7H2qN8MHowHQYDVR0OBBYEFInbnurN4nWnA1uHhQXQk8y8\n5vHfMB8GA1UdIwQYMBaAFPD7vDRPE5eFDEcD+lvXtVXaXKtWMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiA267rXk4fL0siwkWLShqJOLVQ0n1hZsfwEUqOQlNk2\nvgIhAMNzvSMdQqSBcrHdj71TZnQpeJX4/Bb5D+pGyoles2vt\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1856,10 +1884,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA -> EE\n```\n\nThe intermediate CA is missing the BasicConstraints extension, which is disallowed\nunder RFC 5280 4.2.1.9:\n\n> Conforming CAs MUST include this extension in all CA certificates\n> that contain public keys used to validate digital signatures on\n> certificates and MUST mark the extension as critical in such\n> certificates.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUOuO8M2B8SRd4N0ZTTrbJ0iBR5zQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATfkUUqFRs3vgUaiFPR8XupX6AwuASIN8SCLC5H\nxf7dfmBRurknM1UgO0hN8sW8ZUt7KUGTuN8j4q0mzIM2uQRwo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU+mgrCqmY1Y9AiiawXfEwVEnnLF4wCgYIKoZIzj0EAwIDRwAwRAIg\nIjxauaZ8d0EOhgmLznjHktZ6blVUDywdWby06gKlm48CIBZjeGHpZaPyCKoyB1N3\nRfLtGX8HpUL3CrnFWrZfeIME\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUP36pr5mNSkasRerHi/Dgozcc12gwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQLPxLQ4HtXbF5rECO5UJixTZKQk/FXuFTAp0XO\nzNqs6Rul1ncpEjjO9u1B0gQzJy+sURwtA68PT1nnlGZUQNboo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUmbqby+CcgGMqqky7H8ThEoV2H2cwCgYIKoZIzj0EAwIDSAAwRQIg\nQHQOsrCfG6GllCidTlsJNKQHmeUBjDHwTOH2HaAtcwACIQDesubi23D7XRxkDX2a\nwRDnz/YEWqOvQ8QAv+A/53eyDQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUeGy+iH0hJYmsEI1Tm9b7f7Kd4MAwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMzM2MjAwMTI4NDYwMjU2MjQyNjM0MDQ2MjI1OTExMTU1MTkx\nNTI1NTg4MTk5MjIwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nKE3M4u97pE0Hh3KQ2JZGeyvqxR4o7wejjYD2SW5Qa6ZPF8X/ArzU+3w7H6RlSKt8\neyYH/RmLU8T/PMYWKeSfu6N8MHowHQYDVR0OBBYEFExg9YAvpw4+/Bue0OJNuWhM\nlSx8MB8GA1UdIwQYMBaAFJy+djJvdDA/D/RvjkhHfl+sa1CjMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiEAuImSn0QVmXBL9IVQZ1B8PhDBIzjTsz5t8ErQVu+C\nqYICIEybHSrq532NYjCZ1hPqsfyv0fZyy/uEs84Yn/4YQiUD\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUGsE4rJ0IohVeLAyiGIcn8ZKCpiMwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMzYyNDkxMDk0MTg2NzU4OTMwODk4MTc5NDgyMDkwNzg2NjEw\nMzAzNzE2ODc0MDg4MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\niSUetEQ6vMg4hF6rRtEmNeNFpgGSPWVbYejCMJS4+t8tg/vDbb6luBjqfGDWhk7B\nvXcZX3ON69O7kc54eBQSrqN8MHowHQYDVR0OBBYEFDyn4R8JFDH9l5TFsjTD3XD5\n7xn/MB8GA1UdIwQYMBaAFLtfbgXFe4QwN4dFpnzcYlHwapfsMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiAP+pHb4jjshy8Un9Ai7ESZTEiDrHnUK/4huKp74L+L\nlQIhAKdFftmZInECWfMlceLp0eCtKqbHe8Z9X5peRV3vJtBX\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1879,10 +1907,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root CA is missing the BasicConstraints extension, which is disallowed\nunder RFC 5280 4.2.1.9:\n\n> Conforming CAs MUST include this extension in all CA certificates\n> that contain public keys used to validate digital signatures on\n> certificates and MUST mark the extension as critical in such\n> certificates.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBfjCCASSgAwIBAgIUdfonGovQaeZgXOxZe8OBaua0KlswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATycME/VwbDYgby3BsAObt00VssRQshNhLlhvbx\nP222uPV6AaEmi5UrNS9ezm+F0/YXQGI4LpdswYpHdzjv32QLo0YwRDALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFFjF3i1LdcCu\ndUAN3boQbgQO6S+9MAoGCCqGSM49BAMCA0gAMEUCIHSc9zP/EPeB2Xo/F8ORkpEG\nl/op66TNY+c8O+URSJKEAiEAtIx4uOWaWUXEQqQ4PC5Gd5Bt+G4EYEAPcEcvE7N5\n8+4=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBfzCCASSgAwIBAgIUI4X2MAHSEi9VPzlIlLoV/yiwQ20wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATs7gBE1tYII5mq0gVKe/z3491IiOwRHebq/7RB\nMovBF10j0WiGrKvntVehs7zc5sWozmtOoE/vsiw+HlMFgs3qo0YwRDALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFJw/1i/Q5vRN\neopuZMPRmWHHPKCfMAoGCCqGSM49BAMCA0kAMEYCIQC3ZeKd4HYUdzfwnPOJrSeX\nxc2kUgGdNYEOfoc9y4TTawIhANfolCsNohgWyrgCnEgkvYJAxp58k2lr0N0elJGO\n6ptV\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUW5JcYvFVgji0uyKPtomPbi4MJ7cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABF4pg/nb557ROztirJmC2H/xdBg8Ca/IKo4xER8zml5j\nEYwHhIMa6Q5vfNesPo4J69bhlcZ0NL/BO36DGxJpOTOjfDB6MB0GA1UdDgQWBBTl\nTpn4zqnSjLlAB+bUMSPWHmpZPTAfBgNVHSMEGDAWgBRYxd4tS3XArnVADd26EG4E\nDukvvTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAKOb7k2063hDeIwVhOtQ\n05iJhx09sFb/Y24l19yw1CatAiEA0xeo5MdeQt7qKSSNFd2ELgoVwPwEPIxFprMN\nBgDlHME=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUdGLKryJ71bomly9B4wag4evAI4UwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMBAzXu7SbG6JqMYz8AwedTuwQuJt8wvxa7YiUhIfOZf\nJpaCVfbhl0eY2d2QvM+ut9XGkOnvwqETTLN6di+2drijfDB6MB0GA1UdDgQWBBRF\n92iRr1nT8ZuLDNaI4GXpbP/8vjAfBgNVHSMEGDAWgBScP9Yv0Ob0TXqKbmTD0Zlh\nxzygnzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhANCZ62J+dHLCQbK0mVxp\nxUaplNCtoz3YTAXmYtqTbzXkAiEA0LT7dhfQzi5tI0u4XvTZOKzgjekcPDq+IViN\n119IO70=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1902,10 +1930,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root CA has a non-critical BasicConstraints extension, which is disallowed\nunder RFC 5280 4.2.1.9:\n\n> Conforming CAs MUST include this extension in all CA certificates\n> that contain public keys used to validate digital signatures on\n> certificates and MUST mark the extension as critical in such\n> certificates.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjDCCATKgAwIBAgIUVDp6BzCkO0MG7q1g1SDtqOU5SDowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQQSLEQlpmaAeT/DY4OiS4hXCGgiQdA/65lkK7c\npemXEZWKUEMd5QI7hhvJQ7WylKjFXBi4WedBW0xiIy+tI9F5o1QwUjAMBgNVHRME\nBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAdBgNV\nHQ4EFgQUfcAuZWDiLCRo9SuiY6TuMI45vSEwCgYIKoZIzj0EAwIDSAAwRQIhAMul\nUbmluJDZiKhq6acEEerdOVayZoU1B0O5cFdfxsWSAiAbLuZAzlCfMVVRqdt+fDcj\nmrnFwafZ4GkL0WYQabER5g==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBizCCATKgAwIBAgIUI2w6ucDLmnV0E6MLom5gDs+Lu/4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ3rmHwZdiNITRzunWDTDPrImW27R3/tQ6h2BCm\n0f1ZrhgBpUyd1wReIq5H6p+ZU9Mi4ivtldDLBTFIjghPx1CDo1QwUjAMBgNVHRME\nBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAdBgNV\nHQ4EFgQUEkYS1wmFXmuzyUza2oZrXtDAe3MwCgYIKoZIzj0EAwIDRwAwRAIgTv9E\nRZujuOTWK944rlfu1vTcBeuoZBkZ60KvWW8BUQECIBmkHUb9mX3KsTEdL4OS8+Hq\no9tCBwok59W6c3DtAjyw\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUBbOuh11WipvZQcf7Dvx5aDhxOEowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABKoY7rcJ879krM9dxaYHltLX+eVXmtUWI2vhhVrY7cGt\nsUDhe/tGQrWeanO5g1qDN/69BkraYXo3Sf3CEM862GujfDB6MB0GA1UdDgQWBBT5\nbAuQ5bNF9k9kMHNqPwhnFr4z3jAfBgNVHSMEGDAWgBR9wC5lYOIsJGj1K6JjpO4w\njjm9ITALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAI8cEkGp+wuwBzGd8yZP\ncE+rUCBzqUxKyyNlxEO3RfP/AiEAvfo6n9iDE0FM0YVBEl3G/DTmHfKCntotzVx1\nvLwc28c=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUU3YRh7VTOVF3z+d0VoswisXpvUswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHJ+rSKYsshrpxUiHPcmimTposGhoSHL6tTKyle+sF3q\n3NGnkKCnOnkM1EednxaVf1fmlXcY7h2LfiW1BLIHdK2jfDB6MB0GA1UdDgQWBBSz\nOdzZRNSo1wu7GED2EF1kJmgjkTAfBgNVHSMEGDAWgBQSRhLXCYVea7PJTNrahmte\n0MB7czALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAJOqhkhHTmiwddSkkgYO\n/aYWPgQaKmIcqLVOFIdeyHnYAiA7sHhu1AddIjXG9E8e3ThyPCl1/4QbTvDlhiOE\nhiPwnQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1925,10 +1953,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root CA has `BasicConstraints.cA=TRUE` and `KeyUsage.keyCertSign=FALSE`.\nAccording to RFC 5280, these two fields are related in the\nfollowing ways:\n\n> If the keyCertSign bit is asserted, then the cA bit in the basic\n> constraints extension MUST also be asserted. (Section 4.2.1.3)\n\nand\n\n> If the cA boolean is not asserted, then the keyCertSign bit in the\n> key usage extension MUST NOT be asserted. (Section 4.2.1.9)\n\nAlthough the profile does not directly state that keyCertSign must be asserted\nwhen cA is asserted, this configuration is inconsistent and clients should\nreject it.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATSgAwIBAgIUZCJzxCyUsAlq7Sdkxwhup83MBq8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATUoEV4DpI0cL00oiSqfkrsI4azWo+sZe8o0vs/\niU6PTNEPEUW39T7GKT/xFhmxvO3h8xdkoaXCcr2BhPUrUZaWo1YwVDAPBgNVHRMB\nAf8EBTADAQH/MAoGA1UdDwQDAwEAMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0G\nA1UdDgQWBBT4eqqVKD3PCDPrwVURKTyLmGvD1jAKBggqhkjOPQQDAgNIADBFAiAO\n0DkI/++76weMxUIEV1dguXE2xJfR1dh0MKhHUhUyrQIhAKokDQIxCtEezdeN2xY3\ntwejFuN9rlj51OI23iBgkBCr\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATSgAwIBAgIUQKDzntSbku6h7sovG8J1qBVT7PIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASS85AnOyzxh1uxeFujgGpQzLjpw0htqvPh7AbV\n63F4SgoWdvbU0tQLCLWkkfeCEPfjXN9jBRwjZxDv0Ft6hCPJo1YwVDAPBgNVHRMB\nAf8EBTADAQH/MAoGA1UdDwQDAwEAMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0G\nA1UdDgQWBBS05++olfLoMGDtEiyX8l94ZVV57zAKBggqhkjOPQQDAgNIADBFAiBx\n9kgD2eAk4Lz4hI+GJv8gVrPFEaQtBnwoxJlzhckDPwIhAPvT2oZ2CJhQidvA5ri/\n4tf9MKgFi8+i7ulLfFiAy7BG\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUc+tsB5HCgRl9lO8H1ct8/FLD8zIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABCsrksyaPMHtGQG20jeNs0ncHCdOT3XtlezECDEwgHeq\nag3rdhGETIuUQJh9vsQM3SnF7jhbkdIl9BduQiDX8mSjfDB6MB0GA1UdDgQWBBSN\nJP9v7HnCWmYCDvuauNY6yFuaTTAfBgNVHSMEGDAWgBT4eqqVKD3PCDPrwVURKTyL\nmGvD1jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhALIWMlPxOfYIy9e30w5R\n8q1DkByDDJTjmoGK1Av8CDeZAiEApVyVYiNiz1KmpO7u5vBUlZSKuIhzClJH1x8j\nIrg3Wdg=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUF0n8AJv9vBELcgtGcxY/CjrKmaYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABB6FU27yIemJDlZqMJ5r5YZBJ5W2KiJw4gJ1Le61kjED\nNLljXMCzBT9kHNc1mJ/h8jdgksRryn1z+tlZw+6Ehr6jfDB6MB0GA1UdDgQWBBRP\nCZkeJ/Y5ymXDGWYHwVh865ihdzAfBgNVHSMEGDAWgBS05++olfLoMGDtEiyX8l94\nZVV57zALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAMaLA+azRj+SdbJmcUmR\nOkR6M/aKcyngxkfmlZXh5YnCAiATexr9NmBsyfFt6pye1IkDlAqwBdZsYQ9+zJjA\n++uShQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1948,10 +1976,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA -> EE\n```\n\nThe intermediate CA includes BasicConstraints with pathLenConstraint=0 and\nKeyUsage.keyCertSign=FALSE, which is disallowed under RFC 5280 4.2.1.9:\n\n> CAs MUST NOT include the pathLenConstraint field unless the cA\n> boolean is asserted and the key usage extension asserts the\n> keyCertSign bit.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUTFjZkbQDhWU04C5Aw9+sBYViS2EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARB2mCnX+bAbgxsSG7z38NZhpHxeWYpO6SEHYDY\nPulNKT0VLDl14X+Jbpefmwk84fcLNqnkMCg7dv1UDuegf3G6o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUXQIyglVwfw4XsLpkzziNwNv55aMwCgYIKoZIzj0EAwIDSQAwRgIh\nAJmwfPMOTq2TGHlHZny0BnqFb6MOA6hGyUUC+ouTHCDNAiEAy3RUZkFfNnEd9X01\nClEpPDwtX1JqKFFSIR8RjqKLF9c=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUKqAXSZvxFxLhxD8iAm2FglfocwwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARL2wTppjfDCx63GCAQgt7Ck9P9htrzwGEfeNm5\nt12GFAYx/4Mz8B5XXbLCW1q/P6CE9yBnGBhMAtroDQdYldefo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU8cSCJtNa6utijFmiQAQaWiNriaAwCgYIKoZIzj0EAwIDRwAwRAIg\nEYocHrKn8zwluqvELEGXQFpxCHekOjcWVdvdyrNIb2ECID+AnpvASRoTrrFMzzD+\nuyjkaYFWsD5brVb64iqgUuoh\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUMy+D00aE6/B+RBWTIkuC9Jg8NDkwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDM1ODY0NzE3MTA2MzUyMjE1ODk4NTE5OTk3MDMyNDUyNjkw\nODY1NTkzNDA0MjU3MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEt9FT\nyDyl3MYs/x/IN/mb/YLPhWP6S0OKf53qkCZ+DLP6+fYadNXKgJc9IQhlQ7QPCvxy\nggmpZxTBlVknPxozuKN8MHowHQYDVR0OBBYEFBUGmmvOqxPQdM1NCtbw5gtiASsT\nMB8GA1UdIwQYMBaAFKRu19cA19MnwbZyscr0O8hgPdVfMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiBtsA9UyrWy5uCZBtFvATYMlIeUV0jXSpL3ziKgamXuGgIh\nAO7Bj0gBPXPiKt9+BOyUB0TokvaWO2Y451KGbtDBlR61\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIULY1KdBX67yakoV0rGrJUmflBVyYwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMjQzMzQ3NzYwMjM2ODM3NTI2MzE1NTg2NTAwNzc3ODE3MzYy\nNzgzNDI4NzAyOTg4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP63V\nPBUuVHdjgNROhh7P8ZFuBE892IpRm3SMG7w6rk857n2kIf9t91PI+K1fGSAL0RGb\nL1Le12mF7r2XrGNcG6N8MHowHQYDVR0OBBYEFH9pUWqtcO2N7CqgB3/7t4W7ICUL\nMB8GA1UdIwQYMBaAFF0wl6Wl+hPA9ByprMcfhk6MCYSSMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiAe57xT+UbJDB19dZs+hru4UCQ9dG8vqzAqxuHPXkatpwIg\nSxAMmZcot8ppUSgxCIUGHZWjw3JM1lRoCfmRb8KxkFU=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1971,10 +1999,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe leaf has a BasicConstraints extension with cA=FALSE and a KeyUsage\nextension with keyCertSign=TRUE. This is disallowed under\nRFC 5280 4.2.1.9:\n\n> The cA boolean indicates whether the certified public key may be used\n> to verify certificate signatures. If the cA boolean is not asserted,\n> then the keyCertSign bit in the key usage extension MUST NOT be\n> asserted.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUNKcZWcla6kCubao+XnvSuds3mRYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATcApGyNFTME4nKpB7SCSX6KAbMTfYdhWUPopTe\nYLa0FMHtD3CIm2510rpDOoBthufUUo33HyHi5bmS08D3YgX2o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU8BXHlWrG9v+vv/cJoGDcqrtTH0cwCgYIKoZIzj0EAwIDSAAwRQIh\nAPwmcqcsAeYugb2UT9Fn9qanbCeCAYe4UTheWzLlnbX/AiA+2eHVxkIwF9VLMGAb\n0/ZDw4VY4K68IO3JF2CDOrRkRw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUDSysyjyu3y7mvPrf3RuTaKvxWEkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQcwJk80VNv5LlOzkk7VnGdxyUL+GyAEDfEj75k\nEMH8uz49wC8Ae1a4dZ58HObkGmFtJhn4FL8Lr0688eLcE70Eo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUwTUmp+i2GsUKV15+z474ARwvNN0wCgYIKoZIzj0EAwIDSAAwRQIh\nAPYSjl3+UV5nyABdrXro7NBl657/BausaTmiS+/GWVQmAiBNBeEbFfLjvqNxhZnX\nr/rCqbO+p70z2ZtnNtduS7DvmA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwDCCAWagAwIBAgIUGa0J8F25yMk0iXn2SV0K1sgp3GQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBaNa7EtgOUJ8BZ72EMPD1iCa4AiwP+ZBWuS7sCWAjWI\nghhpQyxBblsFIoIPoS45G0yNxakgfpjKcNa3WzrWPCijgYswgYgwHQYDVR0OBBYE\nFCvoS4nOKm0ngGY9Y6DR1JpebxmhMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU\n8BXHlWrG9v+vv/cJoGDcqrtTH0cwCwYDVR0PBAQDAgKEMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUC\nIHRKXrSRLLHbWzcZmRfwjnUYIgXMWni5TApS3uyRHqZBAiEA4JoxX4K4yhOjW/3T\n62uGGyW/8x1xa7ScXO/EIcuzgMU=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwDCCAWagAwIBAgIUNJk2FozORdl9F6MadQtzse6EBn0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABFpegQT6P1tbbuO+0ko1Hcgo4GQYAr+r4EUDjMsLkMmE\n4gWItfpidEyBdr1e5VmFqAwIApyHUV+53OwolwdFaEijgYswgYgwHQYDVR0OBBYE\nFFUP1AYEU5SVDvpvkn9dJxz4sm5rMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU\nwTUmp+i2GsUKV15+z474ARwvNN0wCwYDVR0PBAQDAgKEMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUC\nIBvRftGwwaCzqt6Ssru7yFpfkzOoGYjWs/tSCvvcsyClAiEA6odB9xOl5LT5IXIf\neJaVo0HUBFIyEqOYqEgFdokC0Qg=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1994,10 +2022,10 @@ "description": "Produces a **valid** chain with an EE cert.\n\nThis EE cert contains an Authority Information Access extension with a CA Issuer Access\nDescription.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUOrjKa3h/WGi1YYX+KdHwVXf4VhcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARUAxUvyc83kyRdBJa/xGcHCLxkjl/XAp5vSFOV\n15aDYGtRGV2U8Fp5NzpmWoT+90soNbZN/t79MgzDW7CPwRpVo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUIpEp9feQ6c23o4U/JATklmzyToMwCgYIKoZIzj0EAwIDSAAwRQIg\nWyUTf/OZHb7DamdV5GQDnEazdxrkrErGMCRKgenvPv0CIQCdRjNJ/i6XW8wL+Eib\nxFwZcY+2YQsvKt//TyrTA62BwA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUeaXGWCMUM4m//s3ffBk8QN0uPLowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQI21d4LFaOm7H30RMbZN2gu0r0ziZ3hXkTDV0c\n1wiZKGOfgocZ05jtR3CLuqmskN7IuaDLaFkml30XVr1HiX/0o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUPHwD8k4X0Yq9ANEZ8Us9RfGDC90wCgYIKoZIzj0EAwIDSQAwRgIh\nAJ84E3c3e8MhAOjsoiBJaMd6wFGrZHZ3mIEOoYNX9WWrAiEA6lh7F9lfSkSptddx\nQW40Ooc3TP6kcR3DVkImEhqnpoU=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB2jCCAYGgAwIBAgIUJpP9jIBpetY3wfTkJeWXZCNmXrEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABA+/05SEjXIg1/klMtME3S+7QSjRqjpMKWbfhid+6zap\nL5DE7dNIzBQnGTNYWCr25cGjoxjGKFNojT+E4Csn906jgaYwgaMwHQYDVR0OBBYE\nFPwhKki+3I4Vuf8ZpKtLa69C9M5pMB8GA1UdIwQYMBaAFCKRKfX3kOnNt6OFPyQE\n5JZs8k6DMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAnBggrBgEFBQcBAQQbMBkwFwYIKwYBBQUHMAKCC2V4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIBdq/dvjsPUjRINDJWhGBU79zdfd\nF/0utJcxKKJ/k7BQAiAb72tmbYsaj3tOv32gtkAWeXnEcU0bwVXOk4a5NzhYlw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB2jCCAYGgAwIBAgIUeIhOIee8xvGQOCJvIZp71INmY4kwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABPhlKa8rgYuLG+43bljyJCMvxYl9OMMCySCcq3Eda4+7\nEDxd5Kuxs9MEKNC1/BtwpG7cAed6AAMy/SXIJFtkjFqjgaYwgaMwHQYDVR0OBBYE\nFBxqIgviIkSNElLDS8FD3/JjDddhMB8GA1UdIwQYMBaAFDx8A/JOF9GKvQDRGfFL\nPUXxgwvdMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAnBggrBgEFBQcBAQQbMBkwFwYIKwYBBQUHMAKCC2V4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIF9n0xniCp5YNbcPZq1xlw8eG4I5\nAfyRQ6M1cnvN+pR3AiAvymE9ZcyCb31gsH+LzfMdRGeqQaF6M58VVIarJ+dTQg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2017,10 +2045,10 @@ "description": "Produces a **invalid** chain with an EE cert.\n\nThis EE cert contains an Authority Information Access extension with a CA Issuer Access\nDescription. The AIA extension is marked as critical, which is disallowed\nunder RFC 5280:\n\n> Conforming CAs MUST mark this extension as non-critical.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUYB6Xd2ToJMOLtFgQ+VIXE2e8c6IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASYXoah84QHMDOuPhxuTLTZ5XFbcIRB0vLD2OXh\nUtTuiOEvGSvKby7nBlgy/a7V2lFMXoGfPbJWkPUKhZkGbUwNo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU8Jxxg6p/Hhy1S8WYXT4pZiWtoAIwCgYIKoZIzj0EAwIDSAAwRQIg\nLYeEtmG5g3lTQoV0XF9mNFKonT2suxuKcyf6zpnHHD4CIQCbXVNeolrqIQohP2Qi\n/KFrWUSbRQsbjYE0qmwkjb4psg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUSFrbTXza0psRNQT/Zkq5P0xUpLAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATyVaNLW88YndAhAeBpGK7MDtdDYPzXaT/oIQbu\n6uMLurgBUQmsnFm5fojI2j0EUDqe8f0T3mUbOjyKjy3XzZZNo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQULdh4iyksdvdmyhoWIYJmJkHAnOYwCgYIKoZIzj0EAwIDRwAwRAIg\nJyK2e3VAtmtH+1f0G6mKswKLtNvkkyupvbuPCUE1LsgCIGnTM/QDKbMlcslspPSm\noseR0UCFdSOPgzSDb/tVsOaB\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB3jCCAYSgAwIBAgIUKE/o/wIzF36eLTzYZe66fzwwcKcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHwgBrwlKn6PLcPUeNkxjQixJqYnR0X3PKbO6DV+wU7D\nVZYOn967Uj4C2lLnnOCyQu4/PtWnmnfTh0MZGaBt+lqjgakwgaYwHQYDVR0OBBYE\nFDkZzUEwSaJaNXdV9fwXmpQcGp0BMB8GA1UdIwQYMBaAFPCccYOqfx4ctUvFmF0+\nKWYlraACMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAqBggrBgEFBQcBAQEB/wQbMBkwFwYIKwYBBQUHMAKC\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQDRS1oi795q3vxLEehAg2JU\nYZIIk0QXSVrj1XesoJdArQIgXxuqMzny2Smn7WE6qqMyvcW15CttAe238v83Aves\nQMA=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB3zCCAYSgAwIBAgIUK0CLBixyUUTLxtaIG0ACpGZjgicwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABCvWUIx5NtMoBW9c6g6eKWvpB7KUmnvoCt6Ab6BfJn8W\nk3vuOWkM42vXQU5lSgagaRXamUrZRZVXb0NQjpcUokyjgakwgaYwHQYDVR0OBBYE\nFJdf0n0v3pAjbkfwPsWPofKxzROEMB8GA1UdIwQYMBaAFC3YeIspLHb3ZsoaFiGC\nZiZBwJzmMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAqBggrBgEFBQcBAQEB/wQbMBkwFwYIKwYBBQUHMAKC\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQCGykd7bGY1XrQLTNDUX8/k\n3DzxmCIiHsp213KPQ7O3swIhAOB6QDB0i5PCmKZ7UAOb4MaNE8Lx1/7kjaeHhNDV\n7bnW\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2040,10 +2068,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is invalid solely because of the EE cert's construction:\nit contains multiple X.509v3 extensions with the same OID, which\nis prohibited under RFC 5280 4.2.\n\n> A certificate MUST NOT include more than one instance of a particular\n> extension.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUXkLTccqZ5p1cjDc4yPK273OqsJ0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT8K1owq9JoHRTarnnS5u7W6g+vD9GYEJklih4s\nLHjCASA5tbORb7hWOmWlzqtUSmqfPu/4qFDClpFi56Ff0xRDo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUBB9aqh1Zbfr4cnepdfI7CAx708kwCgYIKoZIzj0EAwIDSAAwRQIh\nANTJx9L2Fsos8OcJq4fKlnO5Nj7A1QmvgRzg+FWqw3d5AiB/Q37UWdooon6hyoE6\nP7jkK7iRnFF+nXPhHb2/RtK+8A==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUDsB+bDdTOUzh7rLXEj/J0OKGJq8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARzJYZgyK+heju8bmGl+jeBHmxYFCpwjiGvf9Za\nNcAh62LaguaducMy8QJoRo4ezBQfH9j5NX+tf7PuZPFTY1vbo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUbsOa/EiYYBeXbQ8crlSs332AxJ4wCgYIKoZIzj0EAwIDSQAwRgIh\nAPjFH/LvL96cBfkzPdwfsLC41mEpadcB39KpI+e8GPb9AiEA3EFk8mQs/J5zIO4l\nqamqz1sNWhtKrnmr3V8ncjIeQdY=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIByTCCAXCgAwIBAgIUI38q/Fi9I+6M2FMuhnOeDCsEnc4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHqek06pRder7OYuyGaKlC3q3Os52OFjTWQ1e9DGCUTe\nbmND7CdN0ZcVtxx8ZfMSPw5pTouCroI08LNHCiV2d76jgZUwgZIwHQYDVR0OBBYE\nFGLYdk1O/MzHjDvQsUZHPxr5oDg6MB8GA1UdIwQYMBaAFAQfWqodWW36+HJ3qXXy\nOwgMe9PJMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjO\nPQQDAgNHADBEAiAV9/Xzb/7VUOJgpJ4BrwqOhe+7iGolohZi/Rk/pyFxQwIgAOSA\nx+p9/GnvEqLnBSvWbw/H9fkFteIW1s4K1CYO8/c=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIByTCCAXCgAwIBAgIUHE8IMuvQUVXO6xUwlUZazmnXRkIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOt8YdE6veVqaXtKXemz8ooAubF0AXZMih5JqGcDJ4/x\nlyzh9fgC7m3QCeb3vyZeZ8NHflPfNb3OJac4ZrzShR2jgZUwgZIwHQYDVR0OBBYE\nFEFkNLAzXb0jnn2Jp+1DihWw8ebZMB8GA1UdIwQYMBaAFG7DmvxImGAXl20PHK5U\nrN99gMSeMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjO\nPQQDAgNHADBEAiABYBCIVPPQ+lB48n1k9Pmj8ZWuw5D8tsIqzxn3A6LBrAIgY+IH\nnFX8HsvnnMAfgtc2tT90hmdKVxD0SqQup+U0z6A=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2063,10 +2091,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> EE\n```\n\nThe EE lacks a Key Usage extension, which is not required for\nend-entity certificates under the RFC 5280 profile.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUYSPlwjQrRzy9B9dQkhhAq4aez84wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARdZm+/jjYTJWbnnMMespnH+oSFDEfZuCDihlyu\nctLlBHv4jBOA3cxbd1mBEi2k7HQz03EHmsDZhgaxju9MdQhWo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUir9wINJ38OeB+JqRPjsf9BuGO10wCgYIKoZIzj0EAwIDSAAwRQIg\nPQIauT4Bj7RjmzXDcrtdX5oLQQgKRKco/8aT/zmCPdwCIQC5XvIGlF6lZlkUUIS+\nF/libaOJkUTNr20Hw7O6xgKRbA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUFL+ilm9vAQS0qJAmHBfXn48FgA0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARrdNMsFChZQuShS1PQo6911vO1fqxaussVyQ3w\nGB+9rnuXJdR7fSpLRZtAfTNPHmRpyK3VpRGoF2v1GY8mYOkKo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUhfzuGRZtnK7oGbCQDlcl7Q3Zi0UwCgYIKoZIzj0EAwIDSAAwRQIh\nAOTFBHO6AIVANvRWsLmsupJFwKFUfoYhqbku7eAi1JmZAiBQPhDaRR42jxNeGCih\nl64n7BUanqNEMKjRt56j7pvlzA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBojCCAUmgAwIBAgIUCDWw7GgTCAciH7paiHpzDITgaJ8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNT3xQDb81J4uIKiceV71taBArALLMnFVXbG1tvv0jTL\nChxp9Etne6EI66o2+R1bUiHFdOelUImBuuJ4qVN6zrejbzBtMB0GA1UdDgQWBBTq\nSKZanxY6sjXSxZ9tgDdvXi1dDzAfBgNVHSMEGDAWgBSKv3Ag0nfw54H4mpE+Ox/0\nG4Y7XTATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNv\nbTAKBggqhkjOPQQDAgNHADBEAiAEtAze/zpwRcEMbEYLbkJOkm2nhvJ+wOh4otzT\nkRGi9QIgewi+mRYQBQtB2DNTxTjoT6AbO7Nw3VZ0szP2JGan8Vc=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUarT2uLc3t+t4UwlaBBwVeUUZNK8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMSXjpxzC0uctB734C6BFGo3mOZ9GXHD0CSeV5Qvr9Ya\nW1O5lTQntdZSaugISXQetT40KrOMX95WUWBR5sg899OjbzBtMB0GA1UdDgQWBBRK\nPm86uhvIRMKm9Fb0Npl1vL6+GzAfBgNVHSMEGDAWgBSF/O4ZFm2crugZsJAOVyXt\nDdmLRTATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNv\nbTAKBggqhkjOPQQDAgNIADBFAiAVRY0vp3yczBkSGq91LzWCv7TFPHq68xy6iy1X\nKYU6GQIhAJ0hiuYqoKjfF7FvDdq3/4qth+VzmWEjPVqwo65KvVid\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2086,10 +2114,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> EE\n```\n\nThe EE lacks a Basic Constraints extension, which is not required for\nend-entity certificates under the RFC 5280 profile.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUCvTtRf+N1rKy1e4pMEdPJO6XSTQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATd5bLFu3lRUiEl8XkgQgqSonkAgx5EJmLhu0Jt\n72jQuaVdTEJ5snMXlpo7xyKL1teJUQWvYIeADrxjfA7eGPiro1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUVYqhq4w8kWp8hNXEDcZRqBG0UZ0wCgYIKoZIzj0EAwIDRwAwRAIg\ne90HzstRTteq9+GXAncog8AblDh6YvDWIPAg4+Q0R0wCIGy7Gosg0ls64z6uKKWF\nQoH09sJC/ZruhX/UefYr2LaL\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUKypUj6WEaSUwn2nazxrA91eOigMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARMno6nnsOrRS0C4UVyTI3tik1H/+OFyVfB8n2W\n8KToNhoBTyZcsVsvOTVGTmoJUcPJSADC7P3AuaoXF/+wxzwqo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUDe+u44//KlC6wT0ssvmdCbiR+tkwCgYIKoZIzj0EAwIDRwAwRAIg\ndpHc8jaKkWIY6/fhLLU71zqSur8BFqMhYS7oB2Up0yoCIGi3Pb72Js1Q2vu2Cd/Z\n/FJuI60rgLS17uPPbzZ+9F6O\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUSZJOC/6HiPNr7TCU2Xpz9368MLcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDSz5VABaDnt7p5/ijHp9LC+bs0k48OugK1dVACukWMb\nwJlfFVtzz4ndmQcZdqkMWj5o9hTYffFCj6OFDjPOy4+jfDB6MB0GA1UdDgQWBBRz\nOlSKmQhXNJ8sN6TwyqthDT1hxjAfBgNVHSMEGDAWgBRViqGrjDyRanyE1cQNxlGo\nEbRRnTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgH4cjDyWQCRZLQF3X0TmO\nP1n1ixar72gFcx4VMd1gHEcCIQCJUR4jjI6QJBS7ZlOnSffpbtTRH35tM+aI1ZIG\nFgX+4A==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUbejQNYK9gfKSPTSWPBD0+/DVMLMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABN/JiVMJQ6rlLhuYT0yO237woV/ANgLbKCNsyrdhy406\n1+OZbLuk6V4rQatVuxnxsWZrciu3pWvX7aFjGu+5Vb6jfDB6MB0GA1UdDgQWBBSw\nqEvqCTj7AFefhkAO3EPzbe0DZTAfBgNVHSMEGDAWgBQN767jj/8qULrBPSyy+Z0J\nuJH62TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgPvSQG24E6b8tRKoWuW39\nvoXTwxYESZRrkwcQUZtcQGQCIQCmrXaRxu45ADElBXe93vIFX7X7lZvn8Z9eD34r\nOry93Q==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2134,10 +2162,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert incudes the authorityKeyIdentifier extension but without\nthe keyIdentifier field, which is required under CABF:\n\n> 7.1.2.1.3 Root CA Authority Key Identifier\n> Field Description\n> ...\n> keyIdentifier MUST be present. MUST be identical to the subjectKeyIdentifier field.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBmzCCAUCgAwIBAgIUIzKa6PdCLE7y7mpkuZ4x0fo3WpgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATWai6jocP2rH+cWQ7KSdvdCMU91vj2Ne/89Kkl\nbNgJYEBUop/KRO6haZS/zgDk4WTFKPT+2wZ+bXKEJvG7R3/Ho2IwYDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAJ\nBgNVHSMEAjAAMB0GA1UdDgQWBBTSSHPCesueOSbU6Qblfmb+Wd6xfjAKBggqhkjO\nPQQDAgNJADBGAiEA/F1u5vR/+iUsm1EUZ2zOs45e2/uVQw2GV8iGxSKMxG0CIQDJ\nATHruRjBlKBquyuFZiQAywU8iLNbbkHwPPPD990EfQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBmjCCAUCgAwIBAgIUcnRIZZTBvWbBSDOYqFp7lcBUeTcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQXobCtvJ86j1GT3wVqdOAXvMaMNjlJjj9xJpIQ\niKy3/CvgWAANFefV2C6H8kGncvszT7PAq2pnUMKPwfBQxm8qo2IwYDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAJ\nBgNVHSMEAjAAMB0GA1UdDgQWBBReFz/2/nNtoS+1L9ccrBw0Q1bwFzAKBggqhkjO\nPQQDAgNIADBFAiEAi+PW51mP/qS6t44wqiDS60KD7dXRvY+5P7M76Ss1tLwCIA4A\nTVsPks1ChI1BlxvDSu1ZDD1X87ywQq6VzYmyJjwA\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUIrTvC8fBFIv+IRCiufqWU6SrR4wwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBjXvDyssxA/j5Z0DH5o0WJ1lOxpfKGsSFdg36Lv/XSt\nRB43xnpFP5CUDRpil9j1psSoffWaPjO5sokwgcARqJSjfDB6MB0GA1UdDgQWBBRt\nX4xJAPyGJDMx/FcoIYd8FlSNKTAfBgNVHSMEGDAWgBTSSHPCesueOSbU6Qblfmb+\nWd6xfjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgTT1yNowZ80f0b+cBx8cQ\nOssqU/ZQ1hEwqz79t8gw97wCIFqDWF42G2wPJAoQL6nc2mdFxMshB5LtaoZrB3us\neBrj\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUSnvLLAT//pVErcuD5H3Qre2jP3YwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDmORYGjP8rbbDMQb9PL5FdGG2XbBpU02NMFvVVf5paa\ng7G5xU3xBaz6CMMYciobPuvU+gFJT/Mxv7hyYwrHpuijfDB6MB0GA1UdDgQWBBQc\nDV7lt9lbly1pK2M7QvWfnQvXDjAfBgNVHSMEGDAWgBReFz/2/nNtoS+1L9ccrBw0\nQ1bwFzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAOrzgiWtl0BOH+f2pD64\nYeAxV93gDduCrDXGkliPn1hXAiBkkgMmSDzJHIq5GlCx/1V7Fp5/41wflJeRfGfS\nJcQ8mA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2157,10 +2185,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert includes the authorityKeyIdentifier extension with the\nauthorityCertIssuer field, which is forbidden under CABF:\n\n> 7.1.2.1.3 Root CA Authority Key Identifier\n> Field Description\n> ...\n> authorityCertIssuer MUST NOT be present", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBxzCCAW2gAwIBAgIUax4PjrbSWDp9s4pTj2en5oMGsHowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT9j4e4ClWdg2A2CtPeV97zGitFqU0hFNxObrdg\n2f79IU9bx23tehBqsttgpT86f2/yMAYds7bemp30bv78yoYbo4GOMIGLMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMDQGA1UdIwQtMCuAFPIIE56YEG6nmWyE3hL0X71Z9gZ7oROkETAPMQ0wCwYDVQQD\nDARteUNOMB0GA1UdDgQWBBTyCBOemBBup5lshN4S9F+9WfYGezAKBggqhkjOPQQD\nAgNIADBFAiA6YqppTm8lPtusWc1sHdPxO772DXXbeK5I4uSaxxGx/gIhAPP9zym2\nZQvkJdy5ENtX/xtLy9ExFzkQ9Ue9OJiXr/MO\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIByDCCAW2gAwIBAgIUJU0GGthkgx2nWD8AoabkqPc60xcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR1eA/jiLcTLJY/6n1S6pXRwxfNQ22KzyVxjHUP\n/JaFOXTjK2LnsGmJP7Xi/jkYvYNvIIyoUVTi0K4RdP/d3AcEo4GOMIGLMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMDQGA1UdIwQtMCuAFGbVU5KmBxYK/E6MCIyFg3YZ/eyGoROkETAPMQ0wCwYDVQQD\nDARteUNOMB0GA1UdDgQWBBRm1VOSpgcWCvxOjAiMhYN2Gf3shjAKBggqhkjOPQQD\nAgNJADBGAiEA6bnwPmrLdF2qUs6SFGVk493+4nuY/ktihtx6IHAaURQCIQCJtZ3M\nxfqJf29ftS3v7QHsXA9TKt/a3dwBaA9GZZk0Yw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUDeOiAcFYIMDuTTtP9xWhBPs7FEYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBGMgm5kTGfX7t6y1EgvpiGKMBQRpKzp5Ef537q0mVka\nop5VE+1DMciR9l+SlazJMEpuTYGu1fTfewsdbRmEOxGjfDB6MB0GA1UdDgQWBBTh\n9Ile7eEpxJV7HwDu8E/nfRnFvDAfBgNVHSMEGDAWgBTyCBOemBBup5lshN4S9F+9\nWfYGezALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgQfmBUe4D6r3fWviNO7Eb\nkFlFfA0ToHNY7dwh+dnTQX0CIFo7GpaNWCg/H7AiJ0+/RqhZ07sybDn3r0t997Q3\nJT5l\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUf9JcA3msboxXTj4yYCWDRaY+KQgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDZ8MWFegVG2rZoci14TfEdSdrvLBv52/atocwa91bkG\ncvGeY8H5hT+S6PMbj1NR+/GEME8eTpFAN8X051FjmLejfDB6MB0GA1UdDgQWBBRT\nHCUu/QLKUce+dK/TyCzq0Hu43TAfBgNVHSMEGDAWgBRm1VOSpgcWCvxOjAiMhYN2\nGf3shjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhANRI7OUlgH+hBZDDSGKn\nNS2lzRmSvG/1JWFw3YPIuq8WAiEAhnU+CD3yhuAgIFRzH+z+EqI/vLuQQ4edf65/\nF9fWJ7k=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2180,10 +2208,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert includes the authorityKeyIdentifier extension with the\nauthorityCertSerialNumber field, which is forbidden under the\n[CA/B BR profile]:\n\n> 7.1.2.1.3 Root CA Authority Key Identifier\n> Field Description\n> ...\n> authorityCertSerialNumber MUST NOT be present", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVqgAwIBAgIUCOIzmtfDfzlYWNMZ6M/V92DkHEswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASUN3R9Iv+Xt+Bf8k4dbXyxWIXv+BGqAUPpTR0F\nxXFBoWMzZqVzogibVe7+yP5Sr0ctclfQwk60TJPfvTwUpD0Fo3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAj\nBgNVHSMEHDAagBRZYTqPDTj3LlvLwewBD03AZ2IJ44ICBNIwHQYDVR0OBBYEFFlh\nOo8NOPcuW8vB7AEPTcBnYgnjMAoGCCqGSM49BAMCA0kAMEYCIQCvBvmDGUdLIPhI\n0fkLX0/FAK0kyln3nVZM9EF633cu9AIhALkzidGFGR+Th5KsZGVPoDXBS2HnfxOX\nSXFdhUu/q8+8\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVqgAwIBAgIUY8zuYlHIZggM6wMgiHRC0gy+wx8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATjB6DDPLsGXr0ESrW2lHlM+Ml2qSmeGWM+NxQz\ncEw4ALebZ3FQW9O727GSYRrSsqk8ZWJJrTiN5KaBpuZ83c2yo3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAj\nBgNVHSMEHDAagBTRId8q/xWM0khdbXK8zE++FjbERoICBNIwHQYDVR0OBBYEFNEh\n3yr/FYzSSF1tcrzMT74WNsRGMAoGCCqGSM49BAMCA0kAMEYCIQC6Y5fjzChWubZo\noKUgchYC/za9p+ZzpPWuU1qJ8TQqMAIhAJF7LiadNUZPrhqD5WOTrj/Ioyko25fo\nR3OFCgZ7xHHg\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUWsAenBveTTytVSe36IlpmekChhIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABKu0Pfdw5AhWAofUfso8hfHGB/hZhZhB8l8EatHC8lWo\nJvi3eaxmP8rbp5MjnZz582PRmg7kA+yl5NuFcbYr8EejfDB6MB0GA1UdDgQWBBQJ\n2ef/uwbrzuQZ8kCtU+gR2izXITAfBgNVHSMEGDAWgBRZYTqPDTj3LlvLwewBD03A\nZ2IJ4zALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgBm8p1m3i3GWgKgUKc4tB\n7whYHpP5DnYmZV+b0k840zMCIEHguVv6bzURNBXPvDkfvQxwgXJwWtib8ji52uMQ\nBIFz\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUEDxAYYJoMgxPeslwzwrcmq5ma68wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABCUchbN6/LnAlJXyi0e/jlW/6boUUwKgdhFpaw7cKuzB\nX6RRFYikWfJv2WnGqMZ0WQVdy5+xGT7aXs9ili7pleCjfDB6MB0GA1UdDgQWBBSu\nHVDasTo4iOWGh7y2XioDMh3f6zAfBgNVHSMEGDAWgBTRId8q/xWM0khdbXK8zE++\nFjbERjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAOVL91D291Ipes6Mts5t\nTcbyeWsIY8/fJ02CWRcQru7lAiEA1+r5aYlF85TmQr8RL02f3AaYZp/hmSD3mlB0\nvWzhi80=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2203,10 +2231,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert includes the authorityKeyIdentifier extension with the\nauthorityCertIssuer and authorityCertSerialNumber fields, which is\nforbidden under CABF:\n\n> 7.1.2.1.3 Root CA Authority Key Identifier\n> Field Description\n> ...\n> authorityCertIssuer MUST NOT be present\n> authorityCertSerialNumber MUST NOT be present", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIByzCCAXGgAwIBAgIUY/xnX126OLGq9cKs2QxdoBY4u0IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATaiO5y5jzfo5eU6eurqIkM1n1MY5tNc3aeuHXy\nq0fQxSUreBdW3ZuuvbOIY6xypcFV1Ydh9+blRB3cd87o75NQo4GSMIGPMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMDgGA1UdIwQxMC+AFJ2Kf6V6uD+L0jacrJg9oefjKm5voROkETAPMQ0wCwYDVQQD\nDARteUNOggIE0jAdBgNVHQ4EFgQUnYp/pXq4P4vSNpysmD2h5+Mqbm8wCgYIKoZI\nzj0EAwIDSAAwRQIhAOgt5q2geZLthXCuRjOSxoyFT91Xj0efVVR9uKDByVv4AiBH\n97fZjgs95SH5d/c6MewwAxR+jeEPIowoLgLLjaPtyA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBzDCCAXGgAwIBAgIUFvw+1+z1/rR3NVD/Nf7fblrv1j0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQDywqEdAtErjtuPUXovXyoU3Wo9NmmZLzj4Wj1\n3A+faRcD8hfcKMYKBwx9K14gLHbXGAvMpdMXvK65HkVj3a1po4GSMIGPMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMDgGA1UdIwQxMC+AFFOGiAsq2JU5fW5YIcDdCZXyCkadoROkETAPMQ0wCwYDVQQD\nDARteUNOggIE0jAdBgNVHQ4EFgQUU4aICyrYlTl9blghwN0JlfIKRp0wCgYIKoZI\nzj0EAwIDSQAwRgIhAM05M/IPDAow+iKRM52WSCsk9kejKuEVpievvtL6YX9lAiEA\nutN0ffZw7RkB0Q4L1s02FmQO73jId4g7z7roQ9nD0Xw=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUBV75O4X/uCkjsmsLk9vmsspuFZwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABI5jKAnJll6NfpEE+RErak0gpmn1OoBqCsnHk4dBfGJm\niXKinPLtD7yH4HeZJ9iMkcmEbXGrGlmB3DxAJ+h0GJujfDB6MB0GA1UdDgQWBBTD\nTXi8lcY+n/2P+KSm/w18aQgQojAfBgNVHSMEGDAWgBSdin+lerg/i9I2nKyYPaHn\n4ypubzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAK/sMbdUcOB3+61WNOpL\n4kAWAF9CyEPBz2cKmeZnwB18AiBDVF13aZrrsVktQej5ybzzqSm9Lvhmg35y1cnD\nOXmZsA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUD8rXiKhPH7vuI7idboGMrDnSyE0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABP0AfaEx/1pTImgZ8RlV4G6Qw3Th1hSR/FoPvEkqK1r7\ntY6DLB1Lk1gOtxNYtg0/Oz8bWTQEluDO9smsufOBd1ejfDB6MB0GA1UdDgQWBBQF\nOAldtWIh9p9GX32+0nfe9CkfLzAfBgNVHSMEGDAWgBRThogLKtiVOX1uWCHA3QmV\n8gpGnTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAMwcQyQagpCfloNiW8ah\nYaYS4lnnn7r+HPoEWdO7whOIAiA/HEFmazXQrWDbLqI27WcwqxIsBA+SZ+LhKyN5\nv4jfHw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2226,10 +2254,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert is self-signed contains an authorityKeyIdentifier, but\nthe keyIdentifier field doesn't match the subjectKeyIdentifier field\nas required under CABF.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUGPGkk72FWJbbxjhN8D4HG2F2j+cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASDHF+gffuDSO9idGNVFoMyiyYSKaYSCuDU4r6B\ny7b2cQc//hmcPHT8qaAl34tPdfph+YUk8I36fFhRnSbw9dzxo3gwdjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAf\nBgNVHSMEGDAWgBRay+V62jj4tppNw3ZwMeX7YmLROTAdBgNVHQ4EFgQUI4JAAHI4\n5wGtfEw7V2CugUSdTsIwCgYIKoZIzj0EAwIDSAAwRQIhAORFvAi2X1y/F+hz2cBd\nQn8vWaD7GueC7zVcxTUI8gLiAiBNNlqaNbzRJiGLVEuNAyQKmvA2eDGhCr6R6uoz\nh3Mt7Q==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUIXRhJmhBrOt2dTpw6tWlK0N06SwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATC/5tfOhngnMM+PoFX/KqhUF0CFSm3jJ1Lrv9y\ntpncHU2PkSS6XpRqDc6Gw6Jzc/njsYlIpkkgpuv503/Fa/rXo3gwdjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAf\nBgNVHSMEGDAWgBSd5tIJLOuHTf5JfQh9nVQbyo94+jAdBgNVHQ4EFgQUbLRgroFX\nThYrF+VjVlAYktjoNNwwCgYIKoZIzj0EAwIDSAAwRQIhALTU+q0oua0Ih2f1dKnM\ndWZI3WP8aSqxyRDcOj1tHbxmAiBa822vsBod7BliDSn9QoDhtv8AfQIQ5YThjXjy\nmXhX4g==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUDWqfOIJOCNNOGdpUqITV4ujtx28wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABLcYscMwRam6/TrZegFhnPHTmrgA4WA6dcmajTTFX30Q\nPkuDiOEH3uKJSPOSLKdUjAdLfD9DEzUaJReFYVrWYxWjfDB6MB0GA1UdDgQWBBQW\nYMcFB2AffDwIU+ZnsuImOPdxPzAfBgNVHSMEGDAWgBQjgkAAcjjnAa18TDtXYK6B\nRJ1OwjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgKxqyH2MuQzGpZP1Vsz28\n3E8yTWEmratblAOmi7RxkSkCIDRScAkIeQv5tG9L4RSPY/J4f3DPUzaAQqevTz7J\n7ZUl\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUVcHCwVwOUALPwQGCuhOlCRlZJMYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBEstwlQvg7iw6tkLuVjBGkUmk4IUwejLiJI9xCM9FTc\nX01Ii+SuiP80OvyrYqYSjuoswn7p/OfpHABHHiIkJIujfDB6MB0GA1UdDgQWBBTq\nEA6vrzRXvziAYyM9A02v1FfN7zAfBgNVHSMEGDAWgBRstGCugVdOFisX5WNWUBiS\n2Og03DALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgIXbsMQybE1z3eeKbbRPh\nioIeVPIqIRiSZzxYSDgRQX0CIQCvHqeH0zvMDqcmY6GC+ELNuJ7AcvkLnvlveSP5\ngPGwCQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2251,10 +2279,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is correctly constructed, but the EE cert contains an\nExtended Key Usage extension that contains `anyExtendedKeyUsage`,\nwhich is explicitly forbidden under CABF 7.1.2.7.10.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUZIE61T4tJKVOsC4/EXWwhA0iY40wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATQd9w5R9L7L5EuP4/soEUsRGPcs9WMfdNHTW6x\n0jIh8RsqEBNmL+So+dToC+MhPDK/33iA8LorDzaDa4xNejEvo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUEaaEaMUEYr01WI6dJBO33ecXP10wCgYIKoZIzj0EAwIDSAAwRQIh\nAI7OFJkXAWMWdVOfJt2EH95QxB978gs/Gzg1SS+1yYh0AiB3szdf6g02DJCCUun1\nqaFB0IOKUpvQ5arKWGdOa+zPVw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUPzPP1RYEYKIitXfCS9ledG5Vi2wwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT3G7+N3K75V/OsLRV2zAIxfH0YBDMCbJXK7SZK\nYlv9huw7HLGShOkIiDCJrBg8jWO78glrTjA1WhQ34h5XrJ1/o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUTbqwSrPyFfY0srHTeb1gWyxOphIwCgYIKoZIzj0EAwIDSAAwRQIg\nZl+qnsc/nl6Ly1CaXmaIYDLca5NsOXM5LkBvnbGWMJMCIQCfZkZQMyYNl97qJwbs\n/8Iqms101JZZfN+9Gvptu5MG6A==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUdMzKMd6AwB3LeE5Mb2gbHUC7WYswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABIm2W6ybq3UdTmR4c2XxPTpwkWZq2klK9qWTaAnx8Gg2\nwER7o6UhmFEi2mbgGZsWBunMbXp+FATYZuSHC8Q+Eh6jgYMwgYAwHQYDVR0OBBYE\nFHGe6Sv2RVkE0C2Wtacy5e7VlQ1vMB8GA1UdIwQYMBaAFBGmhGjFBGK9NViOnSQT\nt93nFz9dMAsGA1UdDwQEAwIHgDAZBgNVHSUEEjAQBggrBgEFBQcDAQYEVR0lADAW\nBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEA/4F7Sqld\n6ZLHlyE17QFaX7r2imeQJMzr882d4pmG2RcCIA0o33d6Y5uz9C1ONTt1v6GU3UH1\nom9uAGnXAYriHzem\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIURAEqEc1p1TNVUBAzCk/BDfbSFhwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABCCkPb2CJ7g0XaauG8bLYJg4h9PeWA7kgW1ZyE9HJiyb\ntDpfaAZwixY2P28UYO2Sr+jTGfceYCzbfAx4PnPttrCjgYMwgYAwHQYDVR0OBBYE\nFCafk66YbRKetrf3XtulTcggiHexMB8GA1UdIwQYMBaAFE26sEqz8hX2NLKx03m9\nYFssTqYSMAsGA1UdDwQEAwIHgDAZBgNVHSUEEjAQBggrBgEFBQcDAQYEVR0lADAW\nBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEA+NQOed3Z\nYL8xwesOBJYdZt15fV6zAzVdzu4VrFSnZ34CIBeuv1WHHiMuHbyHoC2LSp0tCpEG\nYRAHjieyfa+OsYck\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2278,10 +2306,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is correctly constructed, but the EE has an extKeyUsage extension\nmarked as critical, which is forbidden per CABF 7.1.2.7.6.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUMyrDdutS1oOjgVpHH/haSiY8TBkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQSG5EUKZunys/3Zq+eu/QMVmN14+l8VOSqRuK6\nBUcQjBoXJr9CUjhb9F3gYUaWyQTjvXGV63xmrzCnGSe29UtEo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUpeiz5jrLipi4Z9WbQAsT02opXv8wCgYIKoZIzj0EAwIDSQAwRgIh\nAJND781hGSVzYJl/qUsGpzzo/pfY9qHds1pC8tV2kBTcAiEA3CXE+16o0OMBDgQd\nF0rcmlshuFyM5l++yEpSBMRENNA=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUeMTXKHIFhfgqwqKUOuZNp0IGxnowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATTOikf75CiQ3qG+oCQjsUwyRnMn28NQQSqDNw/\nW3PoUAV5fEwTmxCO6VL7SnRa1PwS0gDvFxB1v7uNBoYEytLno1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUky0Pv84UxWOQGCAP0JD/j7JLjzQwCgYIKoZIzj0EAwIDSAAwRQIg\nBoMSfHqBsUdzVFxWwp3Y1Zt8ecj6jQWGRb72ruUIQr8CIQCjc/GLhznKLpRGTGHq\njpoXvz3B702l5iJrM9lgfRQJ0Q==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUTRKJVuFImrd/1awBbc4G7hpnml4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABO8l1yhxJeS5vK4sUMAmEct0XpA0qgCQeShWhUcGPPen\n7kBjgbE9be3Lg0yyzgobHS/m1i2ydT//pc959vczKXOjfzB9MB0GA1UdDgQWBBQA\nCAbOp8QplyXjLCTTz59RDcplejAfBgNVHSMEGDAWgBSl6LPmOsuKmLhn1ZtACxPT\naile/zALBgNVHQ8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwFgYDVR0R\nBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgffiSfFjpzlZCnlOx\nKAoVpjELupcUIB5DHpxg0NEEaewCIQDuzF/fxsA0JiLxOJm9hHLuGvt0ols/xG89\nk2tkvZbEVQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUQRsR5sGaMh0MNEZrt9+LK6MmotswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNM4GZgXjlZMcvBgq6MWGWvthIcgx9eCw74ISZLgR2pq\nz7npcM0NPGTuPVTNR2SjCpD4XzSlrINq2T0g0oYNDTajfzB9MB0GA1UdDgQWBBR5\n1w3oYB6B4Ux+RFTwG0v6V9gGRzAfBgNVHSMEGDAWgBSTLQ+/zhTFY5AYIA/QkP+P\nskuPNDALBgNVHQ8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwFgYDVR0R\nBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhALvzL5AAVc6aekpC\nszqEjCmpI4MROZClKL5XULzc0cVcAiEAjGKEAvJpcHXUaHUrNPiFf1lwP8+wnT/5\nHxQTuvMl180=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2307,10 +2335,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is correctly constructed, but the EE does not have\nthe extKeyUsage extension, which is required per CABF 7.1.2.7.6.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUXRvz2qlnR64Rq+XtrgGi+sETNjgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQbjYO4B5G3AezEOdHa8A9PtNjPUSrIYL3yH/EE\nYUeZDkWG7SoW/Ftqikezaeeq8+3zIBm+Bny8loVqsaZWHlPfo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUKKFEMGoyP/pmelk/4MrpSwfake8wCgYIKoZIzj0EAwIDSAAwRQIg\nYp6wAJWLdo0Gy+MgdxmxK64WIS8Y8kvA+0DuuXC0bjYCIQCj9zBE4S+yrhHWU7Rp\neCyfrr+U+CYfHlJFlT66048DEQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIULED6/vrw1+lRjYJwPPYa7H2M3AUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS0pz6qX5Atje0/eWenHWOzrpAZMaKhfqFGqaMl\nlL6UN+57KemgoC8yh62PXxIDbvgUh1axh9uEwLD83+HQGHrko1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUa/IXX0zOOyPyZjeEK/D4e2+X1sowCgYIKoZIzj0EAwIDSQAwRgIh\nANuFtueFSimBhqqqLX3Ss2OIiMzoe1tHr4zOLz5porysAiEA6hcQwWaz0e0WYng2\nC6gIcU5HzRoUHp+LrLPIAdsBN6A=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmzCCAUGgAwIBAgIUPknP+F3vLzRaRhhLvQArfnvqQ2AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABET47uU5js58Oz4ilvkBDRQTnGi2soQXFgHCHPl0I8VJ\nJSMj3depzfnh1lc4Yvd0CRKxawE7Fj7VGeicXQQv3najZzBlMB0GA1UdDgQWBBRK\nM4GtdSeISl7KqCnbXZNyuUbj1DAfBgNVHSMEGDAWgBQooUQwajI/+mZ6WT/gyulL\nB9qR7zALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZI\nzj0EAwIDSAAwRQIhAOFY04Misp58qCVLk6PaWFx8SF07vE6Ia5WDdKSvBcmuAiBF\n0K6LE1Uc3jhQg/yEyiehCu0DpVZvJvGC4rOQrekY5A==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBnDCCAUGgAwIBAgIUUw1EHkXGhpT26slTa9uyEcnBXLYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABENOscmisabvv/TLiP04oKMEp2qzqfVh4yA4Yih7lxY7\nhwHY3AjNkUiRoYrwavr+2g5BrpaclFK4WAtRO+WgXA2jZzBlMB0GA1UdDgQWBBQW\nNCk7jghcFgwAN+KT7rUTI1QZfzAfBgNVHSMEGDAWgBRr8hdfTM47I/JmN4Qr8Ph7\nb5fWyjALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZI\nzj0EAwIDSQAwRgIhAJwWs351rURlqgaq0+qrtYGgi16+emXkqOpy1v5yr13bAiEA\nvJH13PWpOuBGM2vJLAMRQWFmn2ygjkbOTRQFdzp5Vd4=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2332,10 +2360,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert includes the extKeyUsage extension, which is forbidden\nunder CABF:\n\n> 7.1.2.1.2 Root CA Extensions\n> Extension Presence Critical\n> ...\n> extKeyUsage MUST NOT N", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBpDCCAUqgAwIBAgIUCOthDYLC7iqA3N4rL9PFLJUagx0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASUk4sEu421AYx2LBK7kXx0TKILkkrCDHEwiXSF\ntPTKuTyPGnYAzeaiTA8TmgCd5RHq+9pqT4iwwKHthlvnZMe+o2wwajAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUYUEwKfJEsQ4CJgO4BkhT7e8dCEYwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwCgYIKoZIzj0EAwIDSAAwRQIhANNeIQK2OCsvC6oajGj+y3uW++BmFyC6c1Sq\n4IFuyVMZAiAfuwrCyLv+J9958QKi0AGwaOMDvu2XZ7yznsf9HMfVTA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBozCCAUqgAwIBAgIUPv45Q7X/lc4PniamVNZ3aa+xiZgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASYTyLwo99eQDuzaRMfc8Zvz6uLttFwO8D24GFj\nVLkl3X4KRrinDzszoZbpPpch0qmauB45F0aJ7pxiByH7B69Po2wwajAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUtaQikgHwhzu8AN8laAs0czLLgtEwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwCgYIKoZIzj0EAwIDRwAwRAIgZTFybqHAYMjQDypiDBELxxzPTELW8YtuI/Eo\nvTLoXG8CIBNRtuA1WCHqD66tLWrSQ4eEn1kZdLlK85HwY1tGeQdG\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUMBnOP8J++pIaQJZ5kPEoOTXJ6HIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJL0ib0ugn3JKJDMELImvxJzLnaghq4ZZ18enw6GHBza\nZAid+dfGSLtyf0VGuQaskdhLyNYokUcXuG6ZegipQxqjfDB6MB0GA1UdDgQWBBRY\n4Gm8QHi3Pd/6ag12iqCBWqe3ezAfBgNVHSMEGDAWgBRhQTAp8kSxDgImA7gGSFPt\n7x0IRjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAMiBhMCdpxj8Swp7cgY2\nmt2EO36ZWZVt44G1WnFZtYufAiEAh/KuDxwwcVUgqCDYkyPfAoM2/Ku83teaeDNW\nq+l1dJ4=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUC+ARfXjLLCAkPDNs+9hWYfKvdLUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABKYbNP0xHOYE0BzRoX+NCnPzOos1K5OY94uS3U1GCdD7\n8rrqXcgirW+Qy4WAGsZMNCk/jG3ycSf8jd7Pfk9Dou+jfDB6MB0GA1UdDgQWBBRf\nlFmXoQS7bfptNueTuhNrEZBZRDAfBgNVHSMEGDAWgBS1pCKSAfCHO7wA3yVoCzRz\nMsuC0TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgEkbS+8q4nHlxuY4OxZIO\n29aVT0ifrjhRS1hLPJbIx1ACIQCv7fM5rV7itqbYfC0TpphVMSHVqmHxO7KFCabD\nEJSkgQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2359,10 +2387,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", matching the leaf's SubjectAlternativeName.\nThe NameConstraints extension is marked as non-critical, which would\nbe a violation of RFC 5280, but CABF explicitly permits this as an\nexception to RFC 5280:\n\n> As an explicit exception from RFC 5280, this extension SHOULD be marked\n> critical, but MAY be marked non-critical if compatibility with certain\n> legacy applications that do not support Name Constraints is necessary.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUWIJIUYEEE6/veH0lk1SQQx/GgrYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATDrLHlTCyYkHc8ZE554X4l6Ne2N0xmCML1pV3r\nMIsSPeytsU7cfjKahtHpYmQwsdxbWhR0SHBTGiSJgDMMGRqVo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUWaxAI4zva2y8IFj2f3H56Hh6qqQwGgYDVR0eBBMwEaAPMA2CC2V4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQDXdSD3ATKxgfaU2QAMSTd52vqI\n4+rWdlLVKxCn9oWf1gIgFJ+eyGiqU6zuxxBTFBEVtUkgMhwjeX/uoKUTzrdalMQ=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUGyHV8fEZhnjTHfLyUH+Z9ST9CcswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR5AbRMDAPPKCWsYI2fC2/W13JARSg1iKyUwqk/\niThbsKaLbg50CrXFCz4gI9kfLYdMhfmf5dVs+3BEZdvByt9Eo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUdFx+9xMITp8EhMrtDTyFsXB7HAcwGgYDVR0eBBMwEaAPMA2CC2V4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCID1EnjKYmNKJFrbSLOdTGvyTI4D/\nFPHHSklb5zCFJa43AiEAy+Xtm1t1stMcm1Yrd0is5fC3nBA1LemS0CZapdBoY1c=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUISm8ANp4izROirBRtasEpmZ8yewwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABAgzI4ir6hOlvLKpEJgSgBsjt1UrXbiRmWBK4pN9WaoY\no5cj3INwU1K//K9hgPH/gOLd7Eb7KTDbF1YmYDQUHnSjfDB6MB0GA1UdDgQWBBT1\nU/RAx97ocmch5s8I007tf3WhTzAfBgNVHSMEGDAWgBRZrEAjjO9rbLwgWPZ/cfno\neHqqpDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAKQmj1uiH47WjSHsT8Tx\n0K0G9SpK8VCr5Bg9v0409bz5AiBqqVjpIY+QFmeB6e94XTRaio+6FGoCvGm5gvCX\ncXriNQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUO3ocSK2Omo8Ie/tkI9vKt8YyZoQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABL1aI5j41cbkoNRXYWULZaPXFC8LYygqCm00438TJrj8\nBMgKX8sS5pX8nIExIj2jaemyrSP6XPIX4ndMA40oZjOjfDB6MB0GA1UdDgQWBBQO\nx6x9L7sVZZJ47o4P8m6idkCV+zAfBgNVHSMEGDAWgBR0XH73EwhOnwSEyu0NPIWx\ncHscBzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgfHIM0Tfvzb3Ha2ZvZ8n9\ns5l382sLU0SnkexJYiIQXNkCIQDRqqHZ/YkpF/DRV3MbsQRHpDsVN9XpCoeGAyXp\na9b0yA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2382,12 +2410,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> leaf\n```\n\nThe intermediate contains a NameConstraints extension with `ASN.1 NULL` for\nboth permittedSubtrees and excludedSubtrees, which is forbidden under\nCABF 7.1.2.5.2.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUTLoPVohv+D4s7IOtgCIpVDvm7YIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASFt7/LUyWkrBzjSldYg82hfEqFNPGoDAZdG4bh\nw4E1gZx1AKgNn/kCd3NJDMsor/ZJpV1zM8sBuNmZZDU1vulPo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUdBXu0ycy727eqKZZWZwuR51CqkAwCgYIKoZIzj0EAwIDSAAwRQIh\nAOaiGIAtyIjiGYF4R+N47cGDcM8UIuI+wLSDCS3jJDAuAiBNevp964KqmNyI+ibw\ntW3DmcvH5TDzZaWRErpbhKMOsg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUS7C1u28PvW9SRiPHpTlznmc+7skwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARO0Pl5AYcr5q5DTQGLZ+9ryFYTOvCnWWlVsz6q\nm+LsQKidU838ZuhR5t4JOQi/TMNcyy0Iq5IG2UbEky2rLTNao1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU/OmL6XuGAkJWx5xm7Y3AtExL/hMwCgYIKoZIzj0EAwIDRwAwRAIg\nXZPLk77mpzagsE/7uTsRk0Sb+WFyFkA+pIuKKJO1lhkCICoHaJ/9n7zGcdzlEcgO\nndhuKXXpsh7bwO+CKE2hs4qA\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICDzCCAbagAwIBAgIURQOBzTUEW1auBrUBSnoGBLeECoMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0MzgwMzI1NzMzMTk0Njc0MTg2OTIx\nMjkxMTAzNTY1MDM4MTI2NDMzOTgwMjA0ODIxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABGJMwBzUWP7eHg1j7zLtM+7eenXx0dEbMZ2peQC3lDpRlQ6WWiwmzakhPaK6\nCgFQ5Udra9EIxsWa5t+4N15PXC6jgYcwgYQwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUdBXu\n0ycy727eqKZZWZwuR51CqkAwHQYDVR0OBBYEFO+sdo5bdQW/AfB7p0yGDVxIy3Yi\nMAwGA1UdHgEB/wQCMAAwCgYIKoZIzj0EAwIDRwAwRAIgGYgQTTv9oH3Pl7kTBNQ3\nbh/FsKYatbRy9ZBf/MExmxYCIFRAmSj7LF9RSgWzOwOQwH0oMNKRb/jlk3oAhgoE\nCvRv\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICEDCCAbagAwIBAgIUBrV6O3Oc7b0pidc+ZgwIqbN7e5IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0MzIxMTUwNzAwNzA5MTE2NTA5OTA3\nMzkxNjE5NjE4NTYzMDU3Mzk4NTU3NTI5MDUxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABC4rajmL9r5l38cAkMvclseJc1qesn1KBtrIT7jNcKyS4zC3dCpeZE5NrWIZ\nrAkfQgfsSGVl4I1U/Qyu/2OeFumjgYcwgYQwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU/OmL\n6XuGAkJWx5xm7Y3AtExL/hMwHQYDVR0OBBYEFJwHznIaCI3XdEJcW4JLfL7vfdZh\nMAwGA1UdHgEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgKaPmbeE2kqUXT0Yq+T4g\nSI+r+DbhqvU3//2Doq6X7BsCIQDbAltCn4INB90zSyvEK8uGhEzsoLm1mxDwYdjo\nMuXNMA==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUc7T/11kfz5dM51AKustIELO3XUswCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDM4MDMyNTczMzE5NDY3NDE4NjkyMTI5MTEwMzU2NTAzODEy\nNjQzMzk4MDIwNDgyMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nOqEOZrCKx8Qa8sMaLyVbjpvO5y1UZ5OAFzoPNw5IzB1GLFle/0174treftUJe9IM\nRCAUMjyWLMSvYm01huOcDqN8MHowHQYDVR0OBBYEFAmsmDdEz5SzzIAY09ZCnsep\nTjaWMB8GA1UdIwQYMBaAFO+sdo5bdQW/AfB7p0yGDVxIy3YiMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiAspTjdUydITvB4L3AbSdPk419MsYZAhFCOZ5H5S0P1\nVQIgGDtHNfQDyuriwdS0Zzl82z3uyfJcjyNTAQ8C2f9DHZs=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUZ8L0DkUudOwpagVFXRB0X2g/t1wwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDMyMTE1MDcwMDcwOTExNjUwOTkwNzM5MTYxOTYxODU2MzA1\nNzM5ODU1NzUyOTA1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n07nm1AIphZpUYfbTMwBqlszGuDiPQHPztKnwsnZpTAwskCDQb2joblmRMT5ilDxf\n2Pr6OEiurju6cGGra+H8xKN8MHowHQYDVR0OBBYEFBwPlS25Iptr1nqzc8jRG/rq\nB02BMB8GA1UdIwQYMBaAFJwHznIaCI3XdEJcW4JLfL7vfdZhMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEAnaSayFgi2kQkjVjQU/XBzhjWHmbHpMoSH4lQB13S\nqRsCIQCeb2T8sa9DBvWHWX/vmlQurduLLqyGJQdy3UB4P44YhA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2407,12 +2435,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> leaf\n```\n\nThe intermediate contains a NameConstraints extension with empty sequences for\nboth permittedSubtrees and excludedSubtrees, which is forbidden under\nCABF 7.1.2.5.2.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjTCCATSgAwIBAgITBnp8L4gtgzGZyEMn3dtA6avbdzAKBggqhkjOPQQDAjAa\nMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwIBcNNzAwMTAxMDAwMDAxWhgPMjk2\nOTA1MDMwMDAwMDFaMBoxGDAWBgNVBAMMD3g1MDktbGltYm8tcm9vdDBZMBMGByqG\nSM49AgEGCCqGSM49AwEHA0IABEEH4QsTY+M49XpRkRCB/LSElIrS5pU9wNJ93RYF\nAkSS8Fq3ciQge4cHVW7XWVQCJWZl/t6AVkxgoozDu+a72JujVzBVMA8GA1UdEwEB\n/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0G\nA1UdDgQWBBRundeuzqLd6qhX9SI6HNZ77iPGfTAKBggqhkjOPQQDAgNHADBEAiAu\nLlRMPbSiRxTl0vbduNUm5YQRqkVcn2jS10In02lu/gIge+TI7RAcQfSXVSKi0A11\nl2W9wi/cmJGvPor+FzgkawQ=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUIVi2yC2akTaLRonv1j8diPwMuDEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQBeBvRr1YAPCSzGnN6K91F44sUsLXtDqsfsLTq\nP87naeHKwnxs2TbBbhR+kEEnrfIDQEQ3Am/2Gp+BCO/8SQ6po1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUzwhWOiMgW+N8hqD/vM9org93W24wCgYIKoZIzj0EAwIDSAAwRQIg\nCs8p4OL44nzmqaKMhq1IPF+5JpMb2CU9XHX10OYSdwQCIQDfeXOLlcQ62LE60bzz\n6B1rd6Gw7OMptwQz6jarQXdwyg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICEDCCAbegAwIBAgIUXa2Nc4t2rpkUtuxP6PdHhP7f5wkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTYwNAYDVQQLDC0xNDQ0NzQ0MjgyNjkxNDc5NjI2MzM0\nODUwMDUzMzA5NjkxMTU1OTM3OTIzNzUxLTArBgNVBAMMJHg1MDktbGltYm8taW50\nZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBBqYtmtT3Gl5vyJaJfEcd8ccYaH3GOBL0Di/CdPSvyryfWWsxK4yzLFqxClZBjtt\ntyqu36xOJoKVcpGNYYgxLrqjgYswgYgwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUbp3Xrs6i\n3eqoV/UiOhzWe+4jxn0wHQYDVR0OBBYEFK9G+c3TyntiVjUHKnR3S7dQnAsqMBAG\nA1UdHgEB/wQGMASgAKEAMAoGCCqGSM49BAMCA0cAMEQCIAYMXAsR0fLPTkHwthRz\nwksxs4oFJ9198712Ey/+2draAiBfwoqxdrHL/1VhgR+eIEsfg4HZIXkOjgIf541W\neloB3g==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICFDCCAbqgAwIBAgIUHyLcjthucOppDr+12aCdE5wFcSUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAxOTAzNzUwODM1Njc3ODgxODI0ODYw\nODM4NDQ5NTg4NjYxNDM1MzgxMDYzODIzODUxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABF2M431FzcIaaahMjytRQDkM9NBFHuYsyRKkB6rTDRx89G5ANYznKeKo4VLk\nr1uMpL9Nqsh5WESZjcLkjYv7WJOjgYswgYgwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUzwhW\nOiMgW+N8hqD/vM9org93W24wHQYDVR0OBBYEFMGkaHZmwmPEwtJ6vQWAz1bVb+62\nMBAGA1UdHgEB/wQGMASgAKEAMAoGCCqGSM49BAMCA0gAMEUCIQC9jVRIGDnrDDRj\nWkQTtH9DAiWUZlu+ekCyRJ06BHqLsQIgU4jd3oqVYR/c32BZLbq2cuRK0Ewvl/1J\nDVzvE1VPdkI=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUPracj5QHYe2sQ/QZx9VT2cfHVskwCgYIKoZIzj0EAwIw\nZzE2MDQGA1UECwwtMTQ0NDc0NDI4MjY5MTQ3OTYyNjMzNDg1MDA1MzMwOTY5MTE1\nNTkzNzkyMzc1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRo\nbGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEg288\nqWoLrVa/jYcWVDyMWjsc2G4ZFpJXW1WVEi2D+o8qlXCqZuFlefaLDtorDuvM5G5n\nIKgYH/cN1ilh2/dCsaN8MHowHQYDVR0OBBYEFK+0JaIFmFsmjQMH+cOh9mP4rSYz\nMB8GA1UdIwQYMBaAFK9G+c3TyntiVjUHKnR3S7dQnAsqMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiBMef0+a5Pg0B+pyr8UlU51FOeyFLXfQ0XodkxfJdXrugIh\nAOAhl2B1mDTrKe2XXS/gn+OyRE92b/9O8KSUoqnCh1hg\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUBSeDRZv3NfST71o1BFW7v4OscMgwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTkwMzc1MDgzNTY3Nzg4MTgyNDg2MDgzODQ0OTU4ODY2MTQz\nNTM4MTA2MzgyMzg1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n5U8xlxNY3qKEDmsYNZClVYf06v68Or22z+kLBMi+oTWEzZk6rA8DG/xaeLWidHVF\n9LDrih3gbF2oGeAuxYX276N8MHowHQYDVR0OBBYEFAZHxn7PVj09pwVZ3HS8Wzy+\ngRxjMB8GA1UdIwQYMBaAFMGkaHZmwmPEwtJ6vQWAz1bVb+62MAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiEAnETwwmYNyeFOk9btorDhOVjr0geQqsvvhrGroc+W\ntx8CIHEFIxySArBlVedlmRuzm3rA14znkVitPL9eFHyz4ukj\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2432,10 +2460,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"example.com\".\nThis should verify successfully against the domain \"example.com\", per\nRFC 6125 6.4.1.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUfGgwBbaTmhk1uyXyXuhBIq9J9dQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATlADQwnXQ+n0LDsqAFqDJXK/MkJ0+Ekkss4HYO\nbYTEXd+Q2VTPfkaAgDYdO6pUNiTmRtGuMTVeLX6uda8chLuno1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUXCTKZqSGjpCztsZrMRX3vW4McdkwCgYIKoZIzj0EAwIDSQAwRgIh\nAIXlkP7Oo8ZWRKK6Em87l3fTWoVokJ28859U3hulQDB9AiEAp+AvtwmW4lsVz6Oi\ntHbtTJas08TsIeCwOQmUiHmdQJE=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUTM+VnEF7yEPWU09UONM2jVy8v80wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT28UKg08gpWUX0SHAQbJiRGnukyLEywm7f9LUU\nkn/RvV/YvWVP6ECLmiJOOJJR2mT0dDEeHn4f+cd88HWb2U7Do1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUoNhH0vhEBFcdW2oBTleDhxOpzzowCgYIKoZIzj0EAwIDSAAwRQIh\nAJqj/cmSxT7yOuqpo5dEVe5XnuQQ/UJaFPSgR/Co1iYHAiBTiJDsmQTtqxmha1Se\ndzDmv5TKTdOO2cx2gP1by6MRYg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUSizraythsbao9M5PR3Dq0r6EEGEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABLCzqFLBivcUA/qwiNXW6bHXccqxLiXNeYQFTB6ywYSp\nY5sqC336C3IqYf8XejIegZ5EbP2wOYf7OR4PjxeC5+ujfDB6MB0GA1UdDgQWBBQH\ncdpr9BoEUS60+GtsYnJs/FIAoTAfBgNVHSMEGDAWgBRcJMpmpIaOkLO2xmsxFfe9\nbgxx2TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAO5sTR2YwQ3UMgQXTfSF\nwgduqgU6bh1RzYwS4Dt0f9FVAiABYWGk/0/enHrRfm7OEbtSGH65HiPOounqp0Sk\nE+dN2A==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUa+TAy301GkNPRlA4PjMsOira2xgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABAjgexM2tBTCTWXfy+rbuzpKeezNXcOKEdTLHIjXbNqp\nWUaPdY9n+TjQ6R1NwJ6/tqblfHtG+y/oBPr18/4TEhejfDB6MB0GA1UdDgQWBBTT\nUNQEDBpxGDu6v86SJhRV7SA8LjAfBgNVHSMEGDAWgBSg2EfS+EQEVx1bagFOV4OH\nE6nPOjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhANJ9L/SXgQZ3IS+GCAmG\nHahEI3slrdwZctmGZcPL354eAiBUsxoimx2P5D/5jDoFkRkw5hwpSt2vaiNGkwfc\nu8XgBg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2455,10 +2483,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"example.com\".\nThis should **fail to verify** against the domain \"example2.com\", per RFC 6125 6.4.1.\n\n> Each label MUST match in order for the names to be considered to match,\n> except as supplemented by the rule about checking of wildcard labels.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUF2mUdh91zDUsU4t5zLlZV4KBeY8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASrT9soBSZSUobAJK7+sSNVkhn4rIw5zJIcA9ti\nqkxcz6jKF6oPYcknJWb/aP/UJs5Nv1+Vb9xX8kIntKLNc5ljo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUppCyMm5QSWIyjz2ZKl468o5uLRYwCgYIKoZIzj0EAwIDSAAwRQIg\nJ5zAuM6gDDxWDh5O3I+G8me5cdEFuhbWTmSWaGanx5sCIQDKEThOqJ+pO3Raz7xh\nd9M/eZZ2XZG8Qa7lxHc6tQqqfw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUJqSUrOs1reokqCgNgZf/gkOqxFYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATCY3QV6DUx20lEOkutLTKKmKuQMtLUwceDcn4m\nYxrDDG5GQduNEnW9dZTbWRonFmAIBMsRb3AK/oglrBIlljlIo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUTReT6d8RiBpzgK7F1AwDyw80Q14wCgYIKoZIzj0EAwIDRwAwRAIg\nYEoP7N2RWdO+xSkJWVOnn4ZGjCOVNNAys6isNcKRTK8CIEep7HnEsU+Gah49kbeX\nzzrTKRYFnCRryyH8UI+YG/iG\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUabzm+AhnIoZpbMrcxnTCfKxt07cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMJh5Dxngc3dP17xIqg/3AgSKsA0NqbAuovFafv0yFdn\nM/QDfNmN9wOvWmywf2W/H8VKEjXVbIV1qWpMtYpft4ejfDB6MB0GA1UdDgQWBBSZ\nGAKAma7MnfP6yYS7KUsT0An4ujAfBgNVHSMEGDAWgBSmkLIyblBJYjKPPZkqXjry\njm4tFjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgNIw59FUqwteEx1WpLnus\ntWymixPzxcoouGC4iZ9fABICIQD8Loih3ZZ74de1eNDPwC8lfN2As1n0LS0sKCkt\nO3MPCA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUV2w4TQizCwX3/CI3gLdYH4GGJ3AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNnlnPMr65hd0WvKHPA5W0kGzSz7vyKwbe2gDoS3sotj\nf5j/jiWxUtc5lHiqwE2Q6Q0QhGVUX0E9jIGxj+tV6GijfDB6MB0GA1UdDgQWBBRh\nNgzJwdevE49mgCRrfo1NLFz+nDAfBgNVHSMEGDAWgBRNF5Pp3xGIGnOArsXUDAPL\nDzRDXjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAM+ZU8AZrYQhUfHiGJzl\n/euEuUrlneTGitGmwZvR7DGGAiEA/v+lhL+McKAzmxHWG0bzNQThvDt5ml1lGvq0\nLXO5pZ0=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2478,10 +2506,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"abc.example.com\".\nThis should **fail to verify** against the domain \"def.example.com\", per RFC 6125 6.4.1.\n\n> Each label MUST match in order for the names to be considered to match,\n> except as supplemented by the rule about checking of wildcard labels.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUPnOujiszfPJpw4ocFBx19pa8fjQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ5vl9HV+92NYR7eVtwlqpsutQ20Ej4cXYcIYbY\nZRV93cLFwY3w2UzbAph8ssA/AW5woiWJOULF/gGgM3K5TOLjo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUBdBt+Igzk0w9ZdE5As9bBc5L/AkwCgYIKoZIzj0EAwIDSAAwRQIh\nAJ+QbHb/Zt/bGK6VSejrLLgfa5zxjFqi7Ogo0X3auh0bAiB9y4GlSqD3M7gpw09A\nj9dT+440w/3yXhFxaWGls9feWQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUfEsrv5xqVxIUxR4kiVA24TrX3/wwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQkpaLnmwF8Xd4MTM4P6p9LKia+TEZhCTc5bKKv\nD1I3D+gt4Y7KsgOjo9NHj8Hd2P7YvVCZQui9W01GDNnBLMwqo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUqOd+zgo108wDSJpHlKdGgeZvNjwwCgYIKoZIzj0EAwIDRwAwRAIg\na8tfkWONMfMFFPVlSYjponPbJLmVYhu2wyxZ9H4LJ/4CIHa6uBbqS+8Kxc/w+Ye4\nNVNACXmHs+QObtPGtjl8LLdS\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVugAwIBAgIUcdyd762nLbFy7EPl+uz/OmhfyiYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABH+h+gy9QsOp2p0MoaiFqX6tuHkq2zNTHn0EDOG+G9G8\n/rgwh4xBlFEDiUoGjDx7E1t6YZ6eYSeG82UmfLkRjwOjgYAwfjAdBgNVHQ4EFgQU\nZnbhel8jHCAflE/tEFCuS2Ib79kwHwYDVR0jBBgwFoAUBdBt+Igzk0w9ZdE5As9b\nBc5L/AkwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2FiYy5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiAjdVRbjqrHXN5W\nHFfl5eefgYeqfTnI/6nitqVmvuDldAIgK+A5FqY7jLOxXLLO98PrlJ+f+hCPC+ni\n8wDtWwXqL9Y=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVugAwIBAgIUO6abixaV/hcxOTB4nhpBK21d0fEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMcvDmX3XVD7hL9aEtIx8r4zyIeI+oQAKlEycbfoTdkZ\nN5K4HARwee7DwCHqUWmRWduvUAdwDOYpNT5dXKICqZmjgYAwfjAdBgNVHQ4EFgQU\ngLVmKJbB4wseNhylK9qKTqltT0MwHwYDVR0jBBgwFoAUqOd+zgo108wDSJpHlKdG\ngeZvNjwwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2FiYy5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEAjIFAAULu5TPF\nJBV3gZXBTrSluMM1Gu2OIL3vHypiWuQCIEWAfDt4U/NQCeq9zSJFXts3Lq40zNPy\nfmjn0ddmOLIR\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2501,10 +2529,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"example.com\".\nThis should **fail to verify** against the domain \"abc.example.com\", per RFC 6125 6.4.1.\n\n> Each label MUST match in order for the names to be considered to match,\n> except as supplemented by the rule about checking of wildcard labels.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUXcQj4IcxwiiLXPxkhJU++00okzswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASd4yKUPNAaX7tl8RNYhobkEtFs3of9nH+nA8vo\ngwVxburO3IsSZRnE9brGt/otftQBbBIZBn+yyESYSovXXAUWo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUyaukazva5KwNjE6NDjk5GZlqmqQwCgYIKoZIzj0EAwIDSAAwRQIh\nAIBuYP4fXNb2C0z8DwEGfGKK9H6BgQ8K6z+PccxwTq3yAiAri6c7oxzdwymwYBVg\nx3FswIjRNQnsBjG4iblvmAJADg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUX041oaNDgekSDLfhOlJaSCjqVJcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARncaKKCezUn88ixfki8kH+u8f+T3OV4CLZePCb\nXYyktwVseINBQfL9NJiCI4D7mDprheyNdxM/3i7wDlDzxMa8o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUf1nqRO14JddNocLi+NQJ5B0pFYowCgYIKoZIzj0EAwIDSAAwRQIg\nRwLsHK+6/VkclctcZtqZCT8y8T2D6Kr1zTb8gbO+KmECIQDqO0BkKOR0DJmppWQJ\ng+2bS5Q2KET5CenNhVykarxZ0w==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUNWD88rzsRUvY8p/ezCT/wMPl2BAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNjt25X+suvgMRrxKjDsIIdGyYyTm17IEJDXsHAMBM1P\n+aadrzB/TaCkAheod/nGICzNHYGJBaKC5csuh3+cqjqjfDB6MB0GA1UdDgQWBBQ6\n9jMvpp59mBx9LqEd2PyufR7lNzAfBgNVHSMEGDAWgBTJq6RrO9rkrA2MTo0OOTkZ\nmWqapDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgEwh5lL0p/XQQKZXbxLII\n+fXBUHMZxN+a/FklNTXTChsCIAPToGfGqv1sl+GmWmvhmi522RHgiu6H//er5fww\n6Hjm\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUHI+ofM3O0uOg1mfrIep/MaVW55QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABB0qPzFp9014t7OFHbUrJJhLfiYVWGYs+Jbe5xocRIyE\nkoG6e5T+YX78zTSG61PcKx3SQZL9Tk9+LDfskG3+s4OjfDB6MB0GA1UdDgQWBBRz\nPvPRFbsJx916Iv+R9tRafuwcQjAfBgNVHSMEGDAWgBR/WepE7Xgl102hwuL41Ank\nHSkVijALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgWXcV/vK1qoWYwmNFJIIz\nkJW+PuDA9e5MA+0RyqDdNlkCIDvVkxyKv2JqthnEUFvvcE8JsZjsQKoOboIS4vDV\n8x9F\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2524,10 +2552,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"abc.example.com\".\nThis should **fail to verify** against the domain \"example.com\", per RFC 6125 6.4.1.\n\n> Each label MUST match in order for the names to be considered to match,\n> except as supplemented by the rule about checking of wildcard labels.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUCkPQfL8tH217KScdfFfNzk7S834wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATDx8Xp61/dYU8ObUORDaI2/edCYqAha2DcNk1J\nn7VVdVtFyVqJHh3ZdrSHlUUh3vvBbJaIgG5FEnFfFPWcZZ3Xo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU9Sam9gecSt7bi5gU/Yy1pOh/vUkwCgYIKoZIzj0EAwIDSAAwRQIg\nd7kvLgLoheHf4O/a+QJ34uEEh3mesUFJzJJjOI+XszQCIQCGIMzcL7Aq2u4COBsQ\na7CIMjbPIWb3ZjyDIRt+6+pPtA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUIKfVcm+fCNzKHCon388GMxwypMUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT0r2tIDrm6gudwTsCjNUUejUwU+DhYXgjOQzSg\nbUFOdbsKsP9cKg8pRSVlQPIQv0wLUst3W0Co+Oq7yGQdBdtNo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUtErpuWBz5oOHiPfBkjxcHxjVO58wCgYIKoZIzj0EAwIDSAAwRQIh\nAIldd2/yXkKaczEH2riLWmrfj5rA/ak1xFK4AZaGbmeGAiA36J80qZkKPzLYDBWo\nKdx5qwIi92JWDLfvsfeeJWSpbw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVugAwIBAgIUW2NQb+CTD8CvtJwyZT2PULkHKKswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABEFIEYgB22leq/T4Nq+Ayn35SGcAcD5Z3P45+WENkffg\nNYNBorpiY6Sl1bm01TUfqUFsg7RFCBk5LZ/rDtdJM22jgYAwfjAdBgNVHQ4EFgQU\n9K0GoMiDcSi7fLYbGvl8JtGHvewwHwYDVR0jBBgwFoAU9Sam9gecSt7bi5gU/Yy1\npOh/vUkwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2FiYy5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA7TS+BvS9/eZw\nIAUOQyMxuXhdkBWp7nEjNWDvGGK48OECIQCPr3xedB2YwJmJz/uPQIOA9U6xRGxX\nXF8/BjSd6mB18Q==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVugAwIBAgIUTSqH3HXx4u3iW7FQo4k84RTtRWAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJMIOcKhxW6MmNMvZU4TKVt0lsRaBb281Vns7dahb05K\nbikRCIfrZDW2lOiwyTsQjxdNHDdXHy/Z+2lTfy/MKL6jgYAwfjAdBgNVHQ4EFgQU\nzbDmae7FiPEFnMZfo+aMYzxjpgYwHwYDVR0jBBgwFoAUtErpuWBz5oOHiPfBkjxc\nHxjVO58wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2FiYy5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiBnSALEBOLoOv1x\npBvm+5VVOK0x+3rvivTlV6uLxiCX+AIhAMhnwQ/7V/oTs3tPpPmQWjTjrXyGMpbo\ng/dcms861RaO\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2549,10 +2577,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative name with the dNSName \"*.com\".\nConformant CAs should not issue such a certificate, according to CABF:\n\n> If the FQDN portion of any Wildcard Domain Name is “registry‐controlled”\n> or is a “public suffix”, CAs MUST refuse issuance unless the Applicant\n> proves its rightful control of the entire Domain Namespace.\n\nWhile the Baseline Requirements do not specify how clients should behave\nwhen given such a certificate, it is generally safe to assume that wildcard\ncertificates spanning a gTLD are malicious, and clients should reject them.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUIqgO8w3F4CTgLImkHp8JBye7J2owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASZ1P5TbRl1Gqb9qUt8dTnnjG/lGUAfiElMPpoM\ntdvTxNaakyB6/hyBGj3Bvs81Nr3z5N48sarHhwIL32m8WYTgo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUQH9sTr3dStuFBrvNsdBglMLL1UswCgYIKoZIzj0EAwIDRwAwRAIg\nBL3mWzwFTvsuab0R9busjYZCTxGIuCPPUAPen8sfqFcCIFxNuwgwK4dGkd69hYAw\nejETdvbBr4Je53ymJ7aExBik\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUbyqaqZ6TDXuHriOYdyKPrjLW/BwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQNGC1eWUuIoYo10y6Mjr/5OpIgHNgOgtSba1SU\neWtA4npkaFUxZNUCfKoK4MaDUn1XftO283xeL06YI4wcX18Io1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUWx8EiXR0wSW/1I3Dk1PYHHaMh7cwCgYIKoZIzj0EAwIDSAAwRQIg\ndXmmmov3yzVWsD1d/iyeObnocHQsOoTb7VbU/FFJauwCIQD0/IAf6LEUVEQ9GInT\nFVWtThAoY6BID7Uu/hrqzs2eEQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVCgAwIBAgIUY2OoOF1qyBy6rNtfb5PmAZ+vuKowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBugInKNfvxamlEl1Fw9MR7i0nuikXcFOLA4Ml0lz3Oi\nyQObH4NRA3cyMm+8YP4AqVHjo2pbVGjo6xs9njkMP6WjdjB0MB0GA1UdDgQWBBTr\nJn/kshPNhyUSej/c1rSrprGBmzAfBgNVHSMEGDAWgBRAf2xOvd1K24UGu82x0GCU\nwsvVSzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEAYDVR0RBAkw\nB4IFKi5jb20wCgYIKoZIzj0EAwIDSQAwRgIhALkjbeTxgPN6VMDv6IstXf4tuqdo\n5h/Cm8q3R5tk77pzAiEA/PUQZ54mgYufL1oG4UvWIxVhMN/Xkfe1Z/WcRfdqCtk=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAVCgAwIBAgIUQyjOVk4LYH1wSsZdy9o7C1nXmKkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGl1TYviTdPxPZpqwZeYrVBCWEAtKV3uWXCU2uAQGhRF\npmA19MTPh3+MVld7xfX6pRPJZWt8/hNBBickLuEdIU6jdjB0MB0GA1UdDgQWBBS7\nC/tmrXojvlug3K5b+Bd9LgEHSzAfBgNVHSMEGDAWgBRbHwSJdHTBJb/UjcOTU9gc\ndoyHtzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEAYDVR0RBAkw\nB4IFKi5jb20wCgYIKoZIzj0EAwIDRwAwRAIgClIF50Tc0UWlVc6Gsg14pKo5kFE/\nrMFtORj/uZ1bS9cCIDfqECLpLunPdF2HbeqhRaCD+jHQTuRlu1zR97yjsxUC\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2572,10 +2600,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"*.example.com\".\nThis should verify successfully against the domain \"foo.example.com\", per RFC 6125 6.4.3.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUP1cISZkK8LZDBs5BJQr0pOYqauQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQfD69XFSjPTSe86nZg0G/YOymrknCZ/Lbgh/eO\nRI0ZaUdMe8QcBokvAw5gxoyF7MXjJ0L5zYWz7WAfgCBl5vd/o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUIGQxkDf46LJWUJpyeq4Wv6SWfv0wCgYIKoZIzj0EAwIDSQAwRgIh\nALhHwHYsDBNW9+3+hgZotY7AAzI62OigdMmyloRDMEh7AiEAu+FBbYvP0U95AhUR\nTQVqnGml0xTFSNSEpGesUUGBs/c=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUAcHv4OTs1QI68VxVBzquwyfER+owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATx7QeixdJsQFHGQfOlw08cnzkDqHPXLUsJFsiY\nRkiBbh8Imzuf7gmf1Au1a+JFY9fxiqNaNGiGza2Dk19KrZZGo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUYlFRsK5OXePhKVIJnl54Wp+kg50wCgYIKoZIzj0EAwIDRwAwRAIg\nGt7HtS31StwSo9oKuUHtFuGpXzTYZalmwf4JnEmUaNICICmbUBQ4Mz+/cms4d981\nMM9sMzrkKuQ6h4QXW7U5jU2j\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVigAwIBAgIUaov33DCUpd4/LcELvMa3gvQH8eAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJc4QshBaiAaMWtxPX13wM3CwZZy/RkFYHk2oUt96vTB\ngOR3yfd36RD0Gs/iIaciyogrs9iTwT/txKhUgmk9WsCjfjB8MB0GA1UdDgQWBBRs\n0bJHOkQqn4WB56zb2jsRH8nI0TAfBgNVHSMEGDAWgBQgZDGQN/joslZQmnJ6rha/\npJZ+/TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGAYDVR0RBBEw\nD4INKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiAWX9599uuwDDQxFTRg\n4WJgy9UmCtws1sf4/mGDkBQOIQIgPJD4jyf/fRNWndhcZ3eVJz/ZlgAmJSi81A9R\nVySn1YI=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVigAwIBAgIUV8VQCVLoGa+vvQAN3MQL+XfboZUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGqGmWCIC6yeUGcYxLR7mn4Jph/zcbQofZM6oj9RVjHj\nboVLz3jPI0cg9d2R4PYlMiMs9UPZg1A9zrf5pFYwmNijfjB8MB0GA1UdDgQWBBTo\neShdwcOOBvB8DHeK3utpP+99HTAfBgNVHSMEGDAWgBRiUVGwrk5d4+EpUgmeXnha\nn6SDnTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGAYDVR0RBBEw\nD4INKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBp9ZPq9RinBFsNROP7\nHq+f85RXoWRAYLpnzrP7Lkwx3gIgM8SHy8UiRLNQ2SZ5hSd9ALqz+Q/Fmy4zSPHJ\n+kMIa4Q=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2595,10 +2623,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"ba*.example.com\".\nThis should **fail to verify** against the domain \"baz.example.com\", per CABF.\n\n> Wildcard Domain Name: A string starting with “*.” (U+002A ASTERISK, U+002E FULL STOP)\n> immediately followed by a Fully-Qualified Domain Name.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUR2GVPIRqcYQ7fUlN4gVnnlPAWFIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT49jr/uqGC0yQifzgnyXK3b+No40Hty78ndnXS\nIzGLj0CcefaaZEAAJE2BPKdZVTIIjRzYcZIuPKHJ7HMxQSfjo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUupaJ9l7i2wzr7nVRWkmt90P7zRUwCgYIKoZIzj0EAwIDSAAwRQIg\nAr2OB8SRxsW2RwBUyVz1e8VJQ0ucgwoaS7NBz1ABPasCIQCLlxXb5H5cCMzfuOdL\nF3d8Ve/dixIc1TLmeKaEgLOFFA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUFkqDB4tGIwYkqB0acWM3Zo6JAYwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQTOIflAxcqNjSrKdopqjMrHcNTY/lWENBUF4wg\nKVenfhWiidi1hLP5nbfhUIH9rcuW2a6img4MRgOpwCuUMSSYo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUlgFJFK9rFxxASVxj6xB6O3XG3WAwCgYIKoZIzj0EAwIDRwAwRAIg\nc0LdopzlT2gyAVbTs+3NQPeI4hk4piZmSChiou74bcwCICKidvIKLq+SSs20OfGV\n2nf5x/onGgPP+ufT4C/motaC\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVugAwIBAgIUfUgT05xQ6rWtsdlZvszlDZQXuxUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABKKzOd8PPkDUIj9BdaaMviwqUrRff7vkXSzwSNaGveoy\naNW6ibZpCASkjubk2U35tc6DUwoRJeoZgaYScStUowGjgYAwfjAdBgNVHQ4EFgQU\nSEk/NUTdZ/Q6rOb7gjcG/FBUu4kwHwYDVR0jBBgwFoAUupaJ9l7i2wzr7nVRWkmt\n90P7zRUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2JhKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEA2xwHnLw8zEiM\nxr0iviav/qElwr1WCdv8W35BzAf4OnUCIExhfsDwGgnuMme95buKpJD1pqCo/qNH\nMlYjd9EoGHjf\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVugAwIBAgIUcMk950KMdcxgwcGqXmqGOyzRbRkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGCgx8FGNyFJ1b8ootG39yYFGTJ8X2BljVFK9Xhqo3QA\n9xnMHDhmWmz6yfYQYRH8U4WeZbYks+YddYb0eMhPiZKjgYAwfjAdBgNVHQ4EFgQU\nswncuFozCoZ8N5TonCJeCyUq2zgwHwYDVR0jBBgwFoAUlgFJFK9rFxxASVxj6xB6\nO3XG3WAwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2JhKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEA8DzRjjCz7lNn\nmyqER7ikClwfXWPIps8/d+9xTrP39TQCIHtDgmXMsFsvIrM4ssb3sXN+88sLAHA8\nRE2ltldQx6AA\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2618,10 +2646,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"foo.*.example.com\".\nThis should **fail to verify** against the domain \"foo.bar.example.com\", per RFC 6125 6.4.3.\n\n> The client SHOULD NOT attempt to match a presented identifier in\n> which the wildcard character comprises a label other than the\n> left-most label (e.g., do not match bar.*.example.net).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUUzrVZTofcWsZnffHq+qL8WpdLPQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATmr0rMu3iXi5XfN1y0hBcxp/qp6/w8B//IM64F\nHNnencXdiQJh4cFunl9fRY625gba53tMwmAwDQz7SecvVl8yo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUStXO8hSoIfOBuQI3nS+KNmDtm9wwCgYIKoZIzj0EAwIDSAAwRQIh\nALIwu0oMIQJk67lZc4bf0cDQXeDXuk5/B+NEqV4OlU5DAiAGX03BHFxkzwAdocmo\nuZQVYln16HdHXOpBhrGM58DnDQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUTpW0uorSPTxup8Wvk8BIWJJLDswwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR/ql8e0q0S1seYAhSv7foSXgB6Aw3yAosKV5rS\n53YY+GkAH16JOH/a0Z1AAhizfTSkOsJVdtVzCsMaiwuzLEpFo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUla2Gk1C5II1CcMYglJLXygXAu24wCgYIKoZIzj0EAwIDSQAwRgIh\nAM4XFx2lEiUxDnbF9ceQmYLWn5GnLGfuyiWxyEDuvTyVAiEA1APqZEu6koSgS4o6\ng079eD6lMhMKLbXtQ5ZEzw9xe9Q=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUdRVha8wYVJtsizASDnvMYsbn2K4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABI5SiOYb5qaQsmy6flakbeHX2XzvNwJOV0Hqs1+Zz0H7\nMfnoZqL0JfKoPzbNux5WRjlebp5LiSjVhIB41l5pP/ejgYMwgYAwHQYDVR0OBBYE\nFAr5AaijbkW7FsciRyGPTo8FgTIlMB8GA1UdIwQYMBaAFErVzvIUqCHzgbkCN50v\nijZg7ZvcMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAcBgNVHREE\nFTATghFmb28uKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEAk9h2mS4L\nami9JjZ8JnJMT+D6HqgDN8JkovpbSyeACusCIEPQOsrjcjgA2FAKDAXWySUXrmUL\nQaWRVYww471Auxgc\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUJI5PdT3DV3esShvyFt9sTWCjIHUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABEL9FTHgUnTJSieHw/r4DUMfkimk43HugKaRwRX9wlIc\ncAqboaqpyVTnhFd+3YaJF2ozQdosfq22qFjlxiLmq3GjgYMwgYAwHQYDVR0OBBYE\nFKxvCZ30EpMBOzlm8RGBfr5nHJNQMB8GA1UdIwQYMBaAFJWthpNQuSCNQnDGIJSS\n18oFwLtuMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAcBgNVHREE\nFTATghFmb28uKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiA/R7twIpId\nO7ATGWAEiv41rAL66msFvztXQwLHXxscbwIhANU+fkEtpdCem94D+HsPmYybX9Lz\n4ODaAA4LwFjUj6mV\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2641,10 +2669,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"*.example.com\".\nThis should **fail to verify** against the domain \"foo.bar.example.com\", per RFC 6125 6.4.3.\n\n> If the wildcard character is the only character of the left-most\n> label in the presented identifier, the client SHOULD NOT compare\n> against anything but the left-most label of the reference\n> identifier (e.g., *.example.com would match foo.example.com but\n> not bar.foo.example.com or example.com).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUHZ5gW4JtqHaiIAvlLg1wySJXG78wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ/kMIslnDDhlY1QwLbWQb5HElCLoXsvV+IDojO\nAMaTQVPuaMzcxX3BZWnLceyij/vBTMVMLMIraW5zT+wur0Smo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUetwmRxuvys/p+afbdXErrCVQJIYwCgYIKoZIzj0EAwIDRwAwRAIg\nQxlfk9YJ/Af4JB0E8rhDXTlQRhZUmCgrVwHl6930AsECICdo/QmfPdYMGgYbbmjF\ngiA3kq4SLVp4YdM4rYJ2iT6V\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUcMiHumPaC2IDIi1u8iwzJew6b7kwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASLAVxZvv/Ow7baE30WOEl858B0HinLbPU7rA83\nTJyc7fXSs2sl+JHfpDVHRg6AgjazY5sapJ0jdfDbvHeTZl3bo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU/+p1UDhS28GcKVps1Ol51XCv8O4wCgYIKoZIzj0EAwIDSAAwRQIg\nL4hnk21iBdZGsLu6PktWwbvXFZEqyEu/H1ZJ3GgD0EUCIQCpSQpbgDd4pkUJnxgM\nqGHB7vZrXFGMVpBmyoeY8EKdUQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBszCCAVigAwIBAgIUe1aVQoG+1zrRuv1XfPyNKVxOKNMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABIF9eyNbaJisSY43EikV0iOdT8iADKBcFilNjCjoULdz\neS/vyOn593GSBZnotJsQ/egvGXvQXPnMX6+hF3Y8d/2jfjB8MB0GA1UdDgQWBBTY\nfKAW9549OmOJyB12NyEU1WzIxzAfBgNVHSMEGDAWgBR63CZHG6/Kz+n5p9t1cSus\nJVAkhjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGAYDVR0RBBEw\nD4INKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA1DhuDiMvW1xjLwNg\nsUk8bDM0JDiOe+U7UJbBaQW/5lMCIQCxcWtUNjHwxtdPJz8H5OzSTYjsMRlO/IQJ\ngWrbGe2YEw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVigAwIBAgIUGbjvrPSiiYVYKhgH5Oos7IquDSAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGQVEgUkFgAzEdW9EI+Tg0sSUR/A568VNBRlLpBRSBrr\nUUj8JEpbHann78b3nqbIIM3atJHLyT9OEkCFu+Mh6hKjfjB8MB0GA1UdDgQWBBSS\nTJf+OZezv9mTIsuXMwWdDJmHXzAfBgNVHSMEGDAWgBT/6nVQOFLbwZwpWmzU6XnV\ncK/w7jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGAYDVR0RBBEw\nD4INKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEAtDM8cyyhRgyE2y18\nbjnSBDUwHfrgYIVrbDT56cieU38CIHVieA6nKmcpmfcouPJJ6s8yqwrQNSLxBp4w\nbp49aXdR\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2664,10 +2692,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName\n\"xn--*-1b3c148a.example.com\". This should **fail to verify** against the domain\n\"xn--bliss-1b3c148a.example.com\", per RFC 6125 6.4.3:\n\n> ... the client SHOULD NOT attempt to match a presented identifier\n> where the wildcard character is embedded within an A-label or\n> U-label [IDNA-DEFS] of an internationalized domain name [IDNA-PROTO].", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUCd3kv+aqIsPW3SwtsAvveivWU7cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQuJo7USCRlUYQJgqRm/Z6FVRJ3cKpdjYbpa6pk\nSx094ZtXVyMxlQACQvFAfTye258HE5SD+aIrYG3N277oJLD6o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMicD/2gTXRgmQ05cqQwG4i+meNUwCgYIKoZIzj0EAwIDSAAwRQIg\nB1Yb1LXuQY6w/qiDasXUpXTHrI4wp6SUPVTm8ZK55tkCIQDH51z+omWJ99HCY+mv\nFvTP/Jc8O5nitlAQ9dETmUaAeg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIULSQHb9QdUpOskAokXzGiNLossd0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQeL8kAv09k15psORqOEbNTI/k6vSl8WtxfbUeG\nIsLedNvFdTgFH7oTx0ShGdRm7WRBOdbKkuBz8tIHByMzFlFco1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUN4UFoOdmiUWATBKQWO3o6AE3g/gwCgYIKoZIzj0EAwIDRwAwRAIg\nd/jRbQ4w7ntKQQU3XXnrb4gmTqG3endTdoD9pZ8ov5gCIBNThnc/dR0F9/tL7iUw\nSBYIvTnUsXeC/r2ll1RwklwT\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwDCCAWegAwIBAgIUSV7gIWw+2FWMNl9iUOAyeqYcJpYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABCG6R3EaK03hmlPLcpXgPJAN76HCWL21VjQvsO5S9xBX\nUiZBPDCG3gq/1gqzaCM0zGXk6mOr9DfDEXyxFYyaimyjgYwwgYkwHQYDVR0OBBYE\nFBhaQTYK5/Av9PCKnFm0aypqDGtQMB8GA1UdIwQYMBaAFDInA/9oE10YJkNOXKkM\nBuIvpnjVMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAlBgNVHREE\nHjAcghp4bi0tKi0xYjNjMTQ4YS5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBE\nAiBsO6qDhMWnhoo27pQR6rPkJqfxIRZT6uUK8GB6OK77jwIgWtnLtW21zE2zlxYp\nKECxRtqjou9vEmKYYLsE73kIgcA=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwDCCAWegAwIBAgIUKRZMWCNu8JSIi9UPFJ8x/fExp8wwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABItmzqSnc6WpY4YiBWYZJPJ+M9BW8rwJgHoMc+kwbn0V\nkeKy2bwn1ZELyK/crC4fAbEXxypGxUANSiURIug/pCOjgYwwgYkwHQYDVR0OBBYE\nFHf4SwXu8qQwgFyHA2p+AW8y3Y9zMB8GA1UdIwQYMBaAFDeFBaDnZolFgEwSkFjt\n6OgBN4P4MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAlBgNVHREE\nHjAcghp4bi0tKi0xYjNjMTQ4YS5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBE\nAiBoe9KtThNUxbIHG0qBm4MEbsvTOEHONuxciv8mfiX9+wIgcvMCwofyhQjWwvLV\njEH/cmksySSLQnJ4Qv5scMUISCc=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2687,10 +2715,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"😜.example.com\",\nThis should **fail to verify** against the domain \"xn--628h.example.com\",\nper RFC 5280 7.2:\n\n> IA5String is limited to the set of ASCII characters. To accommodate\n> internationalized domain names in the current structure, conforming\n> implementations MUST convert internationalized domain names to the\n> ASCII Compatible Encoding (ACE) format as specified in Section 4 of\n> RFC 3490 before storage in the dNSName field.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUJEFv6mED8nRnlg/uDVxV8NVnzbYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARHWennERcAHVT0z3Sb+aMT3w97RxQdJQuPHNCW\n2oflFJro3NfUtZ6u5oyls+g+bTY8ov4KMrsHmASjSJId7r2Eo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUUS0l3KxLrFP2sS3WapyifQDdMMMwCgYIKoZIzj0EAwIDSAAwRQIh\nAMZNFyATyJpNavOvIm79nWFodyJnsbxY63lZEbkvyWo9AiBaPaR2Jyw+m+83iWb6\nUKfn8TfZ+3hvGM6pX0dbmMFH8A==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUCw0IP6OjIKxnjK1i+5tE1lJCaAMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASXFzxklQrTxRJLdbP2IQU4G5jHfvn6fy/HsUOM\nwr0QORw2sUYT8obOOgRqjrB00ukH+mbhS1/LKHBnWg37/Y4co1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUNaZKGSkmstWU74/6h23a44wJ6GowCgYIKoZIzj0EAwIDSAAwRQIh\nANxcdtTbSX6lbdVKxn4+v8vkqljLhj9WY5kcmJZhWACXAiBSRf8xHTwnqlT9E0SQ\nbs2Q9scUFQh5FBOn3gNofWwr5g==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVygAwIBAgIUJmz9cGRNbeA0Vx/zwEJt4fnk/DEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABFXfq8TPVO/aylZfwLfeExjU9+uV0Z/gJm6hs7SPSrJp\nJEQGnJ4iOawB0Qgd9F+TxK8irWzSyKm0SWqws20fpxyjgYEwfzAdBgNVHQ4EFgQU\nWI2IInXjLrXgaXSCwfWujuTIIWkwHwYDVR0jBBgwFoAUUS0l3KxLrFP2sS3Wapyi\nfQDdMMMwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKCEPCfmJwuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAMPFVzfUu6NB\n9pMDsZdHRbt0QTpjnVfxc3ZtUhV+MI2BAiAM8bY/xwd48WulIKSvj3NKMPxHP4/O\nTIOkLelc24Yzjw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVygAwIBAgIUZkAR3NvnJTNJ/0HT86ww+PL4oFwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABM1deirwi3fUBx8zaKqk57l8iETdDodr6zqcqeg6jinv\nfQQTMlOrPFLQtdtAmO8wGTTH9mkrGqVax1nMwUIFhcujgYEwfzAdBgNVHQ4EFgQU\ncuIrU2gA0iYeYXiFwURFQOoWuiwwHwYDVR0jBBgwFoAUNaZKGSkmstWU74/6h23a\n44wJ6GowCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKCEPCfmJwuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgKBQe7nGCsOAN\nAMNjxYGQAyFoaqltvOxh8bk8m387ziACIEfqTmebpiQ8hDdaCepeDT6xS26rcOgD\nbjMm6J0d1XoQ\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2710,10 +2738,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe chain is correctly constructed, but the EE cert does not have a\nSubject Alternative Name, which is required. This is invalid even when\nthe Subject contains a valid domain name in its Common Name component.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUQ9WDEdmFn7fgvXK7GawVIN8ZdpowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATQ8HgGcyyGvG3AnrD04qjiA7eoxTcjFHf0kwL6\n/Vzf3QoqlrPO7L4fowopAczdkIaY/LXDfSwEiu9MD0TiVvNco1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUq+4vEeM6CnCbhhgxn37dqXTAYfswCgYIKoZIzj0EAwIDSQAwRgIh\nAIZeHvpdY2cZBCfwrcbdRhQcXa+l54lgPpL7JZ1t2NP4AiEA1mTDNpTyeOJgRL7F\na20U0VtmUIXyr3fUALB56ECVZfM=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUS4fEkYF128rA9EYY0LtLJ6HKxtAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASH8lWJVLva5juTRixquv69WBleZedOI/o4CxKl\nITF2fG1I+HC37tQvSWUKa6Sv7kxMZcvf6uVfXsuk1gEyaGiro1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUwVxzoYiNoHH14qd3w9rA++EOAfYwCgYIKoZIzj0EAwIDRwAwRAIg\nNjQZ19TcKc5sg8I6VmKBU8fkeKTCOiUKPpyqYd7e7OECIAVsC5u7Fhe7BvGJKuNS\nouKRDgAmIt/5/4cIXKnD+L1P\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmDCCAT6gAwIBAgIUFzxwfVkT0rTWxqlA7WY62R4NmkAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNXQYv9VyP1RkxrfpSEW9KT6T7Fsq4KXNy4YFOA/Xdzq\nG0iJYJv3oeAoroe1gouQcZOOJGlVCTSNxfcJquiNnmCjZDBiMB0GA1UdDgQWBBT0\nnIjfiow5n9sntWfcK11y0NhIYzAfBgNVHSMEGDAWgBSr7i8R4zoKcJuGGDGfft2p\ndMBh+zALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0E\nAwIDSAAwRQIhAJ3wlHI4omfPac2TiDbast6IuVwCrQOWyKnBRwec/5IMAiBguqla\nb3m8jF+8xzKwIBvB+qBgyhv4iFzKWGnrzqvX9Q==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmDCCAT6gAwIBAgIUX83HdS+dR3sbrV1mikjokbErLw0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMAvnTfNK0U6L9RrX68sYQoDWXqGPvDYnnh6LWWGKw8f\n4E+Yib7jH8nCL5b8EJyYzH7oLJIxqw80lXdK/zrqIzCjZDBiMB0GA1UdDgQWBBQH\nGliGHv6kiZewhtcW6lHLXCtWCDAfBgNVHSMEGDAWgBTBXHOhiI2gcfXip3fD2sD7\n4Q4B9jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0E\nAwIDSAAwRQIgbbxKSR83qu6Y4o9YDAuHjUdmIuAV9FQXTtGGBvSQoL8CIQCm4qg7\nAnuWTvFrVJ5AZXMdPmZ2404KBNKkgcvXma/Wtg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2733,10 +2761,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert includes a critical subjectAlternativeName extension, which\nis forbidden under CABF:\n\n> If the subject field of the certificate is an empty SEQUENCE, this\n> extension MUST be marked critical, as specified in RFC 5280,\n> Section 4.2.1.6. Otherwise, this extension MUST NOT be marked\n> critical.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUF/y6cGak2l5yVFYHinkcX1O/2VIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARNNlKqWprK0kEgbQWnJK8WqsLsTeHZNiFWaha4\nBNE+uEz/0enz4CYc9VYrlFLuFnn0tweACY9p/COUhdEo3lOpo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUZgPwLfy8mt85yI2NWycyI/HTIw0wCgYIKoZIzj0EAwIDRwAwRAIg\nUROZTQymCU1wB9242hbViwz0xU/+jaLyI61alVy4ihECIEplrNA6Vpg6ah68BXeD\nH15n5ApBMIDuSikDkMmuUAsY\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUbFjjBCzyW+jZtoXoQZwf5HhuhZAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQsgq3VuYTZQ/OUbmXGXS3UuzJ7KCFgGE70q+s5\nV0PQpT1qFYTEgC98MB9+6qh7xuJoHnoxSxwOKz0bLhmE28dio1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUV5mduPubL+1M4zuu3RVb9PIU7uEwCgYIKoZIzj0EAwIDRwAwRAIg\nL5Sdu5TyDrmXNYR/q1b3MTMPwZ024gR7P0zRo/9554sCIGVhpo0lTF9qxxZp1G+D\nrDRVDNyXuxMnY98FeKvcE3XX\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVygAwIBAgIUElv+BWnWvDuqqF2E+a0QRsISuUEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAZMRcwFQYDVQQDDA5zb21ldGhpbmctZWxzZTBZMBMGByqG\nSM49AgEGCCqGSM49AwEHA0IABL8q79lfRqE9WPhJ8MyqwDCi3BDTnqduPFfwD529\nHkzTqvBhT/XJ/5E9RfvFNcYpO+Eny8FwYi0CHxBgaNnp27+jfzB9MB0GA1UdDgQW\nBBTjl0CFSwajFAYPBuuIGJV7rJP3+TAfBgNVHSMEGDAWgBRmA/At/Lya3znIjY1b\nJzIj8dMjDTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0R\nAQH/BA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgLfsgE3RTt5mN\nwjjJJ9Y7R9YxWx/P932tItKVovhiTqUCIQCX/saaRKC9AFNxsba451ffIKiKWa9R\nE7r/e+R1YLKmDA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVygAwIBAgIUDNuxW++r46FokevTs9ho0Fqf4d4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAZMRcwFQYDVQQDDA5zb21ldGhpbmctZWxzZTBZMBMGByqG\nSM49AgEGCCqGSM49AwEHA0IABEWYWti7LiHN3ml+F+Q12LH3wxAqQ5+XPHX9BNJb\nWb8eusBuIWmRoyCabghj+NhOBoOWQ8DXuG9yUlhL3EqE51KjfzB9MB0GA1UdDgQW\nBBSwakXrDCj0Ai/UZb+g3OSrJK7o0zAfBgNVHSMEGDAWgBRXmZ24+5sv7UzjO67d\nFVv08hTu4TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0R\nAQH/BA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgNh8bEhaIfIPX\naMZXjtXPyZoYzdYFbgzrMfSbMNkqpn0CIQCaRe8TfVstTlOMBSKOvS1VfhLXlFm6\n13YXhMujPE1Hmg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2808,10 +2836,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains an Authority Information Access extension with malformed\ncontents. This is **invalid** per CABF.\n\n> The AuthorityInfoAccessSyntax MUST contain one or more AccessDescriptions.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUDP0tU1kBkc77XMCG28fDL08hxf4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASwQ8MIh6aOAvA3FzcCz8vUX3N6834KoL+ILJ6V\niM0j248M7pT8B/XkWdCme2JFV1xKFSL4bvhb4kpJNVZ5yjNLo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUo/R30kL2G7Pz8lhuAxxl/YydkRkwCgYIKoZIzj0EAwIDSAAwRQIg\nObQkMcDGtHpMt7BZDenWJC4GHLO4taj6+FvI19EDyjkCIQCsRWCfLht5BAw3CIr2\na86tPb27BnlD3u6VmVPxW+CNIw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUMXWMSheDr5p++VwP1fI8Y0TNz98wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATBwvMjL2M1PwdQE4NBdaqXx/GhEaoWQKb8RWZw\nBnCnmpP4mE1+SJmLOySzO3bqHqr9mKzeo5lEo3YoxQThngTvo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUIzsyWp0mjY27ijn29lAuAiJYl/4wCgYIKoZIzj0EAwIDRwAwRAIg\nbYnuRF5gGgRfv44t954Kb+W/qqvbcnP6upJ85r51fOMCIFbAgvM/bQ44YAx3OsX9\nWKfUdoyIQnlE18jTlJ8VG/DU\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIByTCCAW+gAwIBAgIUbifU5gheXDe+BUP/2nWEVYEO/KQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHPhAutOY+lBISFOpelvej8tzmUIOKq3vy+nRqyJisuP\n7SoOLwob1AvYQ1fUJ/uL4iGG4hkEdADgm64hG2299+6jgZQwgZEwHQYDVR0OBBYE\nFArw6d7Ghr8MCJ72IzrRWfKsfaZ0MB8GA1UdIwQYMBaAFKP0d9JC9huz8/JYbgMc\nZf2MnZEZMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAVBggrBgEFBQcBAQQJbWFsZm9ybWVkMAoGCCqGSM49\nBAMCA0gAMEUCIF3h/69ZfRW3s3VyS0E3+V8XZoWQpv5MAOf1n5Hy9QpoAiEA+ql0\nuuwgAscI4V0FWwiKHnXR81AuG90UkfKSb2uG+jQ=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIByjCCAW+gAwIBAgIUIgRz6Fi7XrzgjJn8Mxj7/vDDhOwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNAUtso9NP0QfmCP+1o+LXi+7DWhPlMhwYj3bVQb8jfK\nup1InqM1QQ7sKeZInJwYVtXdQ2eZLpGrLTkLzorGcK6jgZQwgZEwHQYDVR0OBBYE\nFGYP6ciMXr2HlNSK4PV/auCSpKR/MB8GA1UdIwQYMBaAFCM7MlqdJo2Nu4o59vZQ\nLgIiWJf+MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAVBggrBgEFBQcBAQQJbWFsZm9ybWVkMAoGCCqGSM49\nBAMCA0kAMEYCIQDLKr+ZNKTLEX4+BYiRy1f/fFgeAGfjN2MoOze6WqOjwgIhANpS\nUYU1amPn9tGs0gLBvTRsqdovU+gFCuNrgjlMWXsZ\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2833,10 +2861,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert contains a P-192 key, which is not one of the permitted\npublic keys under CABF.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUUSQyjdBjwpRa3fhhcp3wxDt1f3AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQXKl4ykerCo6zdgdZmC5zZXnq1mwI7BA8nQ016\noDqKW1X1uFseOduozAOumPRiHaBwOAyzEFC1gtOPcT9BEJouo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUHvDaUSDE8em2pO5iss6lFbuhTScwCgYIKoZIzj0EAwIDSQAwRgIh\nAKKaQt39FHeMUQp7+kGUzU2W4Uz4KyOS3OE5r8mWWzmmAiEA2rXmrUg/99t8v6yk\ne5+5Uto6V4iK5S9wDfmCTDaaJM4=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUO8oiCcIEf8Niz690AvrZIIMDMFMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQE3RABpqLVESpTKya4oDavrTXD+Zjy47z6I1fh\n/p6DupOKH1LrMBrTp8P2LB2OL6jgKBUDMGQjeek0BW3fLBQXo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUjqucQFuviOx0Ry/veEYs4IadLYwwCgYIKoZIzj0EAwIDRwAwRAIg\nPLQSDnHQQWo6Df8MbmXCmhDV1KJweh9khKm5KlVtc1ECIB9fwrIvqOfF3ZmGNY85\nyDLdNDJXO/IO6knls2TyGRIc\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBnzCCAUagAwIBAgIUEjjeX6+ZrLtGlz75lukmqnztcnswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBJMBMGByqGSM49\nAgEGCCqGSM49AwEBAzIABBr923biq3RVJpTzRmvW7NgGnzYCrQQw+brULgAI4X0u\nZT1qxzR+b+UhMK343C/AAKN8MHowHQYDVR0OBBYEFJc7oHrcMJl88LOU0gQNSvUy\nN4TbMB8GA1UdIwQYMBaAFB7w2lEgxPHptqTuYrLOpRW7oU0nMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiAvviFi41tipD6ehvo9mNUAQnCb3SPMGMm4yCNOiDHQ\n9AIgV0Gonj4v4vQHKKevmEwXXj/J/SDx7N44mYPog0n3dHg=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBoDCCAUagAwIBAgIUTgaWVz1PfsOzz0qTXxWxCJ2j2AkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBJMBMGByqGSM49\nAgEGCCqGSM49AwEBAzIABOd5YIYabhNz0jD9JM/W8EyXRw1wa8EIp6t3nIN9jFj9\nfsYDvP46XOOGKZ9m+w6y4KN8MHowHQYDVR0OBBYEFIceUMZl22x3DcrrRRCciF4d\nyCkLMB8GA1UdIwQYMBaAFI6rnEBbr4jsdEcv73hGLOCGnS2MMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiEA85mrYFZrVTQwiGB1Hyv32Pu1+czARYIcnGhROoQ8\nrUsCIADqHkN/nFg1xT+5hk/n/l9gxJG6W4ehIQM2QRsdcwPY\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2858,10 +2886,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert is signed with a DSA key, which is not one of the permitted\npublic keys under CABF.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUC3n91z5XgahO+0kpobog7VshjU8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASxbxmVT9OTDAQ5VCwWY6OPEamxhg6uj8UqWbJL\nOz5J0gIeChUv79QGYzcp7IRsR8x7dNxdlAprWeLPjLfvS76So1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUHYabOMp2kdsFxC+UECNmcGWiUV0wCgYIKoZIzj0EAwIDSAAwRQIg\na+7vkCqozNu7WhhvF3dRNldqK12ONvEYUuJ8q4eyCXQCIQCNCVFO+MeO0bwJIOcc\nI6RWtc1DkykHW+JObyUDdS23gg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUZl1aFeNOTB3EK+NQi1mmaNQM0M8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQmtms6XcF6XUoxtn0mldEnigcRdJ2h++D1zlY5\nBN6riekgnx74Medjv/+D3zKuQ9MWya/fqZNEd+38PobjxFozo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU7aggcyJMep+UJbdQTgshmVTb/mAwCgYIKoZIzj0EAwIDRwAwRAIg\nNOi/ykE3SzXHjgHutZmrTi1dtaC4KMxoMPnldfCl/1cCIC5ioKMvLVQjFFH6nsTq\nyp5NBPrkP7k8LiRXcXfq53dn\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIGHjCCBcWgAwIBAgIUdqeg66GQvRz0ocvYkrDdcJo5mFswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCBMYwggM5Bgcq\nhkjOOAQBMIIDLAKCAYEAjhP3CGZzF1JuLVTasstQoOVImq+glBqjJUoSejvK4e/I\nmVjE7eIfuvqmsinBzd8EK+Mncs+z+dUbY8hTovbe1JRA5uTrRB7l8v5JhCQssmVt\n+uQPU5Pe0tKA+PQo6fJmfLXLn9aw++1WrH04atfuN987LjEgWsaWq1WfwHWwTM26\n81gkvBNEoI4PAGrb/uh4aVDz95zZWdkH+5B4RoJb2PkIWNY1V221996n9AoOiCR9\nWoTXGr2Iv8/NB4lWwY6II7SRq1W745CTyBvs+rwEsrCuTh9/4DVMUaObnergekEd\ng4te9xvZF9KLgIsm3uQTObvzCr2Oaq0B1gyysyynZP7oQXI4WWLwLw2197tb9/3a\nIfE3UBvDg4sIGflvDgcqttko0UUBqLg/V8WkRpOOvGghICEhnjUCZsk0hVX5TAei\nLGHkyybBbPSgHC52EL6V6iqlx9Ui1Co+/j7Vn+CqUM724v71OOo441xNDY4rNDPN\nKYeBGCy+uih3i+GOCZFzAiEA+sLLK5G1MTW01wMptQj7y0+mWNLr+mCnBiOWT+nY\nk2kCggGAB0NO86VlRiTPVyRzY9kpVgrBYTX3vawn4IfoWi+o4Lr8lE3C4lSvWM78\n1ZreQnWmIFFSH0VAKGWDRM5a3HzQuy7ktGAvZvv6RthtLG1JUSRGViwo5LolReAx\nbvhHKAnYqMXIvu2L9dH85c+xXTqOb40GjHkEmrbvPJkLUguyN79gGSX9Em30Ao2G\nrK+DEDwMwdjlNpCg3htIcYzOHHpH8Krxpm39fZYyndeGXj77iLKMZ/ZMIOAVxVKC\nDDrRwNKUfVNYhllZPYYD7WGveij/2Gj0Y2sa8aqXiiBqcYvQuUPoRfaCaPVoXmAv\nBVmVrpmt4FACEGoXl4ZEz2Jwi1pXHHKr5UVOyuptK1Cbx5dy1TcNQuNeFeIa1u9r\nQ8wXokaVBKd8cvMAbHglcPJqHcEg9iSNmlzJzp6lCw1Lgxvxmhhaob0mp4mYfd3I\nCxzNfp9FLpcKSvM20qFezCNUsacVgDE350CZKomswiESBeL7tdLuJ7/UGSxS4zlm\nGPV1vuu+A4IBhQACggGAZiMIMeQgnLSnx05H2I1gcQbi5H1BLqCE3/cwmxz8piZd\nPYS7qKYVFbQIiS44C9jTIyjvU8+DY11f8Z5Qh/xaNY5OGaVPs9U8JDmOaCH0ePDE\na6tCBRzdPNV1k0ludCrrrqPIUoleYnEv9tP/96o29Hll9YGIbhQ8xZhKraSRRXSx\nsYM1B5W8z0UtAZcUxigmPuD0zraZo6upJOMM8Xl1v1pkJHvAaOvstoiOuKOEfZsp\nm8SnQJ8jle+QFE/5+Zmx67Qm1ir/C8vcXB5V6/r6KjlzpeVi7OqxNxIK744cojzw\nQIC+ZSgiROX5D2ZFaWH9YT7NtIS0vos9L6PjyJJDBhN+sTyhWt67LeVWBMcwP16A\n6UbirQJpB3f1sA0SKNlQiqV9nJR0/v2Qwm6DrYZ8YzcVngp5k/IcEhNb93eq1W+7\nBR3jrFDFGbQbc27bfZqkVUG45XyPsPJXJqQxcCsXSktDg9FFOhq46yFk1UpM38D8\n6/7bOxL9g9yk3Gs35+tUo3wwejAdBgNVHQ4EFgQUQq5a2TbL2lGAFz9XQZwJ7dr7\nPEwwHwYDVR0jBBgwFoAUHYabOMp2kdsFxC+UECNmcGWiUV0wCwYDVR0PBAQDAgeA\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoG\nCCqGSM49BAMCA0cAMEQCIBSf/VgVlolfDMIB8K7H+X3NMO3KpC7I3pA7WomP/mpS\nAiAwBPY9pr8q/uHT5h0Fr48erOQemTEEkrHBifShLh8gcw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIGHjCCBcWgAwIBAgIUGjjTXbWvk+j/fFGwIsp+EVQ57PUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCBMYwggM5Bgcq\nhkjOOAQBMIIDLAKCAYEAz+vV+W4KvpeWIlamWYPyHvsXWJloK+/M60ej3bghrJpK\nktUL9eHtLIqI3shGzw14pYEbRp/xQ0l6meZpzhfP+FdeLREqY7iUYVH2JurBwj93\nXYz2kSFlQxc7+LlstOej+//hhYzhvx+2QV53J0Dy77Cc58X6VDcHljyze+fsc6GP\nKlsHTyv1z4uvaJ4kLYbjMWHN2J6tEH02a4uDf1pMZZtMdy1mJlUNgCxmIzztiED6\np5sgaQF8t3UdTAA49xSgi6VLILZFQea9FQFH1IXGhh25Fg0ZT2Vc3MBvbE7VfJCr\nTBd0dsvVU0YuzrAooaSXw2TmyI23BHfYZxGYfrRq47ocgHTCkwLMSq2C+Wwmawo5\nieieJblrjkGbtfqMRiGFw0ZS/7YzWetW39b3ZOI5QnHHqCOoAxZtAHMsLlJJqUFd\nqF6T0JwQu/4fhOPZ4wKOIt4ebwR9/YmBqrakIM88sMjhh53F3d2eoOi40k2qkppT\nyNIvx/wNNWQD1MSnSLJdAiEAhDdqGfhSl9xA7lgO0w1enHEd3R1vg1aKK1xu2cNj\nD9MCggGARM2/8guq1yOZcoiBFSrWZ8K/tGxdqvKoJLeeTd3+MiI+UVQ1qotkPGO4\nkz8u9DY0Ck3zxIZ2KYjCt4Y4qi4N2KmbM57tC6hnlvQP02nlgJUtQ2kfWD7iIxXe\nMAVCzIeYSZgL+in0zu+YT7NMshOSJ8Pjl0EORhxU3Uk2nxmhBTemalFCjtOcNQ1b\nx5poU1Zp//8Gyr9Xr/RXy1eRUBwK2UaX+9mMxhdQ4gX00E6IqN3KyWaqZd5WPBVZ\nINcF016MzRxOdbk0Y1/uDhi1f8N4BlmpZjWU/SUiU8kydRHclfKFsYxj3823xrHr\n4GH8VFd8o8qWT824y/SXI6vYoyo5S5wR7/0JVdl9edn9zhwCDsgAApXkDwVMhL+x\nrlr0m3fib7lrp2zPPwBML+dD/SKg9liC3oT4NTHgCKFzP5YLE0wJCY44RjKaEpHE\nf4tBIGPq+ASOKYPJcXHBlUsLqiLSIKejC9E/s/UmLKQPkIp81hHlT2MW4P2cSmq2\nRRKABLhPA4IBhQACggGAY/qAHB7NQs88PL+v1Ozyl9hK/3CzmTm6XhBMHXHCD9uU\nwR+QFzHaNPjAL8VmJuCmvC1WoVCTdzF7YYC4eKM1pjhNWlyCUTMpAyEJfa5kKZix\nLoXypTi6jhxACw+s4aT5kayQ87rIzejVHgvQVH9o3FrKivwW7o3HQQrfD6uOAPhf\n6ovNFfPjDh3+CoPb6KADAxPulacP+XTl3abNXTVEtMEvgcNUKnTNkcOvxF7hDi5+\nxxpdKNmg0zxiXsjYVh0ziqXujrK4Z50ogt2eCCyCmR565hvdoNyDbJz8GfKhlWTI\nAzGjJLLqG0rLZytU+c8ZYF7VGuR+6aFtW0b11QMiFWbQY/lyUYZKTBzeSOzpILSm\nEtsFKnYUNXAdPVz5hgRw/IsJwmDZ+GR5jGRUIMZHIm6JEMdiUb5C1mNYkOhhUcG+\n2IwqJKYRyXpQdE1qNNQwkfnkwTtX0A/ayFfqS7reCtcIXAiBCHdQMQVwoEhorNRp\niSLfALF1r9zh6iYmzamto3wwejAdBgNVHQ4EFgQU9WkZhAouBNOgCcRpZr7w6cYv\nnMgwHwYDVR0jBBgwFoAU7aggcyJMep+UJbdQTgshmVTb/mAwCwYDVR0PBAQDAgeA\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoG\nCCqGSM49BAMCA0cAMEQCIAGP0gyTYZSVDPvudGBMYBx7rg97ZqQrUVuln6NVCWOu\nAiBweksCvnCDx4rpEMHTqup5KLsLgSWL32jORPciH6ecZQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2881,10 +2909,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert is signed with a DSA-3072 key, which is not one of the\npermitted signature algorithms under CABF.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIGATCCBaagAwIBAgIUIR6YewslV3hhk0iys5iCkvo5pqgwCwYJYIZIAWUDBAMC\nMBoxGDAWBgNVBAMMD3g1MDktbGltYm8tcm9vdDAgFw03MDAxMDEwMDAwMDFaGA8y\nOTY5MDUwMzAwMDAwMVowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MIIExzCC\nAzoGByqGSM44BAEwggMtAoIBgQDqPhOWo8orJeGo5gL+V2R7pt9eD91QshViuLv5\nZQrcttplJcqZtD+kjnNERFhahuzpUPWukwiDfa9h8Vn6KU2sGLveX1KB1DGF0uUx\nmsFLQ2xfshB7YLE1IHypTbbqKp2s6uhVxQd7TLlH2TfG3GXxRmtQ8w4rtpNOmtgM\nvVLQHwlFI21VO1bpMU+bCRsGJbkRPnZn+LgxtxGcloYQNBUxNgsDeN+djSdAov7P\njOgwOIVaEfWbipvj2169Wpdd4zAYhPP8wcxTA1EM9wVeA0gWzSCm2RBXX8xKZTqo\nd5KyR1MzJ21/Y/GAzzOjYbVZ5H2iuTPVE5ytL+2YwSRgaXUWekC6VUQ3piP0ecj6\nzfwTaoomxPh3ofkmWQX/TmKa7A2i/KdJ54/n+ZHpN3rnKmESsHFsosOvWX07QOLe\neeHvSbjCWce4oLdmRyoh+KrgAelMiZVnOXPD9xVbQyVA0jmtauceNZNeB1xM8pqX\nTfwgli8pRF4WITtBPDSPX0r9x4sCIQCrnmvYDEHRSoCNiLbv0qrhQ8cpSI0yZngm\nBETQBaWXIQKCAYEA5s8VXIY/HlbZQlXIKnurJ5W2BZ19PqNreKsS25O4aeoRPKaP\n1HfP/yy0Sxas6iDbRR/D5PRHDgKJSWL/IhkxT1ChUkLi1FGAdy0OF3ulersnAYL9\nwlnj1ekvYSfhQ73R7uAk0ueKegM0GByIOeM8IlcdOd05eRYefFap78GbbBQsClCJ\nsZTc8yTZWW9xiqbCcRDFgDH0cz4s4q97wqspC6q+3nx6Yd/sM5/3AlMRB8c2m8rG\ncjQJSNwQtYjGbzWFkb/Rf6uR8icebCYZQlmRru94atpxKJfHw4Xbarq+FiTkxWEL\nLHoBLpqmXsC2It4WckyKjg1u2CabQSmAXDi9QkvmKO0eYS8vj/Cvo0IL839gBjMt\n+el/kMaJAdUXoU1ATc6zalVIjh59zDU8OGHUgxFsjXRe0cm5ZRdxsu9smTY5OKk2\nfm46ybBiBFH/Buk7KY1KlISTjxBLo7Co1cwMU1NZ7Oi3bBPEDYKd48GQZD+cYo/u\nuMrG6hp/tADJG27iA4IBhQACggGAB+AIIq1Uf4v60tjDTPFYhIjMOlt1/Vgp9cgB\n/aTfuSDbvY3lpplSqsSDd2s6dGFU21QgVsKjA/tKa7X4bjInHa4wFn75kLlHcdyR\n69dvrY+ex9crxc6yKim8dNcxlZT87VfQtK8jOcdvGZnvvDEKJhhSi3opsVEkRrI6\nBxQj/zcG0dtkCPZ90Ihkgx05M7cAFYY8XeaS6ZvRJ1hm38CwktgWnu20h/3SiUZG\nbrbFm4AURsENec3p/tu7g4JKEn7lrV5GI6S8lj9ogkb+8y/p1ymTL7Ep5uJaaO+o\n0x4ACQmnZWb8ZYMBI3iJp46+W+HCtOZfyPpj7wuR8FHaWVL+ER9ji+c3pw4yhv6g\np+G+uMCV7uEESXywDuc30sub3WpCOQV8ODRTp0wWqqNXcQZt4tGX6Z1M9KhGPVdm\nHu2pCNiJYqNroRqGjfBz++dYDo/HH/pCd1UfkW5NSir8x0H9BbgnarTVnxfwQLX6\nti9kBuxSO3XJMiu+84Ve+NPa+pyho1cwVTAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud\nDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAdBgNVHQ4EFgQUNMZpJ4kF\niIKrelQBbJtPfZpvGx8wCwYJYIZIAWUDBAMCA0gAMEUCIAKnbcYR0M0FndiFIwDN\nAV7206bLeHfcoURk9ecz/eS1AiEAlmuBWOQbYbC4JhAoXnSgQQA0jTrNBFR3+P8P\nvSXNoNQ=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIF/zCCBaWgAwIBAgIUIIIQZzO7OpI3/uXAwtbtuctzbr0wCwYJYIZIAWUDBAMC\nMBoxGDAWBgNVBAMMD3g1MDktbGltYm8tcm9vdDAgFw03MDAxMDEwMDAwMDFaGA8y\nOTY5MDUwMzAwMDAwMVowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MIIExjCC\nAzkGByqGSM44BAEwggMsAoIBgQCAcF6V8dXREKdoPwGtVzqs/Jvwsj81RUhUHbsW\nT9yYsLO6IN+zWxRCklQpVJGKahmgXpaNX4yiB9fMZxFrbm8CGszw5WNxSQgMjdfv\nya0jM3qPJEKGeHXvx9TGIj+MqH2oBhwdKk5lMSAnGo+odXlMY5DkTjiMH6xDKIOo\nO3dzcFbJdTnfNOGcG49rIIgwf2wC5lCyQ1vcQL2AXt7npd/gTbl5dnfhwUQ8GtQ5\nZWa0v2yIUs60XwsIprNSE6YvsjMMAfBG/8/lZ4OG1Cr+TO9wtiva64AsL013FX+G\nMlPJNkFpC2VS7Lh19RyK2wz32SozO1WvEEvkVYDYPfBsE06xkxg4fo8NPGAjRL2E\noizav7/VdT7OoXrUVxl3HX6T69ay0xgfZchCE/6Qlo6iV65JNE8vZ3cG/faEdOSi\noyXInntjLljp/YOU3zvH4YHwmdCcWzXJnJs7XWAaQ4JS3xfChhDK9NEMoaUV8ZYN\nxcB7L1C77fIQPOWVwS3bZCMoKLkCIQCKrG/9cSB7ME1h9frVWwAp1ieQ5EhHSvcD\nIr1Bz9IaYwKCAYA1H7Wz+3yMzZife9cJxbtjjuNcmA2p66lv+UiW/pou6Hp4CpGl\nwGcB0+vuoomysaVckYO67gtXiopeI9hxx8FcwY+aNWyLdPJ/jatThnEj7oXdDZ5H\nzafIPGD4iCwip7VQTtR8l6VFZZxBcuR4DGMqeIlVhlMNfKKLp9j01E9tPDtvN5R6\nH3WljMQl5OtGnxWiDQ065KDqBI1OI8nz1BuPtbbCj6ePvNEh3zkYlz4NXHiRUYkO\nOHLY3p5kUXTzn2qRw/iJoPzVvsWXVF38VwFIBwcJQGH18r48RYX0Mg3GDGlrXJ6a\nxDNbyHoGfgXkrTfDM9LC6H6W94IbtM7zYNAxUldqH0FmsLdYHGmW60aAuVfKPdfC\nzE1CWoRRfnEF6lMeSKX1qVH5UUaRE+49R3Y2KkDqHguSAulTqL/EsCJlgp5lAOKs\n24IaVbBURTq1tnupBICWuNkfLijVutmVVLkC7vsco6U2rEDoTX/XeEvv8R9IjlBS\nnr3dMLf6e6HGDjcDggGFAAKCAYBywJ3Ne4zQlvEMJE8uahH7KV0i0bUgLIuAbc6t\ngGaTgopi4f6xtrdGTShzCHgl4aQiZuPnN74lySLrasjAmcjYoIY7FoP/pnabbHmJ\nY8IDQJ6ut+RDFp7/Frz4QgMCtCxMCZ9B+MKm4/avb5iV4cqF4Xmq6th3rCI0RLeT\nOs6i/8v3W08GaXqvhpA9DaEGY5kwBFaZTqLTtq5R5xdwgJWkPzRgtYFaKDWpn6m4\nifeNuf6VeEnHMR22dDxzMTbDTf9nlaywKi0P0l2b/WqdjcltRgIGnIIIjgDZRODr\nlHVhdG1qKbP8OPg+8Dvrcjf2H4GrBdU3wM5b45iqMp/UnJ+QsvnNKFgpDdVRAUhP\nypQ8f1Boy+vCbLF6S+dT1y7h4xR+4ndPcsNXR6oFOpP08T4xVzPrhVY0Ko2oUCvI\nK+cuQsUILXpo+f+bLHN3l2LMxm69n0dHbHqokGKYoanEIKR5sq4DFtIG9y8vZG8f\n2+jyET47byydE0PlKO0V+98Fyk6jVzBVMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBQVLIDGvqT5\n39gqEicKbudka3obLjALBglghkgBZQMEAwIDRwAwRAIgDuvj6/prHdYT/Hg1PXlW\n9wCJ9rXElEekNvYqSnZykecCIG1DPfOLT99eR6p5Wj+Z1Hbl+GyoKwnDoALxx6Fr\nhahl\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVegAwIBAgIUbUf+K5Vhl1n+bypNsSb69CNGapUwCwYJYIZIAWUDBAMC\nMBoxGDAWBgNVBAMMD3g1MDktbGltYm8tcm9vdDAgFw03MDAxMDEwMDAwMDFaGA8y\nOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjO\nPQIBBggqhkjOPQMBBwNCAARd1TscGLRYdb9RAKFmoh82Cf1UvsJooys4NQ6yr31s\nLOwUvWwvd2vxAmzzn/eCqt+4ERwH1U1AdCiWoEh40Ho7o3wwejAdBgNVHQ4EFgQU\nxsSd4qDIw6GsBoiNwWIeZDpiNIgwHwYDVR0jBBgwFoAUNMZpJ4kFiIKrelQBbJtP\nfZpvGx8wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQP\nMA2CC2V4YW1wbGUuY29tMAsGCWCGSAFlAwQDAgNHADBEAiAZk4J6CC7kDZ/MuOcM\nSlJBaRlTPhl5IV9w8IRI+jEQ5gIgGavhU0ZfO+7Q1JUE9dTUXs/7tE/PsmuKLaef\nXybTD88=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVegAwIBAgIUcvAmcQ/XjEKGp32aiTFkuHI8xtUwCwYJYIZIAWUDBAMC\nMBoxGDAWBgNVBAMMD3g1MDktbGltYm8tcm9vdDAgFw03MDAxMDEwMDAwMDFaGA8y\nOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjO\nPQIBBggqhkjOPQMBBwNCAATpQm5KD8fU9zPo00J7VE2JlUdrY3oIejekOnnHrmT4\nxVvKkYoAblM2rz/uuWmfTq+B7SNguW1XHEX2kO4SK2w0o3wwejAdBgNVHQ4EFgQU\ni2V+V+erb7sSL2TSnoex4keSwhkwHwYDVR0jBBgwFoAUFSyAxr6k+d/YKhInCm7n\nZGt6Gy4wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQP\nMA2CC2V4YW1wbGUuY29tMAsGCWCGSAFlAwQDAgNHADBEAiBq5821VStGGlSvAFbD\nFAZnds0qiIdm3yhBLogjveIHRwIgPu9d9uZQe38ZES2pNPkKf/DObLuxoa3ArRsu\nWdfFs/4=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2906,10 +2934,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert is signed with a DSA-3072 key, which is not one of the\npermitted signature algorithms under CABF.\n\nThis case is distinct from `forbidden_signature_algorithm_in_root`,\nas DSA keys are forbidden in both places but not all implementations\ncheck both.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUFdZrpLLbgoKbGsHP2T/upAezIgswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATHYirphXGhRnKW5zkOspTR0ClM25mGrrmXpced\nSUjdlRGLrhSdgdH0J0oBkZlcFuev0a6ovGOW4KmJlHZQws2So1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU3fUM6QTYUu5qlPLNqjsqnDS5uqYwCgYIKoZIzj0EAwIDSAAwRQIg\nbjLC9aTPhcq/A9jON4zlD7gDsX8zh5mKO/U3qD+NYt4CIQDAR5XfV52SGW4aQTW9\nnR9wog2E9pHg5NbrYFi3eS341Q==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUUFKBX3iR+j8CQEnGWowD57VuLj0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASbM0kiW5+2zUMyhsVcR4pkpDNANJknDk+d0yv0\nCfQScLGyd/qTileQJFJ50qyfgsowXwiJtyyzF6NpPjPLPfIFo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUmfPoPxASeahBEV/1eQ36lG+hB9EwCgYIKoZIzj0EAwIDSAAwRQIh\nAN60z+IFfXbSFlV6DFj8lNcrrLkQboUrlEzx5Fwt28ztAiBEbkU9+zYKjJmvhdbH\nFifMmeGNpvllg8GRU2vBZRSA6Q==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIGHzCCBcWgAwIBAgIUJ3rH+gleAbpE5pOjG0+IlosATgQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCBMYwggM5Bgcq\nhkjOOAQBMIIDLAKCAYEAku5LY9RKImsLiNG4a2deAmUO9Mt+W/Tk3O5QjQfj52YE\nqNv5QDZNEU80H5VqS489y1x0Xje7PBJKgZQMJvqfgyr1tR95U1ogPRGMjVCayEE7\nk4be7ooCZakkfvm6QwDF9FM5flX6W5pT41Ai9NN53tdfZdHKnPNn/uh+Pzw8mBQ5\nHWScGfxBQ0HqxcHHTaoUfdDtIq+Se4+j6FkRskpGWBD/HlxJJtvOAakgG8wfzf2D\neMpuLVLqB3Y+zgpKDTAkWkN6/npuIXLOS3OOnzvsVIcPl8iyek6iDtVKEBgjJU/k\nchf5yRq+z8cjFf45MiDgEd6jTr6NwyHOQalJ3cravTiFb9u2ZI2vH4O5fLcNdObx\nACkAuk2CiI8q1iVZlnETaKs4AU1XZjDnXsndj1tVTzgFz8BnLW+Y5t/uAcPqfuqw\neHNZ5Skal3bUMCtF/9PUk1Sa1poIh3HN1dgiVK7yfZN9frr/UP519SXq8LNxijlD\nMEADOaoO9UA3kwstx+3hAiEAp+KmDUBj5rndJHR26dFe7YNHI+b5hqsComD0Ih4i\n0d8CggGAQSb5n5a4X/kQVhv4jvQckvkjDqwBN5uj8+BOygsZNVFaPmFNEq0QcNqI\nC/DjdlBVXEdhv1xD6EfNzQsm9tc6cVfqMNdoBLmPtlvdrlbsx+pn++fNL2xaPBqE\n+lpw5HzlUJ8wb9quY7rWFrFMZ/9qyfN7b7buIidTccckft9HvRJKF0tF2yLES7yN\nw3TykyHLT+lJ/WyiY8PFITXkPC6E6PdR9EfPAfVKeHp0YcJFvchrLHeSwRpPAeaH\n7hZ3bED2X0H1/IclFeCGYtg2fDMjm8Mr34U0YAwqUlZx6X8BafPS2duQDrqGLKyF\nZx/srS6HZL7RdYegDGdHzFXVNsXtvy1gETKkyEm9+pe5AQulYCs//wHL06AnGYFu\nQGFQlIdBrRAiamN6I8EMnXyg778odybpvWNbSH0XTxoeQFvFMiiRV8O1lQlul1EA\n8LlWlDDsXxHiauZeQvgQYhxj8TGxQgyRtryw1GNrmlgUSitLnYIuyl0VvZqFaZyx\nq7b129+6A4IBhQACggGAZSBnA8bWAt5OBb1DcVkqHcsFL0wD4M90RuJhMOgxsYil\n6vPCQGpJGFUPSyKZt5FdsJl7e9kwep0awnTJ8SH4PJUEyV10lrN6jT7JViUPW+2G\nSfeDnvq+yH3WBsDpzEolQCYhOAUV5OMLOZoMXjf2bWedNSs/RtJCWBzwVmqu1sdX\nYMfxUZSEJRCPICQLhO7ohY/r3i1ETB5+TptvtpZvATig6LjkJQSOjhA5UGrPrtLP\nZCDadDZX8vkZ/OdjUC86BlcZ+iX4xdCt46iFbgN1WGiKCrizBuZHZ0DUV+ng2SGA\n2hrtSClUmuU3jskrqMGeuj+P4sHxVS6yNVfPPLH8W3pe7R5JvA+4HC09hX240xGN\nMxUnO3+E8M+qFTddRa4+WbNIgdM7AOCO41ctMfYvXlK3APx98Y/bX3fJaVXe1BKo\nFWXb+L7aEh60cC919so6QgQxUePIt9Y+5N4SoRRWAly2dyaxFLjILF0KHv7mjJDJ\ntcgcLIK/TiSQQL0yDYdio3wwejAdBgNVHQ4EFgQUFAbJOEFOJvifMTibjBiA4OjT\nz0cwHwYDVR0jBBgwFoAU3fUM6QTYUu5qlPLNqjsqnDS5uqYwCwYDVR0PBAQDAgeA\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoG\nCCqGSM49BAMCA0gAMEUCIDPOo8pMxOxe9M4ToHxM1Ue8QUZmj7hhHVei1xKf/jvI\nAiEAmc4mevzHrsNm4VCJm9H6XKOPQ4dwN1oFPtm6jIgSNRo=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIGIDCCBcWgAwIBAgIUK3QElbnzCHaU7Yyyd17lWzqd8zEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCBMYwggM5Bgcq\nhkjOOAQBMIIDLAKCAYEAwG/mV5VpS+fUk6J1HhO+6JFi2sZ0ic/tjV7D9/b6dof8\nDUzxw8GOjEixOKtbuCbnTB/QBOvx38kKM4mWalL3l2VLFYLNQmurKqN35WYpQs91\nFTCk3EgQtev4baesYPblbjrXptB81ABrUM97NjWcPT0DMlwN0ftkZL5p8PIQzEGy\n+JUgeJER6nw3+AirTlmxO+mNWY2mitMOIK6YNnzpKhYlXYmIpg46AHrcVTYhmajj\nnFT7/Bov/AHaikcNRuvh+2ic21X9N/bHpbrK4Id9b7KCQ4UrhBjsgH0cjAmK+w0f\nmNxOfRYv8DohieMSUISyAnYI7tCtdp7gRfKSZ4jt32KJwRKGQ0R4e+9WAcfVeu4S\n219QDgSVNyrXoyZ+nTM5ftVMF45slBs8IFsQfZtLCaEaXigPVnlEuu9Wz72f1MAu\n3aO00w0bw9fuZdyUtVbc0votElGcD6+FpUYXkTgbIejXG17P+PcWqKypV6EupX1l\nL2tfQNP+pTw8BDBFj0OXAiEA9YhSce5tjZBEM/ARIYFJweT2U3q+bCV1J7sAsU6b\nHWkCggGAOiIZmPUfPQbAeavyd3y5suQhB1nyaBhE6eD2YzmcCsnpeWrLHRfQBU6j\ngxwqVEBv8/YUs+r3m7BLAhzDLkx0o068zF44tBekXyTdNyUJuZTPsU+uw1B5FeMd\neCTN6Z4dOk66g/ap/t7Hcc3rZtgo/DBKXX4J2bLlgvQRAL9jeDOvnBrhPbFQUhEd\naQxOjS7kwrn4hNJDJoncl1uX9HwoOu4QYLVqotZf1ngExu4zWO8O5MuvHEZvZ3Fp\nPFK6KRBnNPIaWlNpt6jbrTSTHIzOPJzBnlGhcqY0dSEWEpWfxwpGcGpRJMnexVDQ\nlULg6IT8J3uqW0waaiTJ442EeEorSgkOTmTxwr3GTahxJzDHN5uULEGqoP5DtBxh\nio8m2SIoltTXlD7sWsjxu3fxOmZCt1c66662ft8sqWZmE4tYIKUiMXeCFIXtGHQA\nZqU5TcPKsV1zoFmtrrC4ccU2ArDm8I95Jp9z6d6aCMV1KFIOeNRxaMdiXQwDUJvK\nbL2QightA4IBhQACggGAcqlztlXnlrZwrfiWzB9DLcHmskRMIacQN6Rl9C9YjiR2\nZf1qYs6iOkMEnKA3l81VZ8kjS3X6gcT6zepPAe9hT57/YCMfvunBuUZlzR3XOlKt\n0krOMlIG3uN9lY7Jdt20GdTe10Tz+Gj7mCnADsn2yBF0fg5ZBcMKSPE0yvcLPyJX\nHf9zRwWmG4n7suszJoAeYak+TDqooMiB/6dNd9HQ3CBfRumP4djV7zD3Vi6gdj1X\n32nA+4yxMUyW9QqiuuVUwy+BhcEjOfW31nywPjAIIVVritZVNPXfsUODzYygpWm9\nyHiQooiULlcPnfiNmi0/+F+jA3akDhGQX8foUFylGcjO8zcJFxewLJ72herTQwq5\nTLxadMwCKPjFqlSoZSZlmjEUPFC2YwhzPIbnQ5DsBsiUMZfIPI3Fferu/REq0EMR\nTVZAf+FMiqngqWI8hkzGKac7KuB/plKkcPFVQ394QV+yXJQbay5VY62m9QNwgasb\n88KtmqiT2ClC168uAfx6o3wwejAdBgNVHQ4EFgQUT3VmuMGCbIc7itzE9dxs48A+\n+4IwHwYDVR0jBBgwFoAUmfPoPxASeahBEV/1eQ36lG+hB9EwCwYDVR0PBAQDAgeA\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoG\nCCqGSM49BAMCA0kAMEYCIQCUMqMqJ5JIj2bHCfe4t6bpeWQGsrO4F2T/nWSEKTKO\nhAIhAIcGvoJfFKpCLDJ6knuQOz7kWqwj19rJWLiEWtRdHer4\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2929,10 +2957,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is correctly constructed, but the EE cert is marked with\nversion 2 (ordinal 1) rather than version 3 (ordinal 2). This is invalid,\nper CABF 7.1.1:\n\n> Certificates MUST be of type X.509 v3.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUfFbYODLrgyE8Cgp07HxJvobJqX8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASgndKBd2HeWSNrsAPmj42GGMTtzhSp11R7pPK3\nDGgu4xghrdRRJE0PuQxn3bBDBLCC8aIhTGDIhPyNzit1oL2go1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUg+ItThz/ZRXhwMErIodulUWL9eIwCgYIKoZIzj0EAwIDRwAwRAIg\nINYc069N7KoV6ck+rH0L93BySyYcfgHNzbWBVpI5MbgCIAH6SC9btcnxdf75KKXL\n4UYsTQ3lvXQOg8agepJqAUIC\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUMqp+oA4/ljs9iJ8tqGvjOS+2K/4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ0Rb9dOnewjiIR1mKpYoVGRi8tg2iGQWuDf6D3\np9loaxp1v7bjtW/6wcTxADWoH81j6vXeLZPw0SePkdZC6obso1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU+bQw2Z0XmHHxBP+SoLFQ1v7ihBUwCgYIKoZIzj0EAwIDRwAwRAIg\nSuFrg2D935DCJk1X09xcx1dfDHMD0MhY/PKCDV7wScACIGCVUkSGfYcnIU8IntbC\n25btlZtyiHZIsrTeGCH1QSFq\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBLDCB0wIUOE7esDND7xN7I5v0urqPaFDkH2UwCgYIKoZIzj0EAwIwGjEYMBYG\nA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5NjkwNTAz\nMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABFPd0zpG8jBaBxn8mn7TJnkJHmdnVfkZUWIJvcmtkzg5d7UODJnP\nqHi8qWSHDVMlz/0OzEdSKRDj47qtax+N49gwCgYIKoZIzj0EAwIDSAAwRQIgXWpv\nKyDqfRhXQHG6rN4bH0XAjpTdjECjA4zt8inU8ZsCIQDCWByrUK0j0UuQhRYSslxu\nooDTOu+SuYuMwot/dWBb/Q==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBKzCB0wIUQy8thG3W86Xbvf20WNomzttHtlAwCgYIKoZIzj0EAwIwGjEYMBYG\nA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5NjkwNTAz\nMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABBBFbJILX2d3PBOHtX6A9HFV5fu+qQYQTCshZAxD7Dfsjmqfdfvc\nJBkzR7653uKI9yyGujShVlOm1uzRgirrXa8wCgYIKoZIzj0EAwIDRwAwRAIgAjGC\nJpxHEBp/HwUsvmYQDVcOZbNJlIanPD2AZO+NsVACIH0kK3uzFooVEG3boTHwbldA\no64aShltHbAo49DtbVVm\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2952,10 +2980,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE certificate has `keyUsage.keyCertSign=FALSE` but\n`basicConstraints.cA=TRUE`, which is explicitly forbidden under\nCABF 7.1.2.7.8:\n\n> cA MUST be FALSE", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUAKU8w2x5R7nQfxRllY0Vwa4qKwQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQDTOuO1Y0ri/lX08hlGMXfOfE2JNZ1lpEiES4+\njws40oPrsDZu4zz39JGs2LudAQOTkH+wwzFu++LTyguOimCCo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUd2GtHV4MPYYah6kdq3ZgDGLGN28wCgYIKoZIzj0EAwIDSAAwRQIg\nX4Fvgks79GsJsukQaywNJw2U3ntFDBQKHiIHINrAO9MCIQDEwtxThetZQ7GnPyQ+\nl3CPkPYp+t0O3/7xSiLh94EmXA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUN9pXg14nUf9RSF9HT4WJrbRoZNUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQbpKXtg2C4mHNH2o90EU1Ezlg9MU9wY7MAA1pP\nOl90qaGhclpJQiGN0WBAfwyPXP6BYEMbpI7Q+jO4pxKpNPhfo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU7yc6jizdEcqXq9cEThS8FoxnRYUwCgYIKoZIzj0EAwIDRwAwRAIg\nMl7w07C1QU285UM/FL9AZG51GR94IYGC/vZ3x77mPSMCICyntlQFhqXlrtLFAMjN\n+CY2iBh/25geEDkLJCc2nGeD\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBxDCCAWmgAwIBAgIUOtldymL2SFqM+ChW3Fkgk+yf9igwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJczXBoTaLkg7oRrjCQZ6y26x49+eliPnRT3u95hemzF\nJU8irJMPzYUqWe6ui/EyO0/muXMMFMGJPEp3lKmQeV+jgY4wgYswHQYDVR0OBBYE\nFDQtufKpVmGTPLArB2EL4j723q+sMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw\nFoAUd2GtHV4MPYYah6kdq3ZgDGLGN28wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoG\nCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kA\nMEYCIQCAMIyNhWiPcDqHLf1LB+pK/ixGN0DLdp3yPEGsudjzZQIhAIlvlUASHGU6\nYDYaa6weQSP3K/zZ5ilcqHsJmrVyJLNj\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwzCCAWmgAwIBAgIUNd4WuHDiZel6otxJryZJI05dGUAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBNnmjygIgXu3GY4vG/SWoGNKnDp1vxcZNUbHJrBFdyI\nz4dFHf7opd3DQGVpWv9e4Q1rKE7rXl9NHLYIN1SQl2+jgY4wgYswHQYDVR0OBBYE\nFBHvPr7xL9W7KlGlWZdiPWh2f/PwMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw\nFoAU7yc6jizdEcqXq9cEThS8FoxnRYUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoG\nCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gA\nMEUCIGccCL/z5d44AxWkWE+w8vI5kIxHh6Oa1rtGtk4EPBJiAiEAs9GQv5kfGm4N\nCStYg8Ive+BxdpFfB7haKtl2gHa2vOw=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], diff --git a/limbo/testcases/rfc5280/nc.py b/limbo/testcases/rfc5280/nc.py index ea097073..2a1abca1 100644 --- a/limbo/testcases/rfc5280/nc.py +++ b/limbo/testcases/rfc5280/nc.py @@ -1257,7 +1257,7 @@ def nc_permits_invalid_ip_san(builder: Builder) -> None: @testcase -def nc_forbids_alternate_chain_san(builder: Builder) -> None: +def nc_forbids_alternate_chain_ica(builder: Builder) -> None: """ Produces the following **valid** graph: @@ -1319,3 +1319,71 @@ def nc_forbids_alternate_chain_san(builder: Builder) -> None: .expected_peer_name(PeerName(kind="DNS", value="permitted.example.com")) .succeeds() ) + + +@testcase +def nc_forbids_same_chain_ica(builder: Builder) -> None: + """ + Produces the following **valid** graph: + + ``` + EE (SAN:X) +-> ICA_B' (SAN:Y) -> -> ICA_A (forbid: SAN:Y) -> RCA_A + |-> ICA_B'' (SAN:Z) -> RCA_B (no NC) + ``` + + `ICA_B'` and `ICA_B''` are certificates for the same logical intermediate, + but chained to different logical root CAs. Both root CAs are trusted, + but `ICA_B'` is issued through `ICA_A`, which forbids `ICA_B'`'s SAN. + + This graph allows validation through `EE -> ICA_B'' -> ICA_A -> -> RCA_B` + """ + + root_a = builder.root_ca(san=None) + root_b = builder.root_ca(san=None) + + ica_a = builder.intermediate_ca( + root_a, + name_constraints=ext( + x509.NameConstraints( + permitted_subtrees=None, excluded_subtrees=[x509.DNSName("forbidden.example.com")] + ), + critical=True, + ), + san=None, + ) + + ica_b_key = ec.generate_private_key(ec.SECP256R1()) + ica_b_1 = builder.intermediate_ca( + ica_a, + key=ica_b_key, + subject=x509.Name.from_rfc4514_string("CN=an-intermediate"), + san=ext( + x509.SubjectAlternativeName([x509.DNSName("forbidden.example.com")]), critical=False + ), + ) + ica_b_2 = builder.intermediate_ca( + root_b, + key=ica_b_key, + subject=x509.Name.from_rfc4514_string("CN=an-intermediate"), + san=ext( + x509.SubjectAlternativeName([x509.DNSName("unconstrained-ica.example.com")]), + critical=False, + ), + ) + + leaf = builder.leaf_cert( + ica_b_1, + subject=x509.Name.from_rfc4514_string("CN=unconstrained.example.com"), + san=ext( + x509.SubjectAlternativeName([x509.DNSName("unconstrained.example.com")]), critical=False + ), + ) + + builder = ( + builder.server_validation() + .trusted_certs(root_a, root_b) + .untrusted_intermediates(ica_a, ica_b_1, ica_b_2) + .peer_certificate(leaf) + .expected_peer_name(PeerName(kind="DNS", value="unconstrained.example.com")) + .succeeds() + ) From 9d2d06ed88631a2fd93b61cb822e6d68a076cdd6 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Thu, 21 Dec 2023 14:16:37 -0500 Subject: [PATCH 2/2] limbo: fix docs Signed-off-by: William Woodruff --- limbo.json | 596 +++++++++++++++++----------------- limbo/testcases/rfc5280/nc.py | 4 +- 2 files changed, 300 insertions(+), 300 deletions(-) diff --git a/limbo.json b/limbo.json index 9a34efc4..57972874 100644 --- a/limbo.json +++ b/limbo.json @@ -8,12 +8,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:0) -> EE\n```\n\nThis is a \"trivial\" verification: the intermediate has a `pathlen:0`\nconstraint, but the leaf is an end entity and is therefore allowed.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUW+K3KnujEDnsxbFWG8SioNo518QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARyi2AyEPMMFpicWmPKytS7QFGB9p+W8Ag8xrxc\nokzofuQc2tvr4kcrUnxF+ex0BlnhD5BPU61sKekOwWyH/Ffvo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUl3ca490o1Q07EzF5zneTHsGWYMcwCgYIKoZIzj0EAwIDRwAwRAIg\nfpW8sHC/9EITfKrdR/OsspKly+G0sIifa5HYwXLRLC0CIF7yRpmMqeYcqwUaenGn\nsL3Ze+ikNlmZyXxZdwg+68qH\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUGV7N7zopuLciSYYan+FbXK2envwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATZKa+DPTCR48L/cfq3tvM9mqbBMTVW5/LNPxMc\ntI/ryN/jWSpNIamhb2KDo8IaGpgbM3vnJIhNuBv1UKQByuqqo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQURupJ3pDnY8cScb9eCz6fPpbfVkwwCgYIKoZIzj0EAwIDRwAwRAIg\nEp43QltsIc3Gmy0amdzsKKcII4WPQQ2yS7dsryKLHksCIGB/noaHXDFNdNwm8EN1\nWLE3DX/SIzte8vPB4NGTA/Xo\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUBQ5LZTLWWjc3Euh8hd7b6E1UIIIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA1MjQ1NzQwODQ1NjQzNjM5NTczMTcw\nNzcxNzIwMDY1Nzk4Nzk2MzgxNjYyNjM3NDgxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBB8XRU7YWhlBRHn+nEutJHJoXhxlZu1pigYtGBqUd2+ck0QFYmoGtt+0tEVi+pV6\nqdeQ7rxSxHx5Fzzh0pmUOrCjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFJd3GuPd\nKNUNOxMxec53kx7BlmDHMB0GA1UdDgQWBBSxm5ipyhEdBH7jzv0MAGO02r1+2DAK\nBggqhkjOPQQDAgNIADBFAiEAmbZYh7b+pt2fBAdYHFFyKIMH1VnApSOC/7YdxqiA\nEC4CIFI0ixnXa/nxF3O2X1w3IVhNeprPt94qmLegCHdBswsQ\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUCE5A/7u0CwmIGFg2tjEQuik1PQwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAxNDQ4Mzg5Nzg3NDI2NzE0MjYwMzU0\nNDU1MTU4OTQ0MzIyNDEyNTc0MTU2MTQyMDQxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBKejdjLrt5jMdX3j6izWWMtvva7/wKbn7f7FOyOnTZTFDE3TMsA3ObPL/JitMXjS\nbABGNu3kMz4sIuWmVOD9DGSjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFEbqSd6Q\n52PHEnG/Xgs+nz6W31ZMMB0GA1UdDgQWBBRjnVj1CBFbMUqZezmsLd04rkez8jAK\nBggqhkjOPQQDAgNIADBFAiB+4aG7kNparH0K7JFOPpC0lLpfiBCXciQLeOrCtzGJ\nMAIhAM+zQHHKSZqbzTZAPTStJSMEEMYBwgkdJWbNJ6WqdQSu\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUDnqhJlEbEFnQ3+57WUf1CP1EEs4wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTI0NTc0MDg0NTY0MzYzOTU3MzE3MDc3MTcyMDA2NTc5ODc5\nNjM4MTY2MjYzNzQ4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKuhu\n7mCwz87dxK3Dqqt1Y7ahc7nugJGgaYN3slMvP4a1lus0etXtNmpuR4k4ZrJs5L29\nLstcqAnKMbqn8w1VJqN8MHowHQYDVR0OBBYEFIMBODjEo5S7/s1YTdBj+nIfdihB\nMB8GA1UdIwQYMBaAFLGbmKnKER0EfuPO/QwAY7TavX7YMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiAsK/o81GTn/RymRXqtLJ9Og03enQ2yOTLvbmrK3oo3MwIh\nANvpBY2GEakJwNCcYIHOYVUWsb9/eWydpqUYmucpbM8e\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUXTANJHJ8T5oY1CB6Ovyeo0HRSNwwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTQ0ODM4OTc4NzQyNjcxNDI2MDM1NDQ1NTE1ODk0NDMyMjQx\nMjU3NDE1NjE0MjA0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEO1WC\nBdkusK+ua6EWTYFRokW0JsufH3jLAJAtEmXdRw5KmBAEW7l//qyWSXqow85pnduR\ncG5VmfrCz03xf3hsCaN8MHowHQYDVR0OBBYEFHBrrHcov+wk1VwhKvGslczhJI0M\nMB8GA1UdIwQYMBaAFGOdWPUIEVsxSpl7Oawt3TiuR7PyMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiEAmotRX2IGE6uTOBZ20FdOQJ4QAQKIu+0LB7f7dhSGiC8C\nIDwjTyMEn5bhoKlLsEgNcQE0tDaqtU8bwGb6WAYpNLJJ\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -33,12 +33,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:1) -> EE\n```\n\nThis is a \"trivial\" verification: the intermediate has a `pathlen:1`\nconstraint, but the leaf is an end entity and is therefore allowed.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUWyoamVCCeoEdMEe1PXpo3xeudEYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQFerw0x1UtX9klYg19ZJmTpiwcwbLFvcE3Z70P\nvuKj3qN/odthvbnEe+GtWDTkhhseyErgWyua8VbGdYbxL5xDo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU+Jdz1vjYQTnFJZwJq3pcKqvG0HQwCgYIKoZIzj0EAwIDRwAwRAIg\nL0SObWUqiDFeRP50PzubCb9cal/WEZtqMjwTJD6tWSYCIBOnSbwKiuvu4EOJY501\nLCxQtNOFrvw3DDolO8vaRjep\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUUwvVPOFZDiTXOGzJZ2Ya9t+ZNPcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATBNW1h/nG/4pCkHlIG811rMrzHr0XKxcqMQWvb\noqhRqzvhY31Ry58Xa7cqB7volpxslDos1IRqwyCNMhM4d53To1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUhEPXZpAhe6fF7Ykp8p/NkaR42P8wCgYIKoZIzj0EAwIDRwAwRAIg\nXrXURsDU+dC2KqaFks6akYz+ISqAVMlgc4mUSla8FV8CIFP1tu2Okfd5WqAKJCl8\ntsdWyi6KiPEmg/bbiope9bDl\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUWa+Q60PmDGMd8FwQ6aW7cIjgN8IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA1MjA0NTcxMDg1MzI5NTk3NzA0ODQ5\nOTkxNTQ3ODgxNDU3MDI5ODM4NzU1ODkxOTAxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBHxJMeMxtLKdIFCO9/0cx/AQzjzX1bfUIGd9whsYzMlMFGNgvIiaqKv0xu6eXOlw\ne9kUTFavpw0bxJv50F8j2RijezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFPiXc9b4\n2EE5xSWcCat6XCqrxtB0MB0GA1UdDgQWBBQ7fUt1DOem7ts+hcKsOB/8spuT9zAK\nBggqhkjOPQQDAgNHADBEAiAN+miiWqKaDASo7Ubf/4v1ayEBfJypTCINWiqFVnS7\nLwIgOx8pOeCL9lnXrLijEsoMBrxUfgM4IXqxef8Ski4bYrg=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUb+2jUkyiKNt/QWjg0W2MgYVuS/cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA0NzQxMTAxMTc4MDg5NDY2OTc4OTkz\nMjI4MzY4Mzg4MTM4ODQwMTIzMDQwODYyNjMxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBPGer/WlwUGpqqGCc3iLnd9/5Xi2llrp5iaLtgOUft5TSKfslCvQKHtYsi8jqtVf\ntlEbk+lzP9qHbQ/QDjGMMdGjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFIRD12aQ\nIXunxe2JKfKfzZGkeNj/MB0GA1UdDgQWBBTD7jgaJ9cQu7KPD9rSq4vhb1rGCDAK\nBggqhkjOPQQDAgNJADBGAiEA8cwFo2YMCzIZOAjOzpudewzlTvf+45gNl709/TiB\niCwCIQDftM4T16j+N4USlVtedCAmH0+xX6jnnPA5oc0wht85Bw==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIULEoNkSbf5h+j58MhpXZFMp3X0qwwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTIwNDU3MTA4NTMyOTU5NzcwNDg0OTk5MTU0Nzg4MTQ1NzAy\nOTgzODc1NTg5MTkwMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhwV2\nESyKwF3z4RUUNnmeFDyxgKaMFxIhaC+5EjjuW+SRUUCZWc17veODU5stE5jJ8rlT\n8zp9iTf9JOP2E8fAAaN8MHowHQYDVR0OBBYEFDsl+9QkwjOTs7s2dAtgOEJGG7ve\nMB8GA1UdIwQYMBaAFDt9S3UM56bu2z6Fwqw4H/yym5P3MAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiBv/ah2pEulbBbNLlFX4yO6CfMl2NELEQPLEVlNMNK+KgIg\nYeh69Ej76Zq4aRyMXeqt9YxhPmeEgiekvZEUxrgD8RM=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUchZhZS9lKIVUWT3ypWwBbC/MRmkwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDc0MTEwMTE3ODA4OTQ2Njk3ODk5MzIyODM2ODM4ODEzODg0\nMDEyMzA0MDg2MjYzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVne/\nJnSbwgXN/+A1/0cee4RUXfjPj2j9FEZSA/deQFldesiO1ixrSI7rhS6GYRt4nroe\njzMX4gwa67w7CfTgVqN8MHowHQYDVR0OBBYEFFhlMIaWxAycavkdP9TpXzdhbg8v\nMB8GA1UdIwQYMBaAFMPuOBon1xC7so8P2tKri+FvWsYIMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiEAqM3TKUmEy32ZXgdWBI7JuIBrdWIbITlDwOA2yXqSSBoC\nIBma5eUqGQ8lnBZoN/1oxeQtptmdLOrakNah72RBRfd5\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -58,12 +58,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:2) -> EE\n```\n\nThis is a \"trivial\" verification: the intermediate has a `pathlen:2`\nconstraint, but the leaf is an end entity and is therefore allowed.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUS6W3r+Ce9O5wgF9VaB0SpEErSWowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASa7Zn9oH+N0VjhY+hxVUGfFDVw5l8SVWMwA3hf\n+yud4dZMw+xrq9Mv866TqepmM4ULqHaB8mn6Ko+K7fzZxeD5o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUyPkWb2Kg6FOP8lSVUMxHyQUQ6k8wCgYIKoZIzj0EAwIDSAAwRQIh\nALMuGs+AotXbED71k75QKlC4Q7aZG91pVD4N8FDYMyL9AiAXTEQHu+hmm945ojlO\nJJKY5uclzYRjcA9CIklp5in1cA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUNpG6pYhUKZJMJMadXPXI4yNApzEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARQKKyijryCH0bDioAPmajDOx79MzHbNLKzQF6b\n9cZbUSALggWO5Yr1UW+b27SVKg0P1VofhNkFS53iIak0BNNVo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU/cMuSeIgcnQ7exMVlG7mo1AstAwwCgYIKoZIzj0EAwIDSAAwRQIh\nAOhOIZ1ZGbkO8bKt4QGLCCIc0focIdSZbI8LtcAs1EdOAiB1CgEDlEg6W0ps+VUK\nBiehqKCiJjXbnEC+2Q7aBedcJw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUQsM4CP2ARPdM+tHGqLlf+Fx5Mm4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA0MzE4Njk5MzIxNjU4NTc2NjIxODM3\nMzk3NjQxMTc0NDk3ODcwNzk1OTc0NDM0MzQxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBEB7QY6owMT5QW7IK+4h2GT/kBQQIFJMGQWwqf0gHiqF9DtkJ1CbxM1cJkUwyJcu\n2hC/R+1sLwNgzbZtLz0yYsajezB5MBIGA1UdEwEB/wQIMAYBAf8CAQIwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFMj5Fm9i\noOhTj/JUlVDMR8kFEOpPMB0GA1UdDgQWBBT8pSymU+6Qt3BxxDZCGTxT7lwFbTAK\nBggqhkjOPQQDAgNJADBGAiEA3WH3kzzXgTgjwjbmu3HEU/2zxAJNjw9XYj5KDTuI\nY+8CIQCY04n3ry/sxHR2uF/gAS0B06YpGrdLgy+ra57ijS4kzQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUffwjDRal5aF1LVWBuCxASb0iNJUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAzMTE1MzUzNjg4OTEyNjAxMjc1NTcz\nNzE0NzMwOTY4NjY5MTIxMTI2MzU1ODYzNTMxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBCmC38hbbqtRVdwpdpJnRpLaC6aPwITJwJpf9RW3z5QwoOjizWRoQ92wyAXIR2n1\nr0sPyvBVRfnosyGCrMq4/qKjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQIwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFP3DLkni\nIHJ0O3sTFZRu5qNQLLQMMB0GA1UdDgQWBBTYrp8+SkXtNfoLkqmZ56NC9CVVBjAK\nBggqhkjOPQQDAgNHADBEAiBQDHYZfFqt62Atec8tGvXzcwLqwmHCybCwa3BcHz37\noQIgCJDC2cPpFig2O2QkPe9fj4knujaIttKZ38o9v3/pMcY=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaOgAwIBAgIUFKEZLX+H3hi1ZrWGCPNPZUKhV8gwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDMxODY5OTMyMTY1ODU3NjYyMTgzNzM5NzY0MTE3NDQ5Nzg3\nMDc5NTk3NDQzNDM0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTIwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAmCy\n2l1eVgc2BvH/KQaJb6Bde8vOeETOVXbDVVDv/ket6sT++Yc5+ijcjXvChmIG5f4L\nOVphDV5srwHOWg7jpKN8MHowHQYDVR0OBBYEFMxlmqHfLmeaNEnMRuTVmJ7fRfIy\nMB8GA1UdIwQYMBaAFPylLKZT7pC3cHHENkIZPFPuXAVtMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNJADBGAiEAwDb2i1CkzZGZo/Ii1GMmxZWd3je5vNTWu0fL7MkjL50C\nIQCnFMdMB271qA3lOe60FJmSSAWy0TSvhHuQl8h7cPkFEw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUVKavDq6CMYSoKAmXzYKojVAF5YEwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzExNTM1MzY4ODkxMjYwMTI3NTU3MzcxNDczMDk2ODY2OTEy\nMTEyNjM1NTg2MzUzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTIwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBOnU\nLhusMbGoLI2+vGbS7GtcwJuAFvodQtWG5CMP8Dl16NqhfvsCZCyYCUHvdAUK9Qb/\nXwqmGIJsJRBdvFswt6N8MHowHQYDVR0OBBYEFEFieAO0pEsm5YxA1x6leYrXJKiR\nMB8GA1UdIwQYMBaAFNiunz5KRe01+guSqZnno0L0JVUGMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiEA4Rr5KKGSF/qf7tfTiG4uYqISACW55/YqTCbA2MVCDOYC\nIAEEsf4WY1C918iuXLF1y92uTRJRa+SV6Yezm91/QvfM\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -83,12 +83,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:0) -> intermediate (pathlen:0)\n```\n\nThis is, unintuitively, a valid chain construction: RFC 5280 4.2.1.9\nnotes that the leaf certificate in a validation path is definitionally\nnot an intermediate, meaning that it is not included in the maximum\nnumber of intermediate certificates that may follow a path length\nconstrained CA certificate:\n\n> Note: The last certificate in the certification path is not an intermediate\n> certificate, and is not included in this limit. Usually, the last certificate\n> is an end entity certificate, but it can be a CA certificate.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUOsDaliV5YXdLHs96Ys1GUSNRRvIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARGuYewiwFqYWgBrlvcZNLC0tHC0aNZpoU/JBdA\nkif+QNHPCTwm1XrgfOnFWsd0XR0PlGXjUa/APCxs3IIHQgRqo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU9ZrTaRJuEtuW5UkYxUnlEYjq474wCgYIKoZIzj0EAwIDSAAwRQIh\nAN8j2uO4jJ+EkL7hfzhaABNQB7E8D0gDq8ah5OPpjUnNAiARlMiRtp7EQtrDRKIk\nFnI0FYvKDIQFeHjzsCK9yueSVQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUPATQontCiNB2tlmfbRJoEv0X3KIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATqtPCcTVL1kN6/d4AqXJE1rHQwJqVTJ0WENBQ5\nm82oI/SflM6kXOds9A9boibI6AdYpV/Hgi4+eFhCxpZ4czsCo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUWJ7Vvo8CLVKdcPsjjU3q9DHWqPswCgYIKoZIzj0EAwIDSAAwRQIh\nALKYbMi7/M8hxjn5o8O08sW3dZE0m4X+J82P3Ty1oXxXAiByge85KLlAyziWFqqF\nGIz7Sk1g5Q1KB1DWDB02eBW2Ug==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUBuXI3KBzWi/zxbn0cNYBpVsEeM0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAzMzU0MjIyNDkzNTY0MDA0MTQ1MzIy\nOTE4MDQ0ODU1Njc4NDU2NzU4MDEwNjkyOTgxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBJjHWtCJu4YxgFgk+KThBRU00a5D3JR+bEXeGzE4yLD71Xs62VLxNVazG1IBbSvi\n/qELAJdyiXNliwJ2ja51IimjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFPWa02kS\nbhLbluVJGMVJ5RGI6uO+MB0GA1UdDgQWBBQLYFxxAkC/W8l9qBhg2QLGaE72ZTAK\nBggqhkjOPQQDAgNIADBFAiBSVihuE3zDSMlb49XaFgIlRaHONUlqTfinG312opuh\nfAIhAKwpPkvi4t/+Oo3m0g+3Se+F2tyizpMxqRHHYOKkf3nU\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUU4vSsWWXxlrn7LMLpzurvAybWkMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAzNDI2NDY4MjM4NzUyODIyNTEyNjc5\nOTk4ODM4NTMxNjA4MzY4NDE2Mjc3MDQ0ODIxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBDckMaumz6Bb5VkWFGl1j5o51prore/YK5DZLv8l2v2NMhCpWJlf0QG5troU/exo\nB/a7BoN5SjnQ8wRYd0PVtTGjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFFie1b6P\nAi1SnXD7I41N6vQx1qj7MB0GA1UdDgQWBBTWOgkg238ZWQmWfxjZhgvNcqhHtDAK\nBggqhkjOPQQDAgNHADBEAiBcldwjwzdiVJG3yWtifKpoOh1Ntq9GgLDQx5KJUfsP\ndAIgPDxE2xn7EeUXVsNNz4i3DCyubB0od1G1UkrL/kghed4=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICTDCCAfKgAwIBAgIUafeRvvN4kewGZl79UglDv6CYF7cwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzM1NDIyMjQ5MzU2NDAwNDE0NTMyMjkxODA0NDg1NTY3ODQ1\nNjc1ODAxMDY5Mjk4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGYxODA2\nBgNVBAsMLzM5Mzc4MzEyODA3OTg5MDQ3MTgwOTUxNzM1MDU2MTc3MTY0OTU1Mzkx\nNjU0MDkzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRobGVu\nLTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARSl5w2+CSXN2vYGwfsucK4B7Dx\n7v8vhv9VcVIELsHkB9+8AYP7onWrLnO2NN2C3tsLtaH/Qm/qPkLYaTBFWSBso3sw\neTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtl\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQLYFxxAkC/W8l9qBhg2QLGaE72ZTAdBgNV\nHQ4EFgQU9oSnMpRd+MlOCb0Rq0bhCgEFVP8wCgYIKoZIzj0EAwIDSAAwRQIhAIlG\nM2NZw0QNguYIPbGDor4NRxYVOCZCOw4vcp4OpM8MAiBAi9U9XAT2pmS+Q26QJn1r\nsGE2rBx7iFdbaD0YE5NGSw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUY2HeJ01d+g5lFyQmpeIR/G8Xpy8wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzQyNjQ2ODIzODc1MjgyMjUxMjY3OTk5ODgzODUzMTYwODM2\nODQxNjI3NzA0NDgyMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDQ3Njk2NDM5MTUwNjAzOTEzOTMwNTI1NjgzMTQ2Mzc4MzI5MzcwOTIy\nODY2MTMxNTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEm4YX186JHb40qLs1tWDjyVTQ\nNlWCm2TWz4Jv3WNbSkpi9yLGwSQIfrwZVj85A7IJCr9ddaJxJ6PVeiRkuLqSuKN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU1joJINt/GVkJln8Y2YYLzXKoR7QwHQYD\nVR0OBBYEFAScrEVpZVeXMuGRi3cdVJu3mo+JMAoGCCqGSM49BAMCA0gAMEUCIQCI\noOCt1VIJrmGgAvLR8ImSR3cgisFLwQkTwqIvo0ct1AIgJrXrVjNvUJBK6V0HeRiJ\nSAjUkYAcPXzoF4xhEJGh6g0=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -108,13 +108,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate (pathlen:0) -> intermediate (pathlen:0) -> EE\n```\n\nThis violates the first intermediate's `pathlen:0` constraint,\nwhich requires that any subsequent certificate be an end-entity and not\na CA itself.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUcfZokWzvvb9yKk0+yUt+iTlVl10wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATdFHGrIu3VxGCi8e3bkNwoyC1kKlSQ3gpupc4l\n67GU11dTAbqechSunRFVJ9JVWhu2dQUXRtiwwbVBxrr1de1xo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQULp8M8mOsRNQd54S96DvhOC0/N2owCgYIKoZIzj0EAwIDSAAwRQIh\nAPdePiXmIv5nnDdSGwT3Y+0uhp5JxEl6/6xRgmQQ/yQWAiA9N9djZyHGd29x+9MD\nTnxuMS/naBfof2/xRhxPpU5Cqw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUU3C/tow4Rx3lRLGyovXYobwdnA8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASZxnepaB9maLiy23wSOEGbnXpzw/HPZaS0I9Cz\n/2K7F5b/IzBPFwFv1K4iFEyyuzbbOD1vinopX89ziVHi7n62o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUjvjjU/lqy3dXvJTJYTeL/rTkq1AwCgYIKoZIzj0EAwIDSQAwRgIh\nAPR1RcpzufWELkIyREnFFsMoOI+tYyw3amnF8mvxUoGQAiEAkvE2E9oRPf5Z1gzC\nKo16nq5xSLFj0nJGTYZfvmwfS3M=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUfr3aWL/Qk5PbBMXR3vi8N3bnpTAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA2NTA2MTEwNDk1ODU0MTM5MzcxNzAx\nNzg3OTUyMTI2MTc0ODkwNTQ0MjQyMDkyNDUxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBIQqyZ+OZxZtsiU2vtpAo9COkaVFmVzfedMePfni9O2ul+kpk2I3+TKxoPExg83p\ncusyVRjXIHAURPFDBGhObRWjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFC6fDPJj\nrETUHeeEveg74TgtPzdqMB0GA1UdDgQWBBRtrKoXLPU8SzdAej+NxgMtiMLRhzAK\nBggqhkjOPQQDAgNIADBFAiABUoOSTEug2V6c0R/Sbcd2AiM5SflGUQv3OTQP5DGP\naQIhALxPjCS6XfnsAVoJYXlCZLaKUYvZB27zk1nAUa/au4Z3\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUcHgKYXy9WxAw3GkCHdM0W5uds10wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNjUwNjExMDQ5NTg1NDEzOTM3MTcwMTc4Nzk1MjEyNjE3NDg5\nMDU0NDI0MjA5MjQ1MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDcyMzU2NjY5ODY0NDQ3MzAxODc3MzUwODkxNzQzODY5MDk5NzMzNDI4\nMzEwMTQ4ODEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErJGoJmUDVeBQ/wbZSDXZj8Hg\n320Z2blmc24jB36+b99H/uJ2uL7McNH9L551E0vsz5GM6K37qXAX9+swE6BIQ6N7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUbayqFyz1PEs3QHo/jcYDLYjC0YcwHQYD\nVR0OBBYEFNa7uLjNS/iA6ol496XbYZ/LKAQ3MAoGCCqGSM49BAMCA0gAMEUCIQDF\nwx/lMzH61WRU1A/gi4JeXQIOIB6wQIndPtDo4Nd02gIgaE6sDd5oRb7ayM6fAVAo\nFc/joRXhKN6gV0ULDLLBzD4=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUFwa5Z6LDlQ0EYoBlMJZmMT7dKQswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA0NzYzNjA2MTgwMDUwMDE5ODY1NzQ3\nMzI2NTU4OTc3MDEzODMxNTEyNzc2Nzc1ODMxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBLIiCfEmbP3jjMNetvTbWQ5FMRwVn//zhG55SbNSFTFmFw0V9fsB8KI88DS9w7IX\nOg9DRwa/UAJcNty2Fbt+C1WjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFI7441P5\nast3V7yUyWE3i/605KtQMB0GA1UdDgQWBBRBxmhn/FvClQW0BBL8DkgY9lvygTAK\nBggqhkjOPQQDAgNHADBEAiA/WfT+C5aqxDP0ldJ27o7wbS9cOkcd9DEwlnVgxRX9\n3QIgN6Jld1DopfrNttXvkVfRWPj4eQ+armtOwbWd2vvDFEQ=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTDCCAfOgAwIBAgIURp4fFtV1g/lA9Oo+aAjv6MEK024wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDc2MzYwNjE4MDA1MDAxOTg2NTc0NzMyNjU1ODk3NzAxMzgz\nMTUxMjc3Njc3NTgzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDEzMTQ1Njc0MzIzODQ3MTExNzYxMzQyNzYyNjMyOTQzMTM5NDk1MjI4\nOTI2NTkzMTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvtJGgIQ0TjCPlLwGAWfJutt8\nnaHleB69LJm9wGHnKigssN5x0m2hovu7FxiiE8sme7av6UYaBR2bpdgAKnFU6aN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUQcZoZ/xbwpUFtAQS/A5IGPZb8oEwHQYD\nVR0OBBYEFGYy8fu8tnlT5fG5g47qPNjRQJ6JMAoGCCqGSM49BAMCA0cAMEQCICEn\nUaIFOc+jlUgA2UE9Bbbtci3q/EnddWjCIlnuiU5qAiAZYraIJTeTvtsuiGqagzEA\nkKNFqPAqA10CwUwY065n+w==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIUGuaWnQn0yjgxIToUJWL32gdIBt8wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNzIzNTY2Njk4NjQ0NDczMDE4NzczNTA4OTE3NDM4NjkwOTk3\nMzM0MjgzMTAxNDg4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhIHV\ny67D6WrpkIKfmbBUxOTqxGmyPpfa8zg+4O+bL/F6NZSDDUrY9MvEdP0SYifMg7Pa\nKasFvRubhjK43HxfkKN8MHowHQYDVR0OBBYEFPXI2R/qH+f0bByg6H7O39fCziIC\nMB8GA1UdIwQYMBaAFNa7uLjNS/iA6ol496XbYZ/LKAQ3MAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiAC+Fm3Wf5OUT8mlGVN1WDgKznMYG0haExw/XUf/AjdGQIg\nCVSQ55dueFEUbW6VXAC5qF8egloyxKtJwyDYDkPl8Y8=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUMns3JQP5KHojRccI/GqHmP9MHCIwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTMxNDU2NzQzMjM4NDcxMTE3NjEzNDI3NjI2MzI5NDMxMzk0\nOTUyMjg5MjY1OTMxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYq28\n9ahgXiZdbYzB8rvecgyc+JSoXuXdk3mIfzT6rk6lfhB+GyqLRIebASN0g17SUDq1\nF4Mc0MKmL2OmNTCCFaN8MHowHQYDVR0OBBYEFMuFsZPgJLL5IhswF68TH7wxPGmY\nMB8GA1UdIwQYMBaAFGYy8fu8tnlT5fG5g47qPNjRQJ6JMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiBAyCZSXGfWUUHXwortrpjevxy0cqtk3SJqavP5TH4dhQIh\nAObncFNB1yhVl/YmBw1WZbgOHOc9ejBmEKKQDAYNCZHn\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -134,13 +134,13 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate (pathlen:1) -> intermediate (pathlen:2) -> EE\n```\n\nThis is a less straightforward case as the second intermediate's `pathlen:2`\nconstraint seems to contradict the first intermediate's `pathlen:1`\nconstraint.\n\nRFC 5280 permits this as part of supporting multiple validation paths.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUPH99BXC/dCD/7PzXvFm7RGdaBdYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATXJetHjIIq0UdzlIeZeCZaB2hco6kzp7pI7qT0\nGqBtPFg0OiX1QfWvc5T7vPkyjDSNj6jY/EY0oMfxI0u+eeITo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUpHOYQNFt9Zl0qR0P9jbTJT9fl2swCgYIKoZIzj0EAwIDSAAwRQIh\nAOHswjrKXDdZ04438Gu2DHpNVP08sR4PrjOjf02YX/W3AiBWVwgWMPyp6bqD4YBJ\n7gVS8S5WA9oAgh8rJq5s4Pj//w==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUJdDZMUsYqRJlSmf7tX5T4afHKj8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARe94PZ/r/kX4MxgHl33hwpO5Tvb3fIohXJNENH\nu9YPBoAUDn1XuKhKOVM/99T7ef4SS62GE/soGOmL1GugzEAao1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUeOz9KwcW+FLs8WB3MSCofbN0XHcwCgYIKoZIzj0EAwIDRwAwRAIg\nRVgtMoeoKNINFDIbY4laOyUzz1qhm3ZzlUmt2m7jlskCIHAESvXvapOmmmWJhIp+\nJcC0RXN4GYOFPJmwd3UQ4Xbz\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUFkJ0h0iDNq219JGdqUggx6fAlU8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAzNDUzODI1MzE3NzY2NjQ2ODQ4MzAz\nOTc5NDYwOTkxNjc1MTM2NzIyODI2NzA1NTAxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBJrRFuw+lKTDw3kl3KIRwvZcsnGZrt9YsY86DdmxEiyPEfnInePJ9NR8M8Npns4p\nSsZougPLsx9hUmlF8q8vxvujezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFKRzmEDR\nbfWZdKkdD/Y20yU/X5drMB0GA1UdDgQWBBRNIZAJTRhpCOZlb65ONzxD4KU/hjAK\nBggqhkjOPQQDAgNHADBEAiAzrxykLiPng2G32eVdHtz1JkWPI5Pj4zflc3OCY7pW\n+wIgG7udWwo7bWXagZSAGbKJ4CctxsVNs4yO470ntBBHHX0=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUNI8D1yUvp6Pt23j0ImgerAHXyocwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzQ1MzgyNTMxNzc2NjY0Njg0ODMwMzk3OTQ2MDk5MTY3NTEz\nNjcyMjgyNjcwNTUwMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDEyNzA3OTc5NzIwMDkwMDgyNDc3MzY1OTI2ODQwMDkzNTg1OTM5Mzk2\nNTEwMjQxNTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErI7kU2igx9FcZAWlh+p4gDjy\nHXfsN+wcNkLETzjgRNk5JX04GtVCrXyyO/XQ0jZhLVGCn5+rSUDqS+/N3v4DgaN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBAjALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUTSGQCU0YaQjmZW+uTjc8Q+ClP4YwHQYD\nVR0OBBYEFImlvgtviNlCCt9//13UNmD7F7WcMAoGCCqGSM49BAMCA0gAMEUCIHpz\nnSSc142mDZLwIcZ8ZUtcJNcxaJe8l1+GOTUNmimvAiEA5VGV2F2qjNKnPZlByzty\nw57kipNEdzZWyDAkdUVOcZ4=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUD7XEr8hprmyBsn+GTkZ+aA43UxMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAyMTU4OTAxMzM2NjE0Nzk3NDcxMDI3\nMjQxODYyNDAyNzk3NTM0OTU2NjQ4NjM4MDcxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBNGLsVOdI+NAMosgkkDecwZ8VA8rUnQu9uswbIQSwP7myJ8RsEp3ng7iBPl5HAgT\ndcweW/u1Okk42RWW0Smy3KyjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFHjs/SsH\nFvhS7PFgdzEgqH2zdFx3MB0GA1UdDgQWBBSlHGDEr5fmazuoGzqcrcDuBgIOBTAK\nBggqhkjOPQQDAgNHADBEAiA1vclJs4POxiF6otiXi72mqxa3VsHEePo6RFtsTs/C\niAIgNfIfyOXvKDmEyOKnZ+tntA2skg06LrZOQ2rtsBdtzj0=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTDCCAfKgAwIBAgIUdwwQX9ZwzBSZbTDMwR/iBw7JSkQwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMjE1ODkwMTMzNjYxNDc5NzQ3MTAyNzI0MTg2MjQwMjc5NzUz\nNDk1NjY0ODYzODA3MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGYxODA2\nBgNVBAsMLzg5Njg4NDMwMjY3MTQyNzk5ODg3ODcwMjQzMjQzMDI5NDgyNDIxMTk0\nNTQzODkxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRobGVu\nLTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARmpxZjhoomxUlYJ5TydbQskCoC\n9D2QaSAko70Nm5OnP98ZmmhBe6cotwgeS0w/rNz10yj/4VFDHl0F0IyZflbto3sw\neTASBgNVHRMBAf8ECDAGAQH/AgECMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtl\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBSlHGDEr5fmazuoGzqcrcDuBgIOBTAdBgNV\nHQ4EFgQUDtMMBlxbp6UcAJnzOqheu51OCRcwCgYIKoZIzj0EAwIDSAAwRQIhAIZE\nugvymGho4AqFl6+TXe7wUIK6kxfKCVRW0h8W0lgjAiA0NKGlV5K9KlCuY6wiK1et\nBiSZ5E91qjoqMZHLkrVomQ==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIUaNUnZTX3ibcCL9+BJT3u7KsWaPowCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTI3MDc5Nzk3MjAwOTAwODI0NzczNjU5MjY4NDAwOTM1ODU5\nMzkzOTY1MTAyNDE1MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTIwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7ZXm\nwikEq1Lfk08cTyf8yVviWpNcHxI4ZY+g1ED2mlgOnGKtEV+x2stdoo/n4H8j04CG\nsGatx9lpbXc+0fvKZ6N8MHowHQYDVR0OBBYEFAk114IiE9DgD1i31dcZKCRpMsCX\nMB8GA1UdIwQYMBaAFImlvgtviNlCCt9//13UNmD7F7WcMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiBc/LZ2mrLfHyGXchRp+dZfJTm/5HOnXhxaE5Rx7FsxawIg\nea30hokRkRF2TZwglw6D/Iv2qxyw4eO/SmsM+nqNSv8=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaKgAwIBAgIUcxq6hJtGoTok+RSJHMU3MSqJGXQwCgYIKoZIzj0EAwIw\nZjE4MDYGA1UECwwvODk2ODg0MzAyNjcxNDI3OTk4ODc4NzAyNDMyNDMwMjk0ODI0\nMjExOTQ1NDM4OTExKjAoBgNVBAMMIXg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tMjAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIG\nA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARrjVEw\nS6yY2mQoMLE2ps09QNb/VTKDUonlOrU4hANCw+eaVzY1sL2d8x1fg2AEM+Vc+I2k\nyXlTGHf/mU2oGnZOo3wwejAdBgNVHQ4EFgQURjxv48v9wKUfdWEQaT2x5K7PlR8w\nHwYDVR0jBBgwFoAUDtMMBlxbp6UcAJnzOqheu51OCRcwCwYDVR0PBAQDAgeAMBMG\nA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqG\nSM49BAMCA0kAMEYCIQDEtRE6aWcXO21D3KhEPDoNr+cc00vcHGFGEvm5FVLQ4gIh\nAJPS2hVgbJGy4rSQ7yNB22zC+OB2kAl+Yy8rg1MW8+Na\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -160,14 +160,14 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate (pathlen:1) -> intermediate (pathlen:0) -> intermediate (pathlen:0) -> EE\n```\n\nThis violates the second intermediate's `pathlen:0` constraint, which\nforbids any subsequent issuing certificates (which the third intermediate\nis).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUFKKuPx+/XR70WwZv1hEMJmXyn/QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS+RXFXo7N2zPiYuvyZta02aH9rgEQFcbLsX3PQ\nr8VacoFVbCh8/p01BABr272VY7lY4uOBXV/N1ewzTb+EewMzo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUm3UuKRd6ieqGpA6qJ7eaXnORgDswCgYIKoZIzj0EAwIDSAAwRQIg\nW9/CLR1JvR9qWYxUb7UVUMVYypNmKvPCmPmT93GELYECIQCOeM4/j5bb8ClsRD5E\nQkerxhRHNLQW3uTyugzHga1JIg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUEANjfoWjkuNUSKkAUxbKmEk61hEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ9J3dK+h2PcypEU2eK3wX9g6CVrCF4W2jpuGPB\nuxWiX9ogoyNM/x69t9o51RDivWOOTC9xCSRA2dgoXxcoiKtjo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUIRGZpbk0v5qFO+fOT5Uji4tLECMwCgYIKoZIzj0EAwIDSQAwRgIh\nALF+clgqA9ohBzYukZ3Jgwivdq7By/7BzMkVy/9O8cTMAiEAgx8Ziu+7esB/mZiT\nwIaJDiDIncVUXtcdJNbzp2omRt0=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUVNfmCH/6bUHVyOewNo/vZgzKMlEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAxMTc4MDc3MTUxNTYzNzk2NzkwMjE1\nMDYzMTg4ODA3OTQ5OTM5MDg2MTI1MDU1ODgxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBGjwWisStVbuMhwv8xSqeAFEegutzAOCbAqx6RcAr9GWlKKJK1tJbe534l27W9hu\nyTJoAiif0HQhUk1QjEwrDrOjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFJt1LikX\neonqhqQOqie3ml5zkYA7MB0GA1UdDgQWBBTzeO53Fi6QaogWCvkq8mZm7pQLMzAK\nBggqhkjOPQQDAgNIADBFAiEA/IOnOrIpHgGve+3yeh35U2jnxCHeE/ddCtlNHB6B\nqDoCIDTFaBTyp4C8PJv2ZIO28Z2cBptj3D5jiS9FUzyi+jZ6\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUR6kXgFfzQlthFFJLw9oJqBrVDxswCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTE3ODA3NzE1MTU2Mzc5Njc5MDIxNTA2MzE4ODgwNzk0OTkz\nOTA4NjEyNTA1NTg4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDQ4NDM2OTkyMzY4NTAyMjA4OTkxMzIwOTI2Njk2NTc5MjAyOTYzOTAy\nMzY2OTg0MTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEajWhznrxmGGgKjQrMoNK+kjg\n2CpC+v/kwWoLlpoYs+RJhd3JrNk9hbkpsJ+SySGVKa0zKCAC+C30Dt+WyPTuuKN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU83judxYukGqIFgr5KvJmZu6UCzMwHQYD\nVR0OBBYEFFuR6Rsf6V/7UBU+iIzcwafLRzn4MAoGCCqGSM49BAMCA0gAMEUCIA1+\nFDM9XN1Gw6SeGQT++j/99t7zqFF43Lc7Ic3cZ//UAiEA5/pAb14fd6LKJSuJHHTv\njTH0rkJr/UezB1Cf7hGjLsk=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTDCCAfOgAwIBAgIUbJrzyGsLutOjEtLvygEkVH1q4dEwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDg0MzY5OTIzNjg1MDIyMDg5OTEzMjA5MjY2OTY1NzkyMDI5\nNjM5MDIzNjY5ODQxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDQwOTEwOTIxNzkyMjY2OTU4NzU0NjAyMTgzNDMzODc3MjA5NTgxNzA5\nNTY0NzAwMzEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELzF4eduqxKpEXk07Yct2h4ew\nTk+68b7WUbE/lsZBZOTqZhFLTtTlp7HVXbIG2UgomeFD+KSomnzvmtYUrSMecqN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUW5HpGx/pX/tQFT6IjNzBp8tHOfgwHQYD\nVR0OBBYEFCT+TYEsKPjlbotE7+2XMGcMwnbLMAoGCCqGSM49BAMCA0cAMEQCIDG4\nNJLy/4Cs6fGADwHnS4d33p+GsIsJixgHvW6Gh7iLAiBfKK/qwUfbQvVrpxjvkQWS\nIxEJXGNC/F8XCLTC8aNGkQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaWgAwIBAgIUOIHa602e/ZOGEpERbgdiHGQRyFcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBmMTgwNgYDVQQLDC85MTQxOTQyMTczODI5OTE0NzYyOTgz\nMzkxNDgwMjMwODMwMDQ1NTAyMjM1MTg4OTEqMCgGA1UEAwwheDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi0xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\ndg40KBXlGcEyXg+/Gj4ix7BPwsQSwlJ7JBVVfJAoP3o91oLrAk4Pl+9qQGXpp/Ix\n9k0Ri3hJ86PztsZgKj6VZaN7MHkwEgYDVR0TAQH/BAgwBgEB/wIBATALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUIRGZpbk0\nv5qFO+fOT5Uji4tLECMwHQYDVR0OBBYEFGg4PmUCQGl2unvUPlO2Ywx4O5yAMAoG\nCCqGSM49BAMCA0gAMEUCIQDN0jXvjCKgYlyN2G39cBNMu47mlHsUxfvRLlMYtjSN\nOgIgSE7sjsHU/IWAGh483VyVzViwaf3QVXJX7zCM/uxhHU4=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTDCCAfKgAwIBAgIUIFoJ/rVXcjGS5bwdv7VsYGEP6xkwCgYIKoZIzj0EAwIw\nZjE4MDYGA1UECwwvOTE0MTk0MjE3MzgyOTkxNDc2Mjk4MzM5MTQ4MDIzMDgzMDA0\nNTUwMjIzNTE4ODkxKjAoBgNVBAMMIXg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tMTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowZzE5MDcG\nA1UECwwwMzIyNTk5MzQ5ODQ0NjEwODk1NjEzMzcyMTE4MjEwODM1MDc2MTY1OTkw\nOTkxOTU5MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRobGVu\nLTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS0iCZzS6ceBzTzpm5JdJbxrLvJ\n/q6BpG4cKjBORwUZsMTIVyCk5g6f0D27R34+Yu/0ppJ0CNSjRbP23kYIzSAlo3sw\neTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtl\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBRoOD5lAkBpdrp71D5TtmMMeDucgDAdBgNV\nHQ4EFgQUd05++bI9iweALSkmGRA726+Mq0EwCgYIKoZIzj0EAwIDSAAwRQIgUxWG\n/jwzYEvr/DPPuBQKzTBA9uavWbKgU39KRhHCmyQCIQDuE/lnx4bjX6jhiDjtX1RB\nkbkJYGcHd/NWT4YxWGdKDg==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTDCCAfOgAwIBAgIUerYp5Uqp6J1ZvquLWKSVRWoQ9VswCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzIyNTk5MzQ5ODQ0NjEwODk1NjEzMzcyMTE4MjEwODM1MDc2\nMTY1OTkwOTkxOTU5MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDE4NDY5NTY0MjQxNzU2OTUxNzgwNDg4Nzk4NDMzNTI0ODE5Nzk1NjIz\nMjI3Njc2MTEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvRaj4H4SK8M+hI9hPGNz+34M\nCCKAPwcR1IrSUxUBcKJjGxCgBvTGsZDhmBHYx+ZPHn/elMm7qXQu1UkatV7exKN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUd05++bI9iweALSkmGRA726+Mq0EwHQYD\nVR0OBBYEFDnjhsKx02h+tPEotn3Sgg9TnydfMAoGCCqGSM49BAMCA0cAMEQCIFJu\nUGvhYe6JG5Vt3kXoFpWIU+lbCaW2VZBo31yX+4bBAiBnsZ94PEua98/y1dBvSqUp\np/C/y6oT0xZZ/AFeCD1eVg==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUGz/kEymXrN6V52vqDQjTL1yzLHcwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDA5MTA5MjE3OTIyNjY5NTg3NTQ2MDIxODM0MzM4NzcyMDk1\nODE3MDk1NjQ3MDAzMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcZok\nB3EllwNhUMlSUIkoGuVoSv/Ml0mwZOjKYvqTwc8S1aujh2UfoJ7k0QOldymwmRbj\nPtc8+xcUDeeM58wlIaN8MHowHQYDVR0OBBYEFNia27pQfaO82dAqfptY4n+qySo+\nMB8GA1UdIwQYMBaAFCT+TYEsKPjlbotE7+2XMGcMwnbLMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiAFm6BVz++8/mnqkXRnMhAOqUnR0K+2BZ/qDwhHN4iW/QIh\nAJxTYiyKflZgGpUm2dEl7NGqFcPnyA48DEMK4qeOA0GL\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIUBgDxIL4ZxLq5wM1T+nyWn3CYTkswCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTg0Njk1NjQyNDE3NTY5NTE3ODA0ODg3OTg0MzM1MjQ4MTk3\nOTU2MjMyMjc2NzYxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEthsY\n7PEGZVWej8bJIGvOPUv9+04UoKVrSICexPOwLe2O4fR4IqY3vj7cxr560HQWH7EL\nQamF2lreQNPvfb44Y6N8MHowHQYDVR0OBBYEFCcxEU/DRsnYaO76h4Zc5jXGsgRJ\nMB8GA1UdIwQYMBaAFDnjhsKx02h+tPEotn3Sgg9TnydfMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiAk8nTFNdI+XkuC9AljsglzcjqkuJs9EiXgNh09LUIY/AIg\ncz4clQPTWqZjh0eOG4hBw5PPPMxIxzwDERlu/5ePD0A=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -187,14 +187,14 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> ICA' (pathlen:1) -> ICA' (pathlen:1) -> ICA'' (pathlen:0) -> EE\n```\n\nThe second ICA' intermediate is a self-issued certificate. Self-issued certificates\nare certificates with identical issuers and subjects. While this chain trivially\nseems to violate the assigned path length constraints, the RFC 5280 4.2.1.9\nstates that self issued certificates should not be counted.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUGDIa3bpzQ+1+MOi+0ojihQHYV3QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQnQYS8VwvedMQg3lFx63ToFML1sjMi5xt49XeP\nl+KzXYZWttcWUfrDauN+i6bnU57i4mRBBxuwAG6nDc5ZOzaro1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUKREIGpWOpzVqAluLXBrgiPa4yMswCgYIKoZIzj0EAwIDSQAwRgIh\nAIIK/AW0rIxry9bYqq3GAfgKtEuYJx6uk3rRT2j6ydL0AiEA+bhsF5h/DyDoExhZ\nFn4ECHjCcTj2CoBbOT2u66Re/P8=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUFsqHtFduhlUjbXjcrYfsHRZIesQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATTAH/Km6V9uuGT4SjiowPbpwX2QzPW5zOokgIc\nSfLkg1G1ec/2ZWuUwOxQ2pwOUmAZq6ApdosStwsxqojbiSvAo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU18PYSO8pme0y7n4QYCj2BzLlWnwwCgYIKoZIzj0EAwIDSQAwRgIh\nALDJUY3oh7WpvXMaRdH30PMqRXIONBoxY1Vm9OK3jw5yAiEA/kYTZDui+l3dNtf9\nWjWIwuSSs5zge3pt0FherxmkVdo=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUGH1gsJZuZw6CFaBhk+dMuHeReiQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAxMzgxMzMxNTYxMjkzNzA4OTQxMjQ3\nODM1MzM0NzM4MjE3OTg4OTE2ODkzNjc0MTIxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBFo/JydnQbEjWWC0dkJ0f202Cwavqr/tn2cN4W8VMxx5O8AStFdaLzaNzGChI2mC\n04JLw6CdJb5l6/5AI2+I4OSjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFCkRCBqV\njqc1agJbi1wa4Ij2uMjLMB0GA1UdDgQWBBQqTU5PdTL6Z05d0iu2j1cGz1xSWjAK\nBggqhkjOPQQDAgNIADBFAiAG44RY/TV0eMGpxalNoqDz3vJAbODb0zVytSaorFNn\nyQIhAPHTXi6bxPtqRm658aoVDu8Ja6nGZ9KCYbwr6MukS1Jx\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUQMV2ssT4Gm4B+H72qS25jezMjQ4wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTM4MTMzMTU2MTI5MzcwODk0MTI0NzgzNTMzNDczODIxNzk4\nODkxNjg5MzY3NDEyMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDEzODEzMzE1NjEyOTM3MDg5NDEyNDc4MzUzMzQ3MzgyMTc5ODg5MTY4\nOTM2NzQxMjEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwNBXY6+mfeT/7E8arkVxS65R\nZMp7cVHd993bj7S5v86OyHBp9L8VnZXAN5+KUCGzZyQ3q9zM/iY0nCNIBWacBKN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBATALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUKk1OT3Uy+mdOXdIrto9XBs9cUlowHQYD\nVR0OBBYEFNv0qt0tw7wNOhdbeonBr00x40GbMAoGCCqGSM49BAMCA0gAMEUCIQCN\nh8EgdVsmeqKLO5lhBXxGHQGcvQPAng5269TnODdVDgIgK9IJE9JxiEc3//CpbAy6\nRrkXUa8ykN6BIXQ1Va/L2DU=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUM4MowYEdAWgZRtq37szzIcG8kuwwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTM4MTMzMTU2MTI5MzcwODk0MTI0NzgzNTMzNDczODIxNzk4\nODkxNjg5MzY3NDEyMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDM2OTc3ODk5NjIxODY1NDQzNDc5OTA3MjE2MDgxNDQ4NjA2OTI1OTk3\nMTM2NjE1ODEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFQE7XnzW0mt0BbkVTXPiN0qZ\nsMVZjI/+BBjvWhOYJlO3yNPmcNvl+DqlhvIHJr4R2FvAEhMy81W0KUV5TExks6N7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU2/Sq3S3DvA06F1t6icGvTTHjQZswHQYD\nVR0OBBYEFNpJPJgfb486cmfrRiAb7e7sQpb5MAoGCCqGSM49BAMCA0gAMEUCIFUk\nmZwcHBb29MRPSnRIdOX2XLH4ntyFxLTplm48CDMZAiEA0auSjzPdMH0RMRZu+HMI\nRomtKL+4flmclFji1KbWSqk=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUPnPW9lAuYO5dRmUCIp5q1DGynrAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAxMzAxMTQzNjkwMTM4NzEyMDE2ODU5\nMTE2MzIwNjc0MTg3Mjg5MzYwOTQ4NTc5MjQxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBFWLP2AitojERQquJaia714CGopFEUGqdJukJRFMnUSJafGFLN/PjROIjVUfyhcl\nHbQeEbW/twtUT7pCrl9//aajezB5MBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFNfD2Ejv\nKZntMu5+EGAo9gcy5Vp8MB0GA1UdDgQWBBRPEkto/NPbi06V7uc85dx3QEPrgjAK\nBggqhkjOPQQDAgNHADBEAiBRLpIi8DGqTAVDpje+AygwxGfTjyDj3kJcnI/o2Y2J\nAQIgOy/zYALDRdLQhmlwTYMVuFI92/silETbw94Zgb/hErM=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUZOMZEJqDE1PF+cHqfA2XViAF5OQwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTMwMTE0MzY5MDEzODcxMjAxNjg1OTExNjMyMDY3NDE4NzI4\nOTM2MDk0ODU3OTI0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDEzMDExNDM2OTAxMzg3MTIwMTY4NTkxMTYzMjA2NzQxODcyODkzNjA5\nNDg1NzkyNDEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEM0feePm9s5qVCLVGVhbDc/3J\n/JD1K2nOZptqnmOcwM7MpnUkY3ErVfoTPSuzCfYjEpXLqwkRlKl/APpLXjm3X6N7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBATALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUTxJLaPzT24tOle7nPOXcd0BD64IwHQYD\nVR0OBBYEFJhfMfjYb6csE0iHj1zKFe7lWOw2MAoGCCqGSM49BAMCA0gAMEUCIQCS\n0RF1wtasM+3QFgViYk/tQ/SuKQxU4dPpLq/LT0MSmwIgVeU6LUS7a4n0ZkCJXzsK\nSWRH3tReRsa6HtvhDDGkLnY=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTTCCAfOgAwIBAgIUb1FziMSrrQrfprcMrFP2CT8ClxUwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTMwMTE0MzY5MDEzODcxMjAxNjg1OTExNjMyMDY3NDE4NzI4\nOTM2MDk0ODU3OTI0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTEwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGcxOTA3\nBgNVBAsMMDU3NTk2MzUyOTY5OTQ5ODI2Mjg1OTk2MDEyNjk1NzQ2OTY2NzkyODQy\nOTY4Mzk0MDEqMCgGA1UEAwwheDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0aGxl\nbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/pLAEiU6wDpMEkvbQn6OyNgK\nd80Mk+OXIEWnAxyWxmV+CyQvucMaSh5alfzHOMwNv3JDMgb+pbf2GhSRuzF5/qN7\nMHkwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUmF8x+NhvpywTSIePXMoV7uVY7DYwHQYD\nVR0OBBYEFOiZgex8OrOoYk8KATcvHvYYMuouMAoGCCqGSM49BAMCA0gAMEUCIHgg\nd+6CS+th2URaz1o+X9iupDHlSGQjqJdscQHfDv5ZAiEA7QT8+Jtqe+hT6paGHbyZ\n9zCnmHH4coiwxn7KIUOdBGY=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIUdj6GoRT9JNUJ/pB3zeBp1K6WRJwwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMzY5Nzc4OTk2MjE4NjU0NDM0Nzk5MDcyMTYwODE0NDg2MDY5\nMjU5OTcxMzY2MTU4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7GTH\naQqySs1HSqqBNavpOf2TpvhBbdetwp5z+CwZBGD8lFmavTIGXfxW12IrdG/vOzP8\nDLbuIDSKi4LhOw6hN6N8MHowHQYDVR0OBBYEFFB5CrdEC9pnvq9jpYu2JbjO9KZc\nMB8GA1UdIwQYMBaAFNpJPJgfb486cmfrRiAb7e7sQpb5MAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiBu8Ud/sM3V+OGf7MeFbm5W5Bsqk0jnkq+c1BtbsnlW5QIg\nYt+eZg7qth3ZhuaAo9ZEFt6onofiUxv9cN/wdSHeSIs=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaOgAwIBAgIUeO2DeIIsaZHtTqqyDHsxEyVbveIwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTc1OTYzNTI5Njk5NDk4MjYyODU5OTYwMTI2OTU3NDY5NjY3\nOTI4NDI5NjgzOTQwMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnwZD\nPNqA21QsvTdsRM7eNrZ5wO6HAbh4Ilcg+oepj0BddpDVEXzGbtw7OXtnp2k9ctuq\nbOas3CFxJCbaKV20sqN8MHowHQYDVR0OBBYEFGDwf6V3iq0nwYOKDhALalDxVZqo\nMB8GA1UdIwQYMBaAFOiZgex8OrOoYk8KATcvHvYYMuouMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNJADBGAiEAiQTmDG+Wwl5l8r58kM0USD2qCGZ5T3LtLPMl9sAIxd4C\nIQCsYNnKySmZiQayPGoT5wyejAIQhdH26/TuzuPm15e00g==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -216,10 +216,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nWhen validating with a maximum chain depth of 0, there may not be any\nintermediates.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUf2/ROO/EMAnRle/39Oq7AzF62oEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR7NzzXjdHiAIGpxLLZJB3VbIQ71QKZWDr9PTnB\nhsoNrznc1ER8OEc+QhV4p+fVANKBKouNmCa42VD8OyqgaxO9o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUnBC2xRjwBbXlh8ABPlAKGh3e7rEwCgYIKoZIzj0EAwIDSQAwRgIh\nALpaSnB6VSW7sC3s0GP6mlJdui10Uk5QtLhBN5w55E7xAiEAsz5scuHNXtIutkOA\nZGgxwVqSwT8hKYkxVKZdlKnFaAk=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUEJGyQ6SEiVdSOUpNI9S8O/VkvQIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARI3wSAyU0C+ISiPMUEPzBxW8W2vYXt3o0tCCT+\n8V70MpsEcMGMDzKDgVhmV/+YVdqiVVwjONRhq3mSiATLLd82o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUxH0KtLz/Ruw8++WxX4H6cGKXimAwCgYIKoZIzj0EAwIDSQAwRgIh\nAPwm1tRrT6QRTD2bZ0To/6f5fmG0/EFnOLK28tob+hSbAiEAokgrHQlQ7q3xDLRx\nouKdue32DoB9YhwFCazdNLSTm6E=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUGE5N9JJZDAJLrtMe4E4bqcwhsNIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJZAa0GtNMQCPXItpP+m0R7aIhWEQHftFbG3Y1l5Pid/\nw8OLUYsddVn6VTFjSWxkcB7AzyKcuqyASmsA5B8Nd8ejfDB6MB0GA1UdDgQWBBRp\nI9haK1q3pjTJdbDl1ygNBOedpDAfBgNVHSMEGDAWgBScELbFGPAFteWHwAE+UAoa\nHd7usTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAKC9isIPCP6GPSrpSWq+\nzoiKaPiC2jhAM6wcSYXzv6iRAiBFB865iZOV8350konWwXeqnL5OL4vtAwg0CHsB\nH7icTA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUJ4SdNcWbI5327SFD8T3lBe5KOQswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABKMbPvg6BI0byriX0hr2Zm7Bi6L9wVxHE53k54rvkkTe\ngbIMZf/Gvd5TJhX0f03TS2yzJVgo0TqY74YHko6gOLOjfDB6MB0GA1UdDgQWBBRH\n0vSth+riXD86PmI3Xpz9HmAMEzAfBgNVHSMEGDAWgBTEfQq0vP9G7Dz75bFfgfpw\nYpeKYDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgWJ6JEgRs/gRHEL6oUVVt\n3TtxF0pwCr8iObdd1Ensbo0CIQC0HcDJBdGQQp0LdxUQ9nTw0VnM/rqei5jAWYOh\n/rXbKQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -241,12 +241,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA' -> leaf\n```\n\nWhen validating with a maximum chain depth of 0, there may not be any\nintermediates.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUUCafe/pBOlqzbz54M1bs+3BvR54wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARnptomIF3KMlQgPoxpND1KttYhfpP5OZG8xols\nZPGHPNSC7NjN2dMjxZzXYCmdQUoYQoqH6A9w7turqU2zU8/No1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU9h6RSiZh4y4ESlLxIzmSYxtR/d8wCgYIKoZIzj0EAwIDSAAwRQIh\nAL9reGRCDpiudDnIhT9Ny7HPN02gPOFvJEorIeec26aIAiB3Vgqhf4uO52tj+Avy\nXrKyD5RlUzP3e2iubOvCj+6eAw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUKslw3yzTz5UaqLs+0PRdqBigtIYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASgYHjeJbkAidui0HMl3KRXhKpwBW0u5wqlnupK\nOHsbEW3v/VyavIcRgRTlGnzoeBBJ2tfWNZRw5WJI/nmGaqTUo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUtZ2vqrd8XLurCjAPem1ySKfZCOowCgYIKoZIzj0EAwIDSQAwRgIh\nANNk7NqyKP4KVUv6t/CP/9Zhn2QH3nMwdnc04AZIjtLLAiEA6q9wndLZOUNS+365\nR4PCSTn47MR3T3VEy7lqtPxYr/Q=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUAhpI6/gdm2tCiY6z48bc2EG42hQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0NTc1ODA1ODMwMjQyOTEyODg1ODA1\nMzUzNTkzNDM4MDY1NDA0ODMzNjcyMjUyNDYxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABEKad8aP3R/49OBeBKtA56HWSwmV+7kI52iEMfQjjCEtygF0TC8BkRkoZqOf\njKWscLeyvQXQ0baXb8L2Zv55+a2jeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFPYekUom\nYeMuBEpS8SM5kmMbUf3fMB0GA1UdDgQWBBQ+gCoW8NIr1pqBgHJjtr0kE9WDvzAK\nBggqhkjOPQQDAgNJADBGAiEA9LU0219cdIwTRu81XSGQTnTkWUCDerePBhX2/uHh\nUEUCIQC6qkA3rhYG6U0lovOSl6+SWG2Hrcb4PLvbNNpUJtMiOQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUUCCmIOAX/xPDNnLDvfR8dQ6ZkEgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyNDQyNjk4OTQ2NzgwODM5MTI1MDk4\nNjQ0MDgwNDI0ODgxNjk1MjY5MzY1MTU3MTgxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABJPsQLhNMUWo1ymtRIN9Q29l+R11yUKkekPfiAAInjPyHxL5fg5Xy7X3Rk1V\nJaMHYhx0Nu1rCUSIkEm4FLHTkTSjeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFLWdr6q3\nfFy7qwowD3ptckin2QjqMB0GA1UdDgQWBBR3dplAvSdi4MXLicjfcX8K7S50sTAK\nBggqhkjOPQQDAgNJADBGAiEAsV0UpqUkDsW8TWUcpZAK1cea5GNBuv/31jhmKBlI\nyvsCIQCFkJwG/XznmLWzkuQkp3Lq9k9/aucNQ+NJ95JzyMrO9Q==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUa604iX1r68frIDIEYmtKSzIiS3QwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDU3NTgwNTgzMDI0MjkxMjg4NTgwNTM1MzU5MzQzODA2NTQw\nNDgzMzY3MjI1MjQ2MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nA1nGppOdVCMG8759g4Eq33iRPUoFBSX6mApwAvjJsXdiSmW7rLJGikMkSR93nk+L\nmL/OZ3Er7FWbYetMRS2VuaN8MHowHQYDVR0OBBYEFMKPK9cHLOipyQxA2/LOKPyz\nNmcuMB8GA1UdIwQYMBaAFD6AKhbw0ivWmoGAcmO2vSQT1YO/MAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEA0eFt+Pucy58aL+yMJ9BI3Fh17d18si7yUreeQBdE\n+agCIQD9uYeY2LDPH7vUOiP+vQzVilZTiEPPctolMxmPRIVE5g==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUOmZWBSO0+mu1kJoBFqSkp+cul7UwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjQ0MjY5ODk0Njc4MDgzOTEyNTA5ODY0NDA4MDQyNDg4MTY5\nNTI2OTM2NTE1NzE4MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nAoSoU2O6ngaqtGVF95VRTJEMAlSm7oz3o69W++GKOhSzeWUsIYtD//NXfX9rC+nD\nUK7RN4L0irAlusYiLW4SWqN8MHowHQYDVR0OBBYEFMdPJmKpshBMLkauREkzmdsm\nJiasMB8GA1UdIwQYMBaAFHd2mUC9J2LgxcuJyN9xfwrtLnSxMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiBfDzxWNx7jWFZMCOVAi83y9OzZWcv5Z1H98vqcXEbb\newIgHGVnoIDz0pd4ZHJyEKRxRDHMjy9pcyMHxQAv91+kVf8=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -268,12 +268,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> ICA' -> leaf\n```\n\nWhen validating with a maximum chain depth of 1, there may only be one\nlogical intermediate.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUNqvXXpOhsqQYDKmFupGA39Zvr38wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQvQs+LJiVFutxv0wRAJoO3eOBCkhXYQkcCnx58\ngCcun3IS08UFZ+3DVCiJWsj06RQcHRd1ZVUhFis2UDxBJWDmo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU85Gv4h7FkCtGjFTYx2hCvaFc0TMwCgYIKoZIzj0EAwIDSAAwRQIg\nAirq2yv0tvGQNP31RnHNAwlxUyCj2GEnrY90vhIk+Y8CIQD3U627p0ZeBA49BSaN\nUSXfuraSu5FDX6J4vLgBrTz6MA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUf/ifTn434UGCsEkqOZbuVF7TU0AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS2Lsv5ucxrs7PWS5mgP5j4KhfeYdqRlRTkAV3b\noa2h6psP0FM7c5crt7p8OhO+5GSceXbRbtTP0PBL3VS3bs1Jo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUdquLOaPoczxEefAH7WTa2A2ELucwCgYIKoZIzj0EAwIDRwAwRAIg\nGtqHkcAOv5gZxzZ/lXC/HqTpRIPEYJBsuKwsXufN0P8CIFaoLSW1nbxgeO8EbCI4\nU07LeBYpVycC5MRw3Otizncn\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUOvVvd4AMueK7092zhRXMb3ISjrAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAzMTIxMTc2OTAzNzc2ODk5ODgzMzE0\nMTQ3NTc3MTU0MDM3MzAxNDEzNjIyMzczMTExLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMBlVCDNAFVEqQ6zGIt2b43YLdbLQ9Il2l6y6hdpIlvQ5JGPXBb/5bW4rN92\nrP0yKDTH8W+cDhPjLgpGVHsJth6jeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFPORr+Ie\nxZArRoxU2MdoQr2hXNEzMB0GA1UdDgQWBBTr0hmb0CN1nWmZJqoRxbpALnUBpDAK\nBggqhkjOPQQDAgNIADBFAiBPjC8gcPwkzTW5cgZCLlBx9JjldMRG5ioFkB0fs1be\nKwIhAIDCl4olfJe7ubDVYF58XFRPgWlI4NJTtrz1TMbWOGLN\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUMydbYiqPomOB+w/5NuwWs1c5kZgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA3MzA1ODYyOTAyNjcxMjM4NTYzNTc2\nODM0NjIyNDYzNzAxMDQzMTQxMjAzMjgwMDAxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABEFVbGFpriPR878jievBgNf90NyFRMfV8MHfjKMOYdFtOfmt9DcfinlV7xj8\nCWgmR7HTa8igcqHB3I5wjp6vpkKjeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFHarizmj\n6HM8RHnwB+1k2tgNhC7nMB0GA1UdDgQWBBRZC3GATW2U+OUMnAagHlvYYlU4/DAK\nBggqhkjOPQQDAgNHADBEAiBxESWbfQkUjKxsklBYO/lLlX+sMcCOwngFxkw0FL7/\n8gIgArHUi5HINRovGvlC39DgTLZLG9FyLDqffR0YN+A/jeU=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUKiC60l0N+cSWpJmtDWZxM109kLkwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMzEyMTE3NjkwMzc3Njg5OTg4MzMxNDE0NzU3NzE1NDAzNzMw\nMTQxMzYyMjM3MzExMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n6r1OXzcLsVnAeRV4c4PclSSZ9tMb8T9WR/psV6ZekDm9TFhS9VLYvzKiLrgx9N9n\nBTHhSq4skwoBvdowp8W6yqN8MHowHQYDVR0OBBYEFCJS6vfU4ULaQhPvuxjstkuO\nU0n3MB8GA1UdIwQYMBaAFOvSGZvQI3WdaZkmqhHFukAudQGkMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiBCSKTZR4Fk2Aq8Hp8PagjUUgGjLqu1qvmQ31mCUzOC\n8wIgeEmb4nPBWext+EMalcd19Cfo90JbQgHGuIfwTtmcPMo=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUPeOygzecgr4hjMojzRL9OiNC0y4wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNzMwNTg2MjkwMjY3MTIzODU2MzU3NjgzNDYyMjQ2MzcwMTA0\nMzE0MTIwMzI4MDAwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nSR67E24nmbg2abqwDsTFpVvIJjFgCznPCDNVTe2kj5iYkuIbjFIQJj3IGbQdAV/v\nx2EyPU2XhcoKERJNmtJ3UKN8MHowHQYDVR0OBBYEFE1JOSARBN0kj+kSmG8d5WB1\nLKTBMB8GA1UdIwQYMBaAFFkLcYBNbZT45QycBqAeW9hiVTj8MAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiA212dFl/mLKaFmRIQSu2YCOuWEbrMTHM2A2AMxVGcL\nLQIgZuB+gjkJzR90JeDQmd52QrVDcdbcPCu+dDrKJxnYRCw=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -295,13 +295,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA' -> ICA'' -> leaf\n```\n\nWhen validating with a maximum chain depth of 1, there may only be one\nlogical intermediate.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUGoGzlPZn144UfzLblf8VsjrBO84wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATyCc4h5XtGrwn/swxrsV6LkVf/Xc2CKVGKQXpB\nGRsDLa1Qvut9FvcotLYVy3FlRN8XJA0zChoFCjhYOSgaCnSUo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUVzslGmJZaUG6oGgAvSIHxPZQ5REwCgYIKoZIzj0EAwIDRwAwRAIg\nSttxsxS1+aj5XcNUCpaqdTeZ2NQRjVd76dVh1KxgjVcCIEqHlemNV3bXJu9IWJ1J\nPw7ioOS2eimL6xi6JWxbBL56\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUWr7mTaxqYihQmPoqUf3IyVr3AiQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT9MVSKKqOENYZab8+qgQItKnZB6cJDvyzqDZbM\nnHKDiaS8jS2+puAjETCB9c3JXxIkfH2eQcXXcBCt9V8TqCkuo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUUCC1GX09AzURt2bq8KJ2ZTXrXiYwCgYIKoZIzj0EAwIDSAAwRQIh\nAPxxxn+6GUpKixVv2Sj9uqL1KNKrkuxajcAj5QWBpDY4AiBWpisFIg2uEmblgnYK\nyVrAtAmvBu2U2kPsQYHDVUd7Rg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUbThLnmVkbetQ0HnIUagJ/jotWjwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAxNTEzMjYxOTk5NjA1MzE2MzI5MTI2\nODc5MTQ3OTY2MTE2ODczNDk3MTg0MzI3MTgxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABFuwRLFn3qQNw69f5TlreDy0Lm46sqC9C4bek9Y546SUAJN26mcUdnMw18eB\nfgS8WyeyEnjMdvkXqUQEVMh6dJWjeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFFc7JRpi\nWWlBuqBoAL0iB8T2UOURMB0GA1UdDgQWBBQT56NzB8y9vT/3UbI61kBm/UGGjjAK\nBggqhkjOPQQDAgNHADBEAiB2phs55KfIx6AkTYliDYe8L0yF3iwIcz+EoTep5Tds\nvgIgfSt013KtLTmMzfzhrQubycSCLmVDtYigdBZSNZ8nSO4=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICTzCCAfWgAwIBAgITLyFuPnZYJne2UVLNN+1hKm8OyTAKBggqhkjOPQQDAjBq\nMTkwNwYDVQQLDDAxNTEzMjYxOTk5NjA1MzE2MzI5MTI2ODc5MTQ3OTY2MTE2ODcz\nNDk3MTg0MzI3MTgxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowajE5\nMDcGA1UECwwwNjIzNTM1NDIzMDcxNzQ4NTY1MjUwNTIwMjE0MTc2OTk2NjEzNTY2\nNjY5NjA5NTMyMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRo\nbGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATNJDKNA4wSS/88QoB6\nZ4bvBTrEDTYU2wCq61AgBY22zHpdeHpvAcLZE2I83yqkDulwbs6O8vWEX6rsDj65\nlkFEo3gwdjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzAN\nggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQT56NzB8y9vT/3UbI61kBm/UGGjjAd\nBgNVHQ4EFgQU5Nxc5JrYvUxYscXPaXSokcYom8QwCgYIKoZIzj0EAwIDSAAwRQIh\nAJeBiYs+icYQhKLIQ+8cDWsdnp9j6xWv9RT/DCpUny3uAiA+AlzKSLgIKM3zlxCN\nTkb/b/XnSwtq15O5mI0Eqku0aQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUWdEQMADLzFnWXTlyL3L02y+8DsswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA1MTgwNjYzNzMyMTg1NTI1MjI5NTkw\nODY3NjQ4MzUyODY5ODY3ODY4MzEwMDgyOTIxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABDpNAPvWWikyQFH9bWl6/RRFOHnNQw6+nYPKL/+JdROGtMv8DFWfP+NqDX+b\n42kVSRUZVoiuJskpDhUJDg84Ib6jeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFFAgtRl9\nPQM1Ebdm6vCidmU1614mMB0GA1UdDgQWBBRDMO5rjFrUULQBdKxiNb7V6+JpfTAK\nBggqhkjOPQQDAgNIADBFAiEAnp83hHKt+D/9i5fC0zmAf/D/2D5c6DI0230Iyjo0\nvnkCIHgAjQHohQ1QuPsQ5RAVSKOGQVut0lgx+bgj/52XtMID\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICTzCCAfagAwIBAgIUKs7tCfHnf7d0LBO8orMUPaY56WwwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNTE4MDY2MzczMjE4NTUyNTIyOTU5MDg2NzY0ODM1Mjg2OTg2\nNzg2ODMxMDA4MjkyMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGox\nOTA3BgNVBAsMMDUxMjc2MjQ0NDQ4MTAwMTMxOTI1MzgxNDAzNDY3MDQ5MDYxMjY1\nNjM2MTk2NzMwNzEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJhhgVfgmOg0sxaBu\nDPb1qG6Qt9+MOMID5Z7lAjW1EtAAGVVGzMfV1uHNl4w46totn9x1IeKIEYqdS8aV\n/9ZQk6N4MHYwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUQzDua4xa1FC0AXSsYjW+1eviaX0w\nHQYDVR0OBBYEFM4bs5yliH3xaik83zCyDRmud9FtMAoGCCqGSM49BAMCA0cAMEQC\nIBA/SjZM9gGzCIoxzMyIPluKmsCuzqWRgZffK8uFbc4YAiAyEgaEViAFmZ68wCSq\nKghdF+mpoOPkRyLQSwBAHT8mGA==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUWXUeBf8PQhjyPph0UH8mNrLNi64wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjIzNTM1NDIzMDcxNzQ4NTY1MjUwNTIwMjE0MTc2OTk2NjEz\nNTY2NjY5NjA5NTMyMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nsKRZLiBt07OkB+02/7E68Ma4VPHQ+9MtpC2ScJoscw8RfOGFNwV9hqYzJEIyqasD\ndPf8x58MTa/AxOxhsoN+waN8MHowHQYDVR0OBBYEFBdlJQXqD7i6+U92lwoBM1Kr\nnMuyMB8GA1UdIwQYMBaAFOTcXOSa2L1MWLHFz2l0qJHGKJvEMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEA0AlgJPkTg7xi5oAC/VqTqCFlTAJZ9mZSZWO7NKwq\nQh4CIQCizggNCnryubZFXPVWii7OLKTwIQYhRRAfMxiDtMcRaA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUUpEzmXsC7K8Gnap/9QzxKRxsZ38wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNTEyNzYyNDQ0NDgxMDAxMzE5MjUzODE0MDM0NjcwNDkwNjEy\nNjU2MzYxOTY3MzA3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nTFX2c0zQqboa1Oj08b5ns7Pl+3MjI2D6anVAIfnj0FstrcqP6Lz7YR5d0TAVqCtK\nRoG9snoFHJiKXHRZeTiKYqN8MHowHQYDVR0OBBYEFO7iiVTJs8uLS1LaLjZuESUr\nBz/cMB8GA1UdIwQYMBaAFM4bs5yliH3xaik83zCyDRmud9FtMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiAvj4GJYywxe72QT7yYH15/Wa2edL9m6uaGmV0oy0/H\nSwIgZzJ9ptMsek5RPwows5dUOZshzpe7FNB/CUJH6f0mpc4=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -323,13 +323,13 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> ICA' -> ICA' -> leaf\n```\n\nWhen validating with a maximum chain depth of 1, there may only be one\nlogical intermediate.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUS18VrDWUUCAcHX10zVgBQveR+fQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASGoVFN1RWpYbs2HosTGSYaIFS6FPvrk0NPzmhU\nD9VcF7jsNrGHQOeHpRYMwgnnQftIGC0dV9UAwisTZLnZ7lBho1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUUoaQQLqrOxDhl2bPD2pl852gXlUwCgYIKoZIzj0EAwIDSAAwRQIg\nKPyLCQ+kz/RNH44NLuUt4gx7a7LlVe0M4r7wlXZJs2YCIQCOKUUDfievQyuCqwTh\nNw9EW/hwma+ltS2YosFxs9FeEA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUTEd36JUI8lEXYs4Umxx3xbSUkUswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATlriIce/yg77XqN37sUhfhsQCEFbyxLG68pPFE\nB3LckKoVgxUyJk8mJ1UX15IQYwVVwoQur9wdS0uS9KY8ZAn0o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUN6voyfOrn5v9+aRcbgY+Yx6d8xMwCgYIKoZIzj0EAwIDSAAwRQIg\nG92foab5BHf8USVEDZwD7nYvXq8rJLBLk5V0vkrZKgUCIQCREUXbxqxbIShe9tuq\nF8dAzqjk1eiYmRDGJkEv87btMw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUdF8f2ErTa0+nAxjCVZNB4rvjMMYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0MzAyOTQ3NjY1NjM0MzkyMTk3MzA5\nNjEzOTg3OTAyODQ5MDg1MjIyMDAyMzQ0ODQxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABJWDy0aFwMCuX8BPHIS+UhQBmdUl0snjZQ2nB671AiD4bb9kOueqsYho0mpq\n0tp8kaCjtEmje2hkih/ncaC6WiqjeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFFKGkEC6\nqzsQ4Zdmzw9qZfOdoF5VMB0GA1UdDgQWBBQDc/rFHdrD6AFMywnTbUfzCfWOcTAK\nBggqhkjOPQQDAgNIADBFAiAh/mKd1TdSUpCu6Drtesw5DNjKWAVmN+rR7329jelE\negIhAJVWjd45ty4xStBTX2J1RUnwCgSPlxGbLo2Cy00XjQ9r\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICUDCCAfagAwIBAgIUWxBFklscoaIaZ5Wg9xCJRZx6y/EwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDMwMjk0NzY2NTYzNDM5MjE5NzMwOTYxMzk4NzkwMjg0OTA4\nNTIyMjAwMjM0NDg0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGox\nOTA3BgNVBAsMMDQzMDI5NDc2NjU2MzQzOTIxOTczMDk2MTM5ODc5MDI4NDkwODUy\nMjIwMDIzNDQ4NDEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEW6MsWC88yCwxcude\nvqfOzWlnEBClqfB2GDaqQql+KBA6DMZqmqVMyN3Ya+Prhd2Q6cvuHOqErVDiU/l+\ncprLk6N4MHYwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUA3P6xR3aw+gBTMsJ021H8wn1jnEw\nHQYDVR0OBBYEFKJa7YPMm2VQ+vxlQu6FchTW7jpvMAoGCCqGSM49BAMCA0gAMEUC\nIQD8y8uYrjAW5rZj4d0zip7BrHOtAIutv/QFXtDvL+Ls0gIgUswpS0eSyORSApJb\nur9J1zShFO+bQL5PYKhPcaguERY=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUKGBHkZSn9v36hGsAUhRx9NYjdmYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0MzU0NzcwOTY5OTczNDM5MDc3MjY1\nMDYwMzY2NDQxMjQxNzk4NzU3MTk1ODIwMjcxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMtvTuTj+2YG6NS3cft7Lv8EmwVy/TJcsh9n0rLNs5LybiART8aMhydPFWqY\nUX33TKt+O+yvg//fhV2BPzNmQbWjeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFDer6Mnz\nq5+b/fmkXG4GPmMenfMTMB0GA1UdDgQWBBREaug0GfXOrds8cfPyU7rBVOipDDAK\nBggqhkjOPQQDAgNIADBFAiAgXJlG/LS38sDyjgrR0+dMAjgHDASdckNd5XlbRhc4\nBgIhAPzr7Dw2qGaIAbgDWeegntxLfP0hRYB4adIGsJpm6Lmb\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICUDCCAfagAwIBAgIUBIw98ZOxKDI7qcvjkq47nzNQqTQwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDM1NDc3MDk2OTk3MzQzOTA3NzI2NTA2MDM2NjQ0MTI0MTc5\nODc1NzE5NTgyMDI3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGox\nOTA3BgNVBAsMMDQzNTQ3NzA5Njk5NzM0MzkwNzcyNjUwNjAzNjY0NDEyNDE3OTg3\nNTcxOTU4MjAyNzEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAOjuQ+FwTdls6ciJ\nuVLxj8u0RUBFRpCBWKC326sBSs+6Y9EivS7vCSH4voEFDvDHZmjaAgFLziXLAW8a\ne7FIFKN4MHYwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAURGroNBn1zq3bPHHz8lO6wVToqQww\nHQYDVR0OBBYEFCZ37d9OlhvjhhOdfgvsOtT+O38BMAoGCCqGSM49BAMCA0gAMEUC\nIQCdmo1VuN1UDl35Nn0JYlsQB/yiaTSyHouTl8fYObCyZAIgWyA5xnOTFO+/symq\nAByOFMxZ1VmO3ZycS7cf9gSlIxk=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUDL8shIFRxGLgl6vkEUN+zW6FiYswCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDMwMjk0NzY2NTYzNDM5MjE5NzMwOTYxMzk4NzkwMjg0OTA4\nNTIyMjAwMjM0NDg0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nw20+SN8g64+WCf7evUunduiCkuSS8SVZO6H7I820bdOHQHyXE992d+FtBHSo5JZs\nNJ2kEzNvJOoBzzCgUpOKraN8MHowHQYDVR0OBBYEFB3h5aM2qeikclkAcqrDPX4a\nYFCpMB8GA1UdIwQYMBaAFKJa7YPMm2VQ+vxlQu6FchTW7jpvMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEArG4FURNzyCorR9ujl3dse9K2CJRGQxrvsa69YToz\nsTQCIQCFsET6iEuROW4HjTqHmfio6mL+a7T6VCpLLSQmZ9ewPQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUB2nW9p4EBrHGiHN819d44v0rKuQwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDM1NDc3MDk2OTk3MzQzOTA3NzI2NTA2MDM2NjQ0MTI0MTc5\nODc1NzE5NTgyMDI3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\neSN7XFQ/9Iyv2s6Rmfpi3k3TkQvNES5TGqM+NrxUK1H/RF2kHeaHgCn9fcvfoF6x\nzfhnc+exnHgom5zKl/SON6N8MHowHQYDVR0OBBYEFJ4xQQ1D6rsIrG5oISo4gz9u\ni/k8MB8GA1UdIwQYMBaAFCZ37d9OlhvjhhOdfgvsOtT+O38BMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiAyeO7qbvwySP3WeVui9T6k6NZKQAg5jHd6FpiLPA+d\niQIgPEp3yV2rqMFHBuvHGoELXpYpkwXbYNcLbzDmRcUlnaA=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -349,13 +349,13 @@ "description": "Produces the following chain:\n\n```\nroot 2 -> intermediate (expired) -> root -> EE\n```\n\nBoth roots are trusted. A chain should be built successfully, disregarding\nthe expired intermediate certificate and the second root. This scenario is\nknown as the \"chain of pain\"; for further reference, see\n.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUYaEAmZxd3o3YrOcBd33WXr3R4XkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQquvDg36uO4wXdG7yNoW0hHxb2W9uGZjY60NkY\n8X4g2j+8l429ffAbEbC6/544smodITJ6qFD9H4EAelK8nQOeo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUuVozKxPdnai6uRqWwLj82AdUq0MwCgYIKoZIzj0EAwIDRwAwRAIg\nHDIiPpcEbw6XboA7TREHKZSqaJrjPvmf+hph+lQDwyICIA8Ih92Gibya4+9LOKhQ\nAAZPRN86fczLBIm2jHS67J76\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBkzCCATmgAwIBAgIUMk1inn3KeT6HEX/sSN9q41YFEU4wCgYIKoZIzj0EAwIw\nHDEaMBgGA1UEAwwReDUwOS1saW1iby1yb290LTIwIBcNNzAwMTAxMDAwMDAxWhgP\nMjk2OTA1MDMwMDAwMDFaMBwxGjAYBgNVBAMMEXg1MDktbGltYm8tcm9vdC0yMFkw\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExvGB456sowGoOQrvVsBF6trnZLp7OwwH\n29W4u+lKbqzxhrPxWLLmYVmRqp6YLiJJtH3Od6Dq1+D7rlOyyb26fqNXMFUwDwYD\nVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5j\nb20wHQYDVR0OBBYEFLqIofuw9K6TcylQIWzl1mlJbvomMAoGCCqGSM49BAMCA0gA\nMEUCIQCt4efuPjZtA+yY/cEgQMB8De6iChLbowTuJLcaE1gG+QIgAoJeD4CaEWIH\ngqyMW1L+wyILwRT0XS2laAexkc2vW74=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUI6PP0l11Jy2tgGKUmhrKyTK7D4cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ9j5WdA8KWT7MTs+BLkdYOItHnTV0DyTUHx5JI\nELT9kVOEG+iQMMF5CDfTbTlhp3J6Ew0jhla1L7d4xMTyGEMFo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU51cHrOuOLl30BD/wzP17jWdPIPkwCgYIKoZIzj0EAwIDSQAwRgIh\nAIX346ibbxV/DOINEMyZEhmiitv8/mimUEQ/9s7lPY3DAiEAili03qtt3MmLTe99\njEsLF6juJM0RbgTmHgZ76Scqd3s=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBkzCCATmgAwIBAgIUbo3IdJXeDUjbCLun+GBJV6Nf+lAwCgYIKoZIzj0EAwIw\nHDEaMBgGA1UEAwwReDUwOS1saW1iby1yb290LTIwIBcNNzAwMTAxMDAwMDAxWhgP\nMjk2OTA1MDMwMDAwMDFaMBwxGjAYBgNVBAMMEXg1MDktbGltYm8tcm9vdC0yMFkw\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaVEGVPJaysrZjyHnMVOZkOwUx++lkaaj\nwlLWbqqd3u1Rxj2XeNdKKEUB5wyuXnsGuEGG1YmH6MrYNMMrbBzrQKNXMFUwDwYD\nVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5j\nb20wHQYDVR0OBBYEFFTBYzv9xIs4FF0ngroAHKkca0FFMAoGCCqGSM49BAMCA0gA\nMEUCIQCE8wk7rWtR42nEV3RPs+JMiyAB1RW255cUPkXUgvr8lgIgaMk+h4xYtuFd\n1oALM1gc+8IhExB+5/a91ApevtW/svM=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUVVN4MLYbAirkWSmkjPBceeGU/dQwCgYIKoZIzj0EAwIw\nHDEaMBgGA1UEAwwReDUwOS1saW1iby1yb290LTIwHhcNNzAwMTAxMDAwMDAxWhcN\nODgxMTI1MDAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQquvDg36uO4wXdG7yNoW0hHxb2W9uGZjY60NkY\n8X4g2j+8l429ffAbEbC6/544smodITJ6qFD9H4EAelK8nQOeo3sweTASBgNVHRMB\nAf8ECDAGAQH/AgEBMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNv\nbTAfBgNVHSMEGDAWgBS6iKH7sPSuk3MpUCFs5dZpSW76JjAdBgNVHQ4EFgQUuVoz\nKxPdnai6uRqWwLj82AdUq0MwCgYIKoZIzj0EAwIDSQAwRgIhAIECTu/8VK93Nd8s\nKGUYdZN1Y3MtNqSOVso3OEvsLBbzAiEAnTiVCqUry76Tt05srh8cyFlexiGRWiEn\nTAzYAjeEV54=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUI25n5KKnyCPnT+n5NqMzarPx9s0wCgYIKoZIzj0EAwIw\nHDEaMBgGA1UEAwwReDUwOS1saW1iby1yb290LTIwHhcNNzAwMTAxMDAwMDAxWhcN\nODgxMTI1MDAwMDAwWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ9j5WdA8KWT7MTs+BLkdYOItHnTV0DyTUHx5JI\nELT9kVOEG+iQMMF5CDfTbTlhp3J6Ew0jhla1L7d4xMTyGEMFo3sweTASBgNVHRMB\nAf8ECDAGAQH/AgEBMAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNv\nbTAfBgNVHSMEGDAWgBRUwWM7/cSLOBRdJ4K6ABypHGtBRTAdBgNVHQ4EFgQU51cH\nrOuOLl30BD/wzP17jWdPIPkwCgYIKoZIzj0EAwIDSQAwRgIhAOYFTnAjE4J3hyXV\nsnQdoiFepCACy0iHO/5LS/LdrUL5AiEAsEtcOVuINcR8xjgF/qg7p1xyC8Q0rS/I\nF7j4PEsnRYk=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUOgjtIecTU5aBwMVBxcAGTt8ntrswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOfI6j5n7IrTDl36HOXeeyfr1TEPikVBcrWuboFVai/P\njW7fvBb0xo9mEc/SV3H403ymPFr6ykFAEq9PF8IVcL+jfDB6MB0GA1UdDgQWBBTw\noQIV9noiOwUuPgjEs3rGDbbojjAfBgNVHSMEGDAWgBS5WjMrE92dqLq5GpbAuPzY\nB1SrQzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAMD+uSo4/XVZpNGCRU5r\nXIXOCUgPTUXRlFyzKOvCGJY6AiBTj6KcYx2MrpI9iWGKM/JeMsdff0GmHBaPWhnC\ngjGp4w==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUKzNCz0V6j0KPc9t5+EkB2fQOW38wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJfU8kz6owOw4lfDjiHJ265hhzvBwSkPgQ90W3ryFLhS\nsEZbk2qMf+T6fUuY+VJuaCllZWls4p7or7lv3RRJbWmjfDB6MB0GA1UdDgQWBBTR\nvp6XoBBVvU7wPVGlx7u1vYcTATAfBgNVHSMEGDAWgBTnVwes644uXfQEP/DM/XuN\nZ08g+TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAMqzB7iK9mrWuNPXA0i1\nnrg2SVfVoOBXA9UKpLW7uLFeAiEAuAYmyovVxsfZ5cmIVdYsifwWEJUr13ZS5AWD\n//jUGJo=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -375,13 +375,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -/-> (ICA' <-> ICA'') -> EE\n```\n\n`ICA'` and `ICA''` are separate logical CAs that sign for each other.\nNeither chains up to the root.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUU7yEl9eyaFlvL+eI353Um+VCK/QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATDu7cruHv2s5tSt83k48KkPRdFiXcr2xWknPnW\nKMeap6ES1VdQ7Jf2BR9MllvH6ddrTSKaFWa3bDPBV75CF829o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUS75YG8tCnewU0VrF++Y4M//4BOAwCgYIKoZIzj0EAwIDRwAwRAIg\nYvpc3Xnv6PRkJ+NIfOX0Uou4g0/MkzwHaoh8UXjJxJ8CIF9jarvdM82l+kzH117D\n+JR0X2poygbzpMtWyLF9th/2\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUNLi9ghe/kHImLLsrcqmfxjtvui0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARMs2gaas5wd/k0P3fPXIoYPzl74fg+m8smVYxA\nSz2TTv/fTv6h/jdfcqbfo8m56uBzrUdvF7WaCRNbPj97L6SZo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU37wMi5eC2KNqOUZ3AzfNKFuFD2swCgYIKoZIzj0EAwIDSAAwRQIh\nAK3N2DdoGyQya+TSTCVSRMRZBgbgpftIF7zfojZASBfiAiAtGyxHZz0kg4672Zct\nhkVZHamRHsD5G8RZbcQNDd4zKg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUINMzld9CFjkPGVzC5yGUxPGpZyQwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMlc+rvmf62saO8YQi7oQ1v/DWL7hKizVeYaL4h3uQnqQCk4pp9VW3rKf7dr\nFw2pyuUSpgrz91AAlFUfPqm97e2jYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFMUbK2APnis1RtGJ+z5s64Yhs3ccMB0GA1UdDgQW\nBBQ+TX2Sh8j7kw6BBRFA0RAaIv0QzDAKBggqhkjOPQQDAgNIADBFAiEA7WqlCHEy\niLpLh3miLy4MhGpzehu/rfMmQ1aBGcUstusCIBe483urpCC0qlCYRcCGUnJScxr8\n3ps460p2mdakH4WF\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBuTCCAV6gAwIBAgIUDDa4hChMTQwQ3sPJ6wnTOo42ij8wCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABDruWpBSderdEaCcu25U3qk1acEAxarxM6hv/5pqKw1/1Q36+9kyUu9WxUiv\nwfg0gVQjxOMPpdkJKjjGRcOdasCjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFD5NfZKHyPuTDoEFEUDREBoi/RDMMB0GA1UdDgQW\nBBTFGytgD54rNUbRifs+bOuGIbN3HDAKBggqhkjOPQQDAgNJADBGAiEA0BdjpEGM\n4Iy4BSv+qEUH6GO2EldLMP9Q2y/HBBD5uEsCIQDRE3CMm6QpFTnbjB1Xjmbzkj9+\nsdm6nGBl60qhXzB1ng==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBuTCCAV6gAwIBAgIUSEd2zIcO/RooSko85QScWiHlqkQwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABO40gphbOvde7a07BpFqqGPtr9t8Y9AHkbxkFzRYx8bzNzTjdK8QIRu3XPkc\nEAhXwZmvaDZWdbzMtbwDQFsOdByjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFMuHZXv53RymCWeyYYHHeGK7Tg/sMB0GA1UdDgQW\nBBQSkvjRlTOZuV0ZglFEJGJFFius6jAKBggqhkjOPQQDAgNJADBGAiEAn9ET0LWy\njR3VE9ePVF6LkgsGDlXd152EMnK0pcAuowQCIQCBCoV8vywDiW9pyeaDuKYezx6p\nb7VghZTEXs1gU8RpUg==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBuTCCAV6gAwIBAgIUa3rA4u2Gz1vQ0NgbNPhp8NumouQwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABBD1snQwE7zF8bB7lKHEpnnjNpHk+tfEMW3DFyFSRXqd7WQcesEKGjNYfKCS\nO+iViubc74dt9WzqOu25M/vlKKCjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFBKS+NGVM5m5XRmCUUQkYkUWK6zqMB0GA1UdDgQW\nBBTLh2V7+d0cpglnsmGBx3hiu04P7DAKBggqhkjOPQQDAgNJADBGAiEA/zuglP6r\nxZoSc6zyHXu7CZWTrh2HDfIiJbM+Q+VNth8CIQDeGAPoOrZ0Rv/h4pKCA/mnZgqp\n4x2Xc59ZjkJFYjw2fA==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBvzCCAWagAwIBAgIUHwrXR/H/yoS0s0yHdeyPFdNsGOgwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhhbXBs\nZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT1jS89I3QBxiGSiyzdErUV\nwwUYAlFvjdygWDxYfBt0aXYk1X04Y5/EHnuv6PXIHmVy/Ij2TUlh6PNW5Lb9y/6l\no3wwejAdBgNVHQ4EFgQUx/OgKCMTkV4PgjeuuI6ca3g/YHIwHwYDVR0jBBgwFoAU\nPk19kofI+5MOgQURQNEQGiL9EMwwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQC\nID/UemT45S2V4/ngLRf9s0ke/yLWBOOTA0yEoQLp13mAAiAqEYpUKd9H0Nu5+nRq\nM6fCs1Nhy49qngiklpdro8OmBA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBvzCCAWagAwIBAgIUTtRCGpE7SmIvCKwUr0WJm4tRvIkwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhhbXBs\nZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQvCzTiHlkj1hdTecrY/PbP\nPn0nOhLfLRbvaZ2Ol+0ecIRE2u+EaJeV1n3kYHX+RLb8CaUaM/1EBSXiLtQ0mwUX\no3wwejAdBgNVHQ4EFgQUf6784VVUrawjoapDS3uh0b+ZPBkwHwYDVR0jBBgwFoAU\nEpL40ZUzmbldGYJRRCRiRRYrrOowCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQC\nIHTD19OHR1zBGGTt0NdVCqQZ0G7J4PWl/N5csHZAwvPPAiBsngPxo+xksR62N7Se\nbj6zuqZuGdtsHMVR+gLCQwDsgA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -401,13 +401,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -/-> (ICA' <-> ICA'') -> EE\n```\n\n`ICA'` and `ICA''` are separate logical CAs that sign for each other.\nNeither chains up to the root.\n\nThis testcase is identical to `intermediate-cycle-distinct-cas`, except\nthat it specifies a large explicit max depth.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUM6XzOU9+tjqQaS91u48KVpQBBpUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARrEH3rxzNJtu5zT7xzEd16VPeJJ71fooYbvvlP\nNdzR+MusxwiNY1E/puye3Btk4QnDqfbBURJ/DUAlJYXsgtd1o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQURrBniyxQtrSCy/0qLNhJGRNLsOEwCgYIKoZIzj0EAwIDSQAwRgIh\nALA9OKybAssveItdq09EE7d23XODh7eGtesHwu6DJZ5qAiEAg8m3UllOWhRztAZ1\n8EDw3JEv3CVAHkHOK+ikNPccIRc=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUTt5dBB3oVKeb6a7sVT9eJkDEbNgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASj1eC99eiaLeVYw9+ri4pKxb00IPMYfkBBSY5t\nNAOOdF+CkoDxr8lpbHkn7MfgdhzqjfuJmTJNIuCJ0t4XvGgmo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUAG46mEiJb3bQ1gK46o9xpownFBEwCgYIKoZIzj0EAwIDSQAwRgIh\nAKeAmhD3j4+SH6mXTHwHG3MGLr28hm6pFombsN4PkZZgAiEA5W4kEmu3jeO2BFeD\nNGbqNPmTBR2RFZcyiPhhqXXQ9ew=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBtzCCAV6gAwIBAgIUFj/CPizzP6zfgiH/iYjhfB+f9GQwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABDEobvBBx6kQ3NR3+zR+NezF2BYDM+zVw6pAFbA0Y+QJGCC6BBByTuOHu3z7\nP+c2SExFLKWkqJiaAbBK3n7Pa1yjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFETFpzAmWwtVOc+Khn0/DZ93aRrPMB0GA1UdDgQW\nBBSsp1M5ZXQ8x9NGFKUcZfuRnGQD3zAKBggqhkjOPQQDAgNHADBEAiBkYxhJxB/Y\nyTMWW8InZ74jl4ewXc1itohgACL1lfHszQIgMGpnWkHcgqkHwrcWBtusB7t7fVjk\nsN7rP9ZvytcC6GY=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUVYKEJIA9HY/0g7wh0+anBb2yRoEwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABLM45O3xG8BtH1wgM2s9HyAhqdZ6NlpYZMChRPXZ1D3mvDiYIGcIQj1htuo0\ncr3EaTcMJ8JZ3/32hlivLYjBUPGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFKynUzlldDzH00YUpRxl+5GcZAPfMB0GA1UdDgQW\nBBRExacwJlsLVTnPioZ9Pw2fd2kazzAKBggqhkjOPQQDAgNIADBFAiBliRIP3PjQ\nIshmqnjjpuiEUrlzZt0U4Sisx7TV25hUWAIhAIUCkUiJX6gYcciSq4+eGi1EnfMY\nP/ZNMcFsj4aSj1a0\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBuTCCAV6gAwIBAgIUWU2RmoqLr04cvpL5pRymL2nD69YwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABC+vLbhDv+E7SerRQm6FlMua9rUFLHawXQJgn9lTiR73MGuLAJNw6CG6QvQR\nRGXItV3ozRnQvkgYHCDnD1GRR0+jYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFMIDyNqi1VlBlSa7vWnqUIVcECjWMB0GA1UdDgQW\nBBQ1N9IsTKcMmdePofqIPZO3tfzIUTAKBggqhkjOPQQDAgNJADBGAiEAonpcS6Hh\nrORWelzKp+Ps6t0e6NFhWIG0VSX+VSC2ubgCIQC2okTzUiWZzPgIvjBIUt2mvfdm\ndFY+Z3n52m+r+pbr5A==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUajaW6tuT15S4uGrRdphvV14yd/owCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowKjEoMCYGA1UEAwwfaW50ZXJt\nZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMjBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABPQSORMNLUM05uAnxuJOftQ39BBCyhpG0PliFeh6yUeOV8AgG+rZHx467bSA\nQnrJ0XKGIbrTS7cLMbJMEdZaiimjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFDU30ixMpwyZ14+h+og9k7e1/MhRMB0GA1UdDgQW\nBBTCA8jaotVZQZUmu71p6lCFXBAo1jAKBggqhkjOPQQDAgNIADBFAiEAi0ixgMUt\n+TkQohkYJZXHhsZAj8SQhMNyCTmynjizmV8CIBm//bVXageixxwnUCJ1zgXHYijp\nNExik5MosMGzgXBK\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwDCCAWagAwIBAgIUEOw3wWht84hInXmo6zSlwYwb8HgwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhhbXBs\nZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR2Xr5MPkADJgmaMpj3zzf6\nggxr9ruw2v8eOPf8suDVpWBnnAY60ychpfgyzp1J5sPI6riRGj8Nh1j/skMyQ4G5\no3wwejAdBgNVHQ4EFgQU2WpqiGMx2MCpH0ANg/iHK7rmTdowHwYDVR0jBBgwFoAU\nrKdTOWV0PMfTRhSlHGX7kZxkA98wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUC\nICDr5QwmGLxj4IaSFu8b72jwpNWfQe1yiUxL0gyW2tNuAiEA05UiEc6gjxnfBOyT\nMyqlz1Y/3DbRQzsXvNF+qR+W/x0=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBvzCCAWagAwIBAgIUaxRqk+OcwMU+dz9CDgnIrdEjRJgwCgYIKoZIzj0EAwIw\nKjEoMCYGA1UEAwwfaW50ZXJtZWRpYXRlLWN5Y2xlLWRpc3RpbmN0LWNhMTAgFw03\nMDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhhbXBs\nZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ41N1n5xTmWoMhiHjh79yq\ng7mZVWaSDxM+lTpcrcGAr/Ktsa8IdLGBUuV58Xo3lKAzVVFOsJgeG7IwPrxN1KJJ\no3wwejAdBgNVHQ4EFgQUI7SzGeJvd7ktvJKr2ANJbsAftB0wHwYDVR0jBBgwFoAU\nNTfSLEynDJnXj6H6iD2Tt7X8yFEwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQC\nIE85Xa3cV5sHRZ1s6V0gwUAKcNr65ApP09bqJsd2dWkRAiB9WcXKeM8CsOuZ3I7J\nMZGE8rcmuud9NQgoWEQqj/aQeg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -427,13 +427,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -/-> (ICA <-> ICA) -> EE\n```\n\nThe two ICA certificates are from the same logical CA (same subject),\nbut have different keys and sign for each other, forming a cycle.\nNeither chains up to the root.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUIiYdLYuW0mvyE/G7R8DAQ/ze2tkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARF1XOrxkLR4GvlY+NFEHRJUFU6P8/tLpMfOU2j\nN7P9mrXf5FNTGIHbf4ubXYf6VO79d1dOl2JT+z+AKHyCU7SMo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUPkc0+CMyQHng/7SZmsiqO/ZrAqYwCgYIKoZIzj0EAwIDRwAwRAIg\nH5SoFHsCcQhFEAVfyYW8ijtuEIFwPASK+ybSOn/SgPACIC6G3560xignoKIIl7vZ\n2A/Wm8cT7RLtHQn6v7W1gPTz\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUFy/5rzl/4c9KrdsmG/bYi0O5A6swCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT7V9boi0/vEv0MHd4bpozBGn/w8mR6j1mlWBJZ\nQhV2YQ+TqjNj0bTn3grAjyIgmFqwocQjEHRoQODqw93//gmYo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUATABFU3DDTRKoQfHzW0g59FtRBswCgYIKoZIzj0EAwIDSAAwRQIg\nBu7LbWdx5cQgEunuyu5RVwBONRvuvBmkA7SH057X1eICIQCF4qgH1f7V2Q7py8aN\niOgTPzVxiGn6n6kfupwmY0xJgw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVegAwIBAgIUQx9EWfg+s2ReZ1EJRCVpOMmJ1OAwCgYIKoZIzj0EAwIw\nLTErMCkGA1UEAwwiaW50ZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTAg\nFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowLTErMCkGA1UEAwwiaW50\nZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABDDWLfwwvVELtX7nQYcV76ee4jIJ78RJ3ce+ELn6joNt0Oi2ymZ0\ncb7TE4H+Y5D22ZucTJ2VMWvRmlLWJkJ5xjSjUzBRMA8GA1UdEwEB/wQFMAMBAf8w\nHwYDVR0jBBgwFoAUrR+zC5f7X7Jkik9mdpL4RJXV60YwHQYDVR0OBBYEFAZe6UHJ\nIJgUpKY/9hLliTb4OxUrMAoGCCqGSM49BAMCA0kAMEYCIQDxL1LN5K4hNsuGsr6g\njQ9Eu4phB9MAqf+oMVDon2V+LQIhALGOghu0f4ASLxm5pG1ozv4sNDT2hlelM48X\nyiC3ojhc\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVegAwIBAgIUDmqCHT5c9NclI566D8bikFyl9QwwCgYIKoZIzj0EAwIw\nLTErMCkGA1UEAwwiaW50ZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTAg\nFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowLTErMCkGA1UEAwwiaW50\nZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABLqRAS4F/TZqtWheuqp1VDuc1MvJn6JxfiUEtxOoGHje4XWzuKV3\nnSrrq6TKA8Dzp5zHmR8KgLA9YbbrU9IampejUzBRMA8GA1UdEwEB/wQFMAMBAf8w\nHwYDVR0jBBgwFoAUBl7pQckgmBSkpj/2EuWJNvg7FSswHQYDVR0OBBYEFK0fswuX\n+1+yZIpPZnaS+ESV1etGMAoGCCqGSM49BAMCA0kAMEYCIQDXaXY9/dBtPtblAwSH\nCoPDrSU/BpZvjNNPfo3jlsSSTAIhAOKVf4IlQmP653xWXi2PIXnyMHmCErMiJpsI\nrmz9k7op\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVegAwIBAgIUEwlvKjNmel53zCJw0QVS+sotfFAwCgYIKoZIzj0EAwIw\nLTErMCkGA1UEAwwiaW50ZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTAg\nFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowLTErMCkGA1UEAwwiaW50\nZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABNvZfD46rKPufoEdVCALNj+TLk6hg7cW99nW7r384y+DecBF64q7\nOWbU5bkIpZLbUUpXbGIzt8rqsVF4nXEXsYujUzBRMA8GA1UdEwEB/wQFMAMBAf8w\nHwYDVR0jBBgwFoAUp0Z78hFkXHRRRmFqONqlPp2DaoYwHQYDVR0OBBYEFDbKpDHx\n0RUaZwAoFMAygAFCvQmsMAoGCCqGSM49BAMCA0gAMEUCIQCrGpTS5S7CFogDsksw\nsv2cOM8mIaQejozqmMSF6jcMOwIgPjZMK+BWkNzvFsMAoM5pNNBvF2KFhEwPJz1f\n3cNMcxM=\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVegAwIBAgIUdAvuG9lhG4moFoGt5deRFQrtV+8wCgYIKoZIzj0EAwIw\nLTErMCkGA1UEAwwiaW50ZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTAg\nFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowLTErMCkGA1UEAwwiaW50\nZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABBNYyiVKGwNbMGS7JLCELFCOAP+rWVHZhm6jZhBX3TFwAahvkWO5\nCPhTRAWc45znC80I5sVte3ejTblACd3zk9CjUzBRMA8GA1UdEwEB/wQFMAMBAf8w\nHwYDVR0jBBgwFoAUNsqkMfHRFRpnACgUwDKAAUK9CawwHQYDVR0OBBYEFKdGe/IR\nZFx0UUZhajjapT6dg2qGMAoGCCqGSM49BAMCA0cAMEQCIEU75rhV3DFM8AyulpDM\nujc24FSa97kuf4PLPE+Ce+brAiAjMe++DqAcc+blxpSZcSkTdTMyY4u4v3HUOLid\nJ6P75w==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwjCCAWmgAwIBAgIUSPS0w426Q/LX79xiA9TtVzvrKQEwCgYIKoZIzj0EAwIw\nLTErMCkGA1UEAwwiaW50ZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTAg\nFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhh\nbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASW40vb+6/GaIMZk7mm\nlhFYGWgdFWLIdVZajNoTv/CeL96JIIQT/222DKdd1Wrdduxp69LuaXPCs1hEqhMt\nlKDEo3wwejAdBgNVHQ4EFgQU4D6BuvDh6L28+7L19RvhZVolY/cwHwYDVR0jBBgw\nFoAUBl7pQckgmBSkpj/2EuWJNvg7FSswCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoG\nCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cA\nMEQCIE6vNpAqI9Ss4fhgKew5gQNl9JavBf6xBtwniuFa2kvIAiBvpLPFmn2LUeSL\n/VDr2YH27RFI4G5qLxnA3C6UUXGyfA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwjCCAWmgAwIBAgIUSKSHuWBX8GoibQabVJ6yr8h9kr4wCgYIKoZIzj0EAwIw\nLTErMCkGA1UEAwwiaW50ZXJtZWRpYXRlLWN5Y2xlLXNhbWUtbG9naWNhbC1jYTAg\nFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhh\nbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASUgqScBmFe4GHDejqp\nQt4SokttS9M3NlNWcyG/VT1m5sowWQ+o14ovgaVBBHOkhQSRuM1aCM5XFpado+1y\nJ0OOo3wwejAdBgNVHQ4EFgQUmsWP+Dqn3bH66ty71mP9vgJ/wUMwHwYDVR0jBBgw\nFoAUNsqkMfHRFRpnACgUwDKAAUK9CawwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoG\nCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cA\nMEQCIEWTYZRyvZVmOUhz3JEXu7remE9mlyr0X5K+ZyBm+GItAiA7+PMmH0y9VqoK\nHC2uB6W0HWy6MNubiPSIGR12qO84rQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -453,10 +453,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert has an AKI extension marked as critical, which is disallowed\nunder RFC 5280 4.2.1.1:\n\n> Conforming CAs MUST mark this extension as non-critical.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUJ7c7GGqzmALaYeTWIJebmjOOYGAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAStam1QJ2JFy9ni348tRLcfkClEVFA+Fuine4sR\nPGOGRCyAE/Yp2soHHRflkAPi0Zab42M/hRNIcM9DV2d9aUDZo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAi\nBgNVHSMBAf8EGDAWgBTrjE+ylf8jgyaQXerVy9ckhnAimDAdBgNVHQ4EFgQU64xP\nspX/I4MmkF3q1cvXJIZwIpgwCgYIKoZIzj0EAwIDSAAwRQIgCqyrCOmb34w/pWIv\nQ4Z9tCzgSf0hQnBYGW62vi7bgBUCIQD1dEbcTck5F4jLy/WTQwDFVk3IqrFJ5tEK\nbnSTymQ0XA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIUdW+v9pukF6dG4QSFNI+R8ZZ7d+gwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARRHWH0mQkKS0dJbMxcHi6OlRGfm6sBWBisombv\nSqjO9BerQw/7rlcjz08OLIWrwaa2ieh2k3epPM2aK7rBPOndo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAi\nBgNVHSMBAf8EGDAWgBSXvuio/IwIhDUXR5ti1g2jOqQ1ODAdBgNVHQ4EFgQUl77o\nqPyMCIQ1F0ebYtYNozqkNTgwCgYIKoZIzj0EAwIDRwAwRAIgZCMKx+IcTaVire0T\nVJDrvCCdjNozYFc8Nm2of6vkDZACIAvwon7P9bVZyFS7SL01G7q4u8Uap+lSDZNx\nRGF5gtwH\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUSfh2F9zYRtGcm3AW4kYrdsQPmRowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNnk8fj1hkAAdeoAIS1jATPtgIP9uzD8Z5q6ft5iJqVD\ni8TYC+w+rWJXRDcsObDLpOZxeOd6h4PyXnYrw280bdGjfDB6MB0GA1UdDgQWBBSO\nVjINSfDNfNxOkFDDKab2KlURYzAfBgNVHSMEGDAWgBTrjE+ylf8jgyaQXerVy9ck\nhnAimDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhALVJGp7l+OiN2QqqvU8M\n9fYNHSgiBzEh8Cs819CilqBDAiEAimO1mu8TpG8dtKRGYAKreyneFwvbBUiVZJmM\nxbs3rUk=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUMPCedjgeo8gaRVoFRvMArRByPuIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABPbgl2Qq/bWLbppWZXSV/wPkCEAOeQQ83eveWul0K/1H\niUv5uZ9R9blH19+tJM4MAM2oVqgQNuHah0JoPAHfVPCjfDB6MB0GA1UdDgQWBBTy\nUDaTkMvUSFek9jip1ch1ecmvnjAfBgNVHSMEGDAWgBSXvuio/IwIhDUXR5ti1g2j\nOqQ1ODALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAIeWv6QhImr94TgesD9i\nwXwUHH00ZCHuvRriWEVxndqfAiEAmwH16NCeNBj4WZonVe7Kp6rn/pjUwC2jxk0f\ng/dFgvs=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -476,10 +476,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert is signed by the root but missing the AKI extension, which is\nforbidden under RFC 5280 4.2.1.1.\n\n> The keyIdentifier field of the authorityKeyIdentifier extension MUST\n> be included in all certificates generated by conforming CAs to\n> facilitate certification path construction.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIURW939yOWzGI3bHtQ8Hh8DtCGEO0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQuo2uK9s6jKY8JNdnueEA2pqySG3ZeRkedP0US\n4UoIF6MQ69YoBbQM250NnHARZvqrYhEyh9vCdO+FhjGmXpqio1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUkQe3TOJnWKV5LXeGV57r3BnveSYwCgYIKoZIzj0EAwIDSAAwRQIg\nUYrk9Cfw3tSOfyCFXLbgLcg6y686P2i2d7HsU19pD28CIQD84G0p4SFbYgtWx3CR\nihFVdE5RbkXZekTmywn9XIK6rw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUBwM8N36YyxtGDtb99FKycjf60z8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQlvcpXI1db2xEECMCTc0CfwiVEEVcN/u+mXWK6\nLRysHKO1do/hoVELmfmIf9wW52K9FGjO4nV/HW2dDeTf2THco1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUaLm0Etms9G2CTQVbiKvmfBxWGeUwCgYIKoZIzj0EAwIDSAAwRQIg\nRHJw/aOGviIcrZ5iggtAC2rt+RdaZr8Zk4d7w5mWxgwCIQC/Yb4pYhHy3VvmmreN\nW8QtpNnwDrHwSlHKISLu/NsuPw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUHcNBQwIkawrPC13xKGt4xCtS6RMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOvUOeKm+SWwBtuGMxK7MBXUZd8jylHxXsiVbO7tgTpA\nhQNQXu9XDWayx0j9jMOMB8ihW0KJ8miH5rNKZ0Wur4SjWzBZMB0GA1UdDgQWBBQQ\nlzbZmIL3c+DoiEUK/zYxwK4A5zALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB\nBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIg\nVf8F3HCCIhIVI7FVRph/kUC8PTf5k+5deeRBuXC6ZIcCIQDDciORAIxi0EXOlIYt\nONZKfj666/hFnN7DIniDwx8Huw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUAid4W7FcuY2U+YOQV72ETIdN0AwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJ+huIkVinEyU94ir7Hn4KQpS/FGy9HcnCaLmvNZ8YZ0\nO26v+13GUowxNriR1iokIFNNQn9dyTB/NaDGWXFqNdOjWzBZMB0GA1UdDgQWBBSV\nvFDFDI/SgjNFz3MPeZ3BhVW37jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB\nBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIh\nAIfR5e7wlQ2U3S7vPIKr8+vE0Q3C+dibggN5yqaT/GZwAiBPgZG6XcvEF8tuM1vm\n3EmyUYIaf9wlzpO/8Na2mQIt4g==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -499,12 +499,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> EE\n```\n\nThe intermediate is signed by the root but missing the AKI extension, which\nis forbidden under RFC 5280 4.2.1.1.\n\n> The keyIdentifier field of the authorityKeyIdentifier extension MUST\n> be included in all certificates generated by conforming CAs to\n> facilitate certification path construction.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUZ0khqcuKsuSzc3qBT2kyJjTjTC0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATYt9vkLLtg8l6p8LG72WfLGYZs5tUS8eFC0IAL\nzjwxt1CAX2n8E77gNgGHWU2Nzgve3DAf2V055W+rqGlbguldo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUF80KpdLX/7DC4dlgDwhRmr7i9D0wCgYIKoZIzj0EAwIDSAAwRQIg\nYmy1zDI39B1Dbe0jewrkK2e4UjOrusytLZioG82SgCcCIQC05GojMP2wCBlp3th6\nXiB2gZpU54KHVkTCDrMhDxZ1/Q==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUHyRphBW2oPYlwaDdZ2G2eDIbrXYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT7yDQN6tM9oBBJb9SXbANvHnf4ocA7QT9OIHRv\n9iHC9ROhNqW/Tkt9tD/HDJKX6Lu3pEORCWu18R/BG/PiX/7Xo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUm1LZ0B6h8PE7X98xJjWmjIo27vcwCgYIKoZIzj0EAwIDSAAwRQIg\nfL8J9ngAv1UIum7jgpZc6S06l/t75yb90y7XwgurHv0CIQCMg6P3ZP9fm1m1penP\nnXeOxZHQN9lXmPrGfJgTto33GQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB3zCCAYWgAwIBAgIUdbv8XHEW3SMDCsZ5OOYh3kKFtG0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA1ODk2NTY5MzYyNzgwNTc0MTI3MTEz\nNjkyNDQxNDkyNDE1NDY5OTg3MDE4MzczNTcxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBFfNO+QlZGlvj+CcQSSXBm/jKT8YB1ZQBopoxVGgM4oJlnkhq51hP1wE3ZVTZiMG\nUVNovhfLjeKkzx8rxR9VgVijWjBYMBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBSs4RoKcQjY\nlERspjv/bm9z3rWKcTAKBggqhkjOPQQDAgNIADBFAiAw1GcYSpdor1eWj5beSCsW\ntJe4ocMgTW9s3x/mu2gmPAIhAL/f+TOVcjSfUTXIZRAXSgqdXtvIl4ue4yK8WRIi\nOt3H\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB4DCCAYWgAwIBAgIUMYTlAh79ZTPQ4bb4RKafMthQRVEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAxNzc3OTA3MzI0NTg4NDM0NDY3MDEx\nODM5ODExODk1MDg1ODkzMTEwMDczNzA2MTQxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBOR6pkOIxP4N8Ap43v49vCd3rWx7xttH/QmXId1EYHTE+o/dK+Kq5RJdMUD+SZup\n/5AToirl0vuDj0zLN6U5QkKjWjBYMBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBTaQgV2UDxc\n5MXf8jF2vfsGmwKe7TAKBggqhkjOPQQDAgNJADBGAiEAm/84zzYzs9dwODV7DQJI\n5TF1D/uCFlIuOi7tB+fz3koCIQD3ftmeTyMYHn4bt4HZLE3ckb6dsCQ+MlwK1XPL\nVGopsQ==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaOgAwIBAgIUZZ3QsBsU2WWhxHOt6hXOS3tAgIIwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNTg5NjU2OTM2Mjc4MDU3NDEyNzExMzY5MjQ0MTQ5MjQxNTQ2\nOTk4NzAxODM3MzU3MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqjRP\nOMN8wQty54SuWv4h0jtdpIFPdhCmM8BFWRlk4gc6WFBAHMGY+dKHpyezeUlUlBzq\nokVthQ9oe9f8KNeMKqN8MHowHQYDVR0OBBYEFNbSd+O3Ud3S3m2aug1Uq4cAiU/N\nMB8GA1UdIwQYMBaAFKzhGgpxCNiURGymO/9ub3PetYpxMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNJADBGAiEA7F3sYxASG2D80DJM4bBP1T/DcqNWCtJ8E2Yi/rczpDUC\nIQCn0BsGF+mAPGLuXspIqvFsTa+zYCmqy7qz3jHTBl+rOg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUbHexGIvpUxYLSUbbzeB0qu4KWiwwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMTc3NzkwNzMyNDU4ODQzNDQ2NzAxMTgzOTgxMTg5NTA4NTg5\nMzExMDA3MzcwNjE0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAZY8\nk7rdjDa55bzXN+KMz0bxDQ83vDMy9XiJi8p6Isy6R3VCBGevu+LsQbVML7NjQOH1\niwC+JZVQ5bKkoqbpHaN8MHowHQYDVR0OBBYEFPM6aPMHLChcGkHpXFR56xKaC+f1\nMB8GA1UdIwQYMBaAFNpCBXZQPFzkxd/yMXa9+wabAp7tMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiAM8+rgKUeLMkiaxj67c3mJjsuQzaUOgDe8z7RU2NEadwIh\nANlbPtmBIwSWKou/uec4CWWYeITkAqcZyWWCcYH5QVjc\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -524,10 +524,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert is missing the AKI extension, which is ordinarily forbidden\nunder RFC 5280 4.2.1.1 **unless** the certificate is self-signed,\nwhich this root is:\n\n> The keyIdentifier field of the authorityKeyIdentifier extension MUST\n> be included in all certificates generated by conforming CAs to\n> facilitate certification path construction. There is one exception;\n> where a CA distributes its public key in the form of a \"self-signed\"\n> certificate, the authority key identifier MAY be omitted.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUdudvJ2dxt1uEsLRKtKjIpcTaoTgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQTNbirodoH2uUy9xrBt+Iyfbah1szLLMXNYD/b\nQv8ytx8GUjITNmiM/2mY9PkB3Hp3f8Ow9zVYCpzjff6mlP++o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUhVkUr8r7exobo/rbF9PVpD0IQnIwCgYIKoZIzj0EAwIDSAAwRQIg\nVrfEShDnjvluMWvLY+79mgV8J5mgRFiS3w3+8fP0CnkCIQDvsWjkMMSoZpaVDH9T\nJrRT5+7+C53iwKTnq/wlfa1D7A==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUBul5/U858zXm4WekvuGpIrAWh8MwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARoGXftGbGlvUuKqR8lxi/SRWVr/iaDcqfgT4IZ\nsrEJj60wD3XCrK5m66J/oGWdvynvpOSwZbC7t2XXSEegBnYyo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU0FRJucZXI0vFOh2Qd70w4CaWjlgwCgYIKoZIzj0EAwIDSAAwRQIg\nbH0jP22pzzN+afXwoSrTKdYigqQGA9jFoO+f0MHnHE4CIQD5q76NHn0mjcxNalJa\nP4XGAAqcBQ1MhMTZ20nWQ3+n5g==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUKeK5goNP2raW7TkmSec/vcHjK1QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABKUoETqpifHcB3ug6hle50UL7bpGgUkZdoS2CllUA5PP\nWlhZ5mVUbMx4EWTifGSy9hoLmjQrj+0FE7d5h5Ry3sGjfDB6MB0GA1UdDgQWBBTs\nJuzvCvTLr/ZYAuPXOWdwvqXmBjAfBgNVHSMEGDAWgBSFWRSvyvt7Ghuj+tsX09Wk\nPQhCcjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAI5VDWAusq0diTqRVb+j\nz/kjKDXf+32C4wesJJ02Qw01AiEAnWuvNL9DjwJCSlPY8zi7H2z+5RNZ/iSeku8Z\n3TEURT8=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVagAwIBAgIUIqLloZiw/WT5aR1fg3UTVuda4NswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJ7AdIotyefTJrsdFAc73wpx7iHIG4tED94HCiDkJEMN\necP5u/vgFthpFlI36Ez85A92VFtgdRwdKRFnd/MaCfWjfDB6MB0GA1UdDgQWBBSl\npERuWf1BRlpi1iPUHYv1bKiBuDAfBgNVHSMEGDAWgBTQVEm5xlcjS8U6HZB3vTDg\nJpaOWDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRgAwQwIgdgBnfdSLBCpy+HAm3Ps+\nAdIkXc8xepBNCAh8KkrCKzACHwrUrislFRPsyeVRcpViTRXvz7nHAnrjmTV0tIky\n0BA=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -549,10 +549,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root is cross signed by another root but missing the AKI extension,\nwhich is ambiguous but potentially disallowed under RFC 5280 4.2.1.1.\n\n> The keyIdentifier field of the authorityKeyIdentifier extension MUST\n> be included in all certificates generated by conforming CAs to\n> facilitate certification path construction.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIB3zCCAYWgAwIBAgIUa/4ZKpZXZ63I5l2j/zQZ+UR+Uc8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA2MDY0MDg4MjI1MDY5NTYyMDExODM3\nNDM3NzI1NDY2MzI1MzY2NzIzMDc5NTQ3MjQxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBFyVYJlsbJp/6OBLdq4W55feKvpSAfkg6l9sYfPVblAd+4bYET+0rEm2tuGyh9NU\nUpRl/2d5keo2dbT0NfcRCEujWjBYMBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBQWt0z7atu7\nSwXTW+Ef38bc2P+UtDAKBggqhkjOPQQDAgNIADBFAiEA/phc/T9gV+SsSkN1GTyy\nXVa06e4vxisMUNj4t1SIUOUCIH3aoCuqM1ybtGK9dJbrR8n0qMKFWy+MCBOPfc79\nEfaw\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB3TCCAYSgAwIBAgIUYYOLpGnMWQXYyymG5ywgsNdYHCEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBmMTgwNgYDVQQLDC85NTIzNTMxNzM2NDI3MTM5OTcxODA2\nODU5NzQ4MTA2MDc3OTYyMzIwNTA4OTU5ODEqMCgGA1UEAwwheDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nkBsOekrqNG0DkX6YPFIHBOvQbw7SPHzkgewd3WHD9ejMglrzR52UDgMEWzwtBb4P\nN3ryXDu9HtDKYGSC/Cmm0qNaMFgwEgYDVR0TAQH/BAgwBgEB/wIBADALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFOUAcs9fH1TK\nTVRG3239/Z4hl7wOMAoGCCqGSM49BAMCA0cAMEQCIA9iSsC0VgPoEXgr4LkeB1mq\nXKiZqZ0G0kMV4IjnjjIOAiAkOxXIA5GuhEHT1BOV8cYGQDJFHu4KpHbbkKE8iZbF\nhQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUPSmHIfVz5ML5sdY2UO+pYsAHhn0wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNjA2NDA4ODIyNTA2OTU2MjAxMTgzNzQzNzcyNTQ2NjMyNTM2\nNjcyMzA3OTU0NzI0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfs3n\nnwqm89E39+bYgC7WfOpbMwz3PlXNhBbp689VrfZMCgQy+Ncp/eX5q1cuBgool0WF\nJLKUX+pEf3FPydWpE6N8MHowHQYDVR0OBBYEFKO+jHbJpG2iLAf7iYeetRvZHluJ\nMB8GA1UdIwQYMBaAFBa3TPtq27tLBdNb4R/fxtzY/5S0MAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiAzlulSF0mApE/XF3vswc3P9fdOiBkHhPZ9sig/ws7uOQIh\nANrfw7xutsHZFgoD4Am40hmkMTkMVYEt54DcJmvNNkeS\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaKgAwIBAgIUePq4aGkvLQE2wj4nRRhghccU4mcwCgYIKoZIzj0EAwIw\nZjE4MDYGA1UECwwvOTUyMzUzMTczNjQyNzEzOTk3MTgwNjg1OTc0ODEwNjA3Nzk2\nMjMyMDUwODk1OTgxKjAoBgNVBAMMIXg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tMDAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIG\nA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS3GrMe\njRK5xHdDsz3VvxWiUQYwWHuiytzv2JC7suUCU6fB1wJMCyct2tTqUkWIjn/nJTLm\n4KZM8hN62WJgYRXdo3wwejAdBgNVHQ4EFgQURGSMMab6yKHh7svzBOlad75SHVkw\nHwYDVR0jBBgwFoAU5QByz18fVMpNVEbfbf39niGXvA4wCwYDVR0PBAQDAgeAMBMG\nA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqG\nSM49BAMCA0gAMEUCICJRKVVOP68LU6UxJ7DbUGDGQKeCLHFwAFsewLBVebTEAiEA\ntvVbNDLB5nbLFvb9o8SVOEGBo2UTeMT6cNFQTW6mT00=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -572,10 +572,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe chain is correctly constructed, but the EE cert contains\nan Extended Key Usage extension that contains just `id-kp-clientAuth`\nwhile the validator expects `id-kp-serverAuth`.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUcYhxIFsaDIdn90T9cKevcBHnz60wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARhYvrfM4hZmLOGO29nOKntVH5IeufugY7wuHcr\nFvRPjzDeRqD3z39WEOJx2Cm9pkrnunhT0xMGqCkaYhUPymndo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUsc7xC6Zp5WiKLib/N9aaB4O7rUIwCgYIKoZIzj0EAwIDSQAwRgIh\nAIfHGoumcCGO1t3iiJB7iAemUx1l22brhUvwOzCkjYh/AiEAkJoxiiYEKpZwhfKa\nHJNz6VjQ4aynsJN0VOcLzGKd1pM=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUItge/X+axspbrBxQUKKf5G+DIhEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARVfbrRuGO8jE48kUdMEgMHjG3TUrVNv28fHjp9\nFE+HzPBcaibvrTDd4KKZCBEqtCBlubq0yp4kMIo4DnfD8dSYo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUHzB19SnDf/wmP8zbFXv2iL+42L0wCgYIKoZIzj0EAwIDRwAwRAIg\nG1+SA14hNi293hwe3pJ20jVheQczzv+upx4EmcrZm0gCIH3BtkFXmzSjdx0u6a5Y\nv2SpCWOZSTLfeoHBjyTnCbYG\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUNecCg7pmFWQ0RXvpWbqjio8lfwUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDY43jJNjwxHCV16qMI1Z8cgmiY19TP2s5cpJrSI49+d\nrKiEhG4uoCbKUZnkZ9qDb0Y7OnRPpMUi0Ke2vylUrxejfDB6MB0GA1UdDgQWBBQU\n4NAz6znp4zUM5ftuyxxGoMxr+TAfBgNVHSMEGDAWgBSxzvELpmnlaIouJv831poH\ng7utQjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAOVeQ4okXq+Tdvin/UYO\ncD+lbCJm3Xx5Uv+cgBCOaJ4GAiEAzXopkjQhv8taLb+iMMNwg8HihucF7IA3jjZT\ntEKkZQk=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUIW8c0azx7H3Ju2jbfK0Z4a3Da5owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABFKH+5OvUdFjIyhfFdIHrfWpXTAeZxHY9+C+g8WNxcac\nY8HRpmFQoBZHTPS3IXcUK8WCseVA5PDR3Sle9Bbe+EGjfDB6MB0GA1UdDgQWBBTs\nmXc27AA5Atu08Y6Ov+aywUw+ODAfBgNVHSMEGDAWgBQfMHX1KcN//CY/zNsVe/aI\nv7jYvTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAJp4a7AebItbZ4pshp99\nOaE99+4PpoOsE1PKmc2Nxj8VAiARo7lk4F4kpWhFkyRYrPcz4jrW+kwZNzKzQHXd\nifeziQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -599,10 +599,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> EE\n```\n\nThe EE is missing an extKeyUsage extension, which is permitted under\nRFC 5280 4.2.1.12.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUYksmcj3F9wiBN6eb0Hmigtx4CEkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS8L/twL5pfof01EJ1u2MOREH/pDqTVpO845q2F\nSfsxg3yybhVQvxwN1dsbhdAHHUAYE4bcRBOwSiV0+8i2U+kZo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUjW6QdOw9AdHYoqo2xN8k07w2s0IwCgYIKoZIzj0EAwIDRwAwRAIg\nELKoHavHPlyf3nvCvK9j9taUJMlOPJOOE1dOs12j/kYCIGuzpvKkuSnhMH78A2rV\nZG5+ZEF04jmliuUL8Dbi6fVx\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUC0NzprdxA1jTtftsfc7ZABlITKQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATgrKZoDqijubN+dAtVOlFuOjAF/q9CPF1yogTU\nbx1/08h89T4dBQEQDrjQIMNEkdUODRrYmjxx36YOfPYO6gG1o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUeffhmCbXJlX2lHGxmOWVg1I5Eg0wCgYIKoZIzj0EAwIDRwAwRAIg\nNgQjap+HK1pIfH5B6+SOj9n/AJ8NKN5YK6eki3Ff/bACIDDb4g6CQfMCNNSNPXd+\nFGlcjbuHPVtQa3l200ZI1yba\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmzCCAUGgAwIBAgIUJ/weY7ix4j17XaWASutOy+2xQWYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJoXjweZq0A0SYkcRVI5+CdaqP6JmNI/HGa+lu0YTImf\n6dDamjlVYCiN8zMvMlBsKdPsb+tbi1ztXijFKczrtcOjZzBlMB0GA1UdDgQWBBQ7\nOSqLVEjQXxLdOqws3T8u/jhzZDAfBgNVHSMEGDAWgBSNbpB07D0B0diiqjbE3yTT\nvDazQjALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZI\nzj0EAwIDSAAwRQIhAMjag0alAR1i+m4n7DOvkXwN2RqY2IfOJmbw2V7x6ByGAiBq\nXEhYHkqgi1Rt4yOngU43FKOuL1wRBlNNnl/DFHpTCQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBnDCCAUGgAwIBAgIUBJDMB3LqRb4i0BGMRd2XYJiVE9cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHD5CXDeC+yzMuDHokQTUZk7OfTNS5+2lCF3tt/QtBxG\nvBgbHwGK3xqEZNMYCJOrUbbsRG3uqMFTAP1LNTs2d+SjZzBlMB0GA1UdDgQWBBQL\nqQ+n4zSQrayNfcvdDOsWhogkijAfBgNVHSMEGDAWgBR59+GYJtcmVfaUcbGY5ZWD\nUjkSDTALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZI\nzj0EAwIDSQAwRgIhAIf20gma/wknZ1xoO7ChXnZs7y0johqwuvLCphuuHXAcAiEA\nlJY3RAAPx8HHPbMsAfoJU40a2w7qupgS5gx4h/2sJio=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -622,10 +622,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName\n\"example.com\", whereas the leaf certificate has a SubjectAlternativeName with a\ndNSName of \"not-example.com\".", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUfY2nb9zUMC0kKRpdEBv9PMW8gl0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ0Gt9JVJ0DV7MULymUU6OUZdP5tuQiiymW55ee\nLVWCMcpYMa9IovWRJ+zwqVDbQ8xQuhlkemFYU/kP+5ZQV0Nbo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUXpJ7LxsutJhGZgsP/HcE5Hfub1UwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIEcOvQ/dYMOU+YPpCN/a0jrW\nTd7vaylc/QeIAtw2B7JAAiEAntWbYOMXD5bmX5+/KAoFTOtj4J+Gifvgyv1zegQL\nFLY=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVSgAwIBAgIUdQ/tqkP5bdRGXTnS7EmC37E2abAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARDWqS/zCEBTS2zmQJAK3T1b75rSeentk9MKMlK\nfDCxi6B/Sb8EssHcpN8t8M4WA0ErBJ6ELqVhsVKKFHydn3JNo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUkc9sCyM8Cejr+kj7u84zLoDswGUwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIA7AdjOVmEwhDnZP/iDcK0P9\nxTYOx4EdQmN6+RF2ck8PAiAJ7gcc3wT3ts5WsZt7yCPp2DekOEHP9LX0Vg69ynHn\nCA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVugAwIBAgIUIb/Dxkn/khdzro2wzTpNNgYlrE0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABEpU7w4Qi2FXgeTZmRwcs407gwukuKbBPSA6w47SfSwT\ny6GQ8GlEjHY/VJBYKMsoTzdJV91HlUq8znsy/XmMkaijgYAwfjAdBgNVHQ4EFgQU\nitnIyrEHDRqKm/Roa0QAjovZtV0wHwYDVR0jBBgwFoAUXpJ7LxsutJhGZgsP/HcE\n5Hfub1UwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD25vdC1leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiBJt3EJjnbngHUd\ngjFHtjKRUi0LjpT63e+KlllJEaFONQIhANdaEPg5kWk+J01U3YGfzkDF0vKuToek\nJbXqz1VTNmt0\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVugAwIBAgIUVg/4JPXCB6oTu+23VwqKt0BrPyEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABEhCYhsA+8oMHJ2ZezNQ/4KksB02M0iQado+wjF2X7Ym\n5FHL2iD5Ug0ApL2h/YHsOU+5AeqIehuiummc1xKYWL+jgYAwfjAdBgNVHQ4EFgQU\nvVeHf0lGc5AGx1+fogX1IQZDT98wHwYDVR0jBBgwFoAUkc9sCyM8Cejr+kj7u84z\nLoDswGUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD25vdC1leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBuexgo7DWwWWvF\ncfXNgFxX3b8ZhjjPEgaBI8IkxfP/3AIgbheC8X7tOtrNyyTiod173FrG0I+QyPyh\nNs/BuEZbcyk=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -645,12 +645,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA -> leaf\n```\n\nThe ICA contains a NameConstraints extension with an excluded dNSName of\n\"example.com\", matching the leaf's SubjectAlternativeName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUVBNSAeYMql5Mi41e0HE573FyeHMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARwL5k6jRF9n7rp8gOwpj5uDcFtR9cAzHOECx8X\nESlmvWBszrhqY7MGyGrDiGwh3SJVn6aBy2xA5gNC9quheOrao1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUw3iOFdGvdQDcnQWRDLSPRdfoppYwCgYIKoZIzj0EAwIDSAAwRQIh\nAI5ElZdh37///9X6nzghGkMivnS0BaeSSKelKh0nOUd2AiBjm8GxgK6kKDqhJ1B1\nIlnZj7EiqNC6Zqp6jxuVWa7IRw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUKQVezqcgexEonVSkW9/nEC6VnawwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS6DekYiFNqu39uwOGr0avpWs9giMqN0X59H3+w\nc5Xppeqo6/R6ew4CMJtso9a1TdtTaaUUXUOb3O1bhWJTRvcKo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUIc1M5NOedZNib4n+SXwC4X32r24wCgYIKoZIzj0EAwIDSQAwRgIh\nAPcB3S7/HsER0WQXJkjtUObVpJg61ZAo1FwWwO7p4APqAiEAjyDisoKglBWdjwNQ\nVBmHAFCKXKwla46uDeLqiGJOHJM=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICIDCCAcegAwIBAgIUDAtUcoet1T81Eribkj+I+g4+0o0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0Nzk5ODYwODI3NjE0OTE1NzUyMTAw\nMzkyODU4Njc2MTg4MzA2MDk0MjA1NDgyMTExLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABOauXdUDqD81BuWO1lJ71qUQ3HGQmgFGraOSigrUtAkojEEl/E3oonjWp1Yy\nA77V4wt5GJsScOkoL/iVerC57dCjgZgwgZUwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUw3iO\nFdGvdQDcnQWRDLSPRdfoppYwHQYDVR0OBBYEFDIAueiL0nW75HfQZn2Ny/Sd5MdL\nMB0GA1UdHgEB/wQTMBGhDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBE\nAiAxDSjFBWf3+8D48LbsJqcQzUxv/QedQln8aR7sSoQ95QIgSgHkYnVU1WtWlWHa\n7kjEFLF+SXldFFtF8ALzLrFxyTE=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICITCCAcegAwIBAgIUUS18MhG/GtPBEl/1gwyooFaqQZ0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyMzQxODgzODQyMDQ5NjQ5Njk2Nzcx\nNTg1MTIyOTcwMTE2MDU0NDIyMjk4MDQ0NjAxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABPpSapPuC6kOb6RYF8wojkpwtx+Yzir/+fFyC89S8MAnLyTsboHMAtrXcuJ7\nuj3OofW2VEMIAlxcj3wOV+HdlEajgZgwgZUwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUIc1M\n5NOedZNib4n+SXwC4X32r24wHQYDVR0OBBYEFEqs9e9Q0g37ivedwcama9jbPKXp\nMB0GA1UdHgEB/wQTMBGhDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBF\nAiAZJec2mEVPfGWFm1XkWNADrsOWap5QFhmFjBEWTC/7swIhAORkE1gV2I+b+fSg\nRzHcT+/q9izpOh4XFAXnUeiadqRk\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUU00RklsV/KE7TAbBWgZCr8ZKA00wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDc5OTg2MDgyNzYxNDkxNTc1MjEwMDM5Mjg1ODY3NjE4ODMw\nNjA5NDIwNTQ4MjExMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nDj+V+TUFtruAQxFXeBX9NptVCQn2q000k0WHpRCTgNuYA6Cq0vnTFB+GdolPEKkR\nXNAf8pfK0YQXsxokrY5zXaN8MHowHQYDVR0OBBYEFLicrFrxU8aknWvL9UarLoyG\ncJ2xMB8GA1UdIwQYMBaAFDIAueiL0nW75HfQZn2Ny/Sd5MdLMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEA3c/3yUE4twyLoxy100R8pEScFU8jguj010upE23Y\nfV0CIQC93K0HUVwQPQl1rHWmlxDyORDlw2w6DUYiFW5c7d6d7Q==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUbvIQDbBEPiUuveaaYOnmTdzKsLMwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjM0MTg4Mzg0MjA0OTY0OTY5Njc3MTU4NTEyMjk3MDExNjA1\nNDQyMjI5ODA0NDYwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nvi0uxyNBf6ZPhW4NGvsovoUjj/HUBiVCE9f/UmB0WPPZyG6z/gbfKHAj9iMHD9Cg\n6wky/7+8h0hPoSj9c4YueqN8MHowHQYDVR0OBBYEFDmD8wETdxywEyHD1iQUKA+L\nhRq1MB8GA1UdIwQYMBaAFEqs9e9Q0g37ivedwcama9jbPKXpMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiBegOIEXvTaxjKTbZKcKJqJJuBTrOEKFoox44pWWftm\naAIhALTaqhza4LhDWXQWXvIRx3p/8u/b5rW8Zz+Y/hDWuuVv\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -670,10 +670,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", matching the leaf's SubjectAlternativeName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUZkGenao4Gt4h+okIp8IffbBMP/IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR5lNKeldk47EpZY8QazvgLTTj8oEAAXABL4YTV\neuUg/zlB78a1rp3DiLaJttCzKvwwGUbxzJeIYk7LfbFrEbWro3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUewf8nR7UaAzvymtGcZGea9s4bHQwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIAhgUFIdeOpsW+xXNcCiAu7I\nSc+4u4T86+x8iHYTZ//vAiEAmoX2wbxJwoMnfkfOv16M6xmQf1a+Mea6a2z3Jkj/\nVXM=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUZ/AFS9v+/Juc6w5SMWEp8DGoSAMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQmgSqBl6j5yrELdTheX7n35amW+7agQcxIyXJi\nvNay7nAesb6pJSPtmXCwqLPzm+81FcOy7J8a/a5kbmfmUtz7o3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUx6Y9NmJsaKeuQOD2/ZINZ6RfcvQwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQDh4S8Xw33DVuc1rEFHUI66\ndX67CWqVFM9MYA2r0fhmhgIgVWykouraIgP4LucDlBJkJcUWDwIWcj1Sy+K6WXEO\nCz8=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUBI710PHmZjoX5jsl6JWE8ZxXKk8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJKuk5JTkp8X51+gFtPaOeewg6B7fStbxrLGMPxqrUVg\nWgz/h+y7nSdJUuFbl/2GZjf94GpdRCbRYLDDefZ+D8+jfDB6MB0GA1UdDgQWBBTo\n9RvUGKZpv1iuR3LlrXxs38sGVjAfBgNVHSMEGDAWgBR7B/ydHtRoDO/Ka0ZxkZ5r\n2zhsdDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgTLZy7QrZfdm5RpGUsbEe\njhdYst1p3uEqLjrXcV6/eSsCIQDPOb/0nJJ5DxtP6KiwzxP6Lje8JBZPAD8mH+PK\nL4fUQg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUV1E0gWOnsdakY4nh3L6s7mlBbE4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJ6rpef+l4By1P2mjh+sX/tk9MwiZa/5wXUkqLjmhzTB\nr/GuhFGZjjwTlAalXDr8A9XFyTW62nrktMWeT3aJWvajfDB6MB0GA1UdDgQWBBTp\nlhR6OGUFzNXYsKVc4t05e2YZ0jAfBgNVHSMEGDAWgBTHpj02Ymxop65A4Pb9kg1n\npF9y9DALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgfe7nds1LgV2ara1A1xeg\nnmPV874l20DB1Q7tR5AX5K8CIQCjdrXsuJvKJttIQY5Qx942uzOkU4GLEBQ36wCq\nwQRHdQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -697,10 +697,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", matching the leaf's SubjectAlternativeName. However,\nthe NameConstraints extension is not marked as critical, which is required by\nthe RFC 5280 profile.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIUOTQnOE1u9Bhjn51choUrQbMyRYQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQk/CZAqyY8LpOx5+5X7khKkc7ozdDEvavaHTiM\neyvxhO/hzx5y9bVjMVr+3VRT2wDEtCT09uYqgf23kLHGLVcFo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUm98R4DHj9pK1qCUoAFLgZ2iRjJAwGgYDVR0eBBMwEaAPMA2CC2V4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQD7OHzdOsDa0BU6T8TNn7o3RZ1U\nGBhBcm3w2JzpsSL3VgIhAL/5cHD+E7TFgQaC0ia/SOzOAR5nSxbUIOFk7Dm4f2Pt\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUOfMs5hnyOlaAYzCjHdBk6wB1P+4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT4bYJNcHBUx6GxP4PbCkkSdT/a9uCANjYcsGiw\nVK5eeJqEq0+nxhYBttBWnxNWiwpbOph+3BqcYhwvBHSMEH5fo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUo4a9GoMBRvrUxI/X56xKpX6+XdYwGgYDVR0eBBMwEaAPMA2CC2V4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQDjXjTvEqyZRMpqBCwZxf6gHfG7\noN4vshaN59rAH0MkfAIgMpCYUtcjlBBoKKCeNMq4Puh5eqLkscQwPBsDsx4LKFM=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUIlBhinzIpRJ5xJmG0zoq1xsz7EgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOafz54zKll0qiWkg4fgC5UWFBl5YOFf8JCwloFII/nd\nRfsq/Ow5YoWQ4Gp9gHqbK5f46V37tGc8aXlf+H5CecijfDB6MB0GA1UdDgQWBBTQ\n6duIHaFYytNEF78mPTOlHqZs+DAfBgNVHSMEGDAWgBSb3xHgMeP2krWoJSgAUuBn\naJGMkDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgfe/eyN4Cvzbfcqo5owZr\ntfZlWAZDfu0wd0y1AwFht4QCIBlpfuD4d5aF6lr3sa2hRkBjCMuNpmzwzttylLz5\nWS7f\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUCvJh2LqX0ABgx0kP11KMP8hK+h0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGAs7bltN6t2VkqjY+aWOU2Iyrdjr5qYEdr695J26IRI\not6U5DXUhmtE+0wvR1CekcwZjr4HcDMre1qSUlUOz+WjfDB6MB0GA1UdDgQWBBTA\nspe1f8ftJaKsTaPIdTVjmGTGBjAfBgNVHSMEGDAWgBSjhr0agwFG+tTEj9fnrEql\nfr5d1jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgGz0Y8/+uAzsH//oHPF6a\nCq6zadUAx24vc8tek+40wvsCIQD8SLrOX6qbk+SHTon5C4Q+WC+PuDjWjp427T85\nczCk/w==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -720,10 +720,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\". The leaf's \"foo.bar.example.com\" satisfies this constraint\nper the RFC 5280 profile:\n\n> DNS name restrictions are expressed as host.example.com. Any DNS\n> name that can be constructed by simply adding zero or more labels to\n> the left-hand side of the name satisfies the name constraint. For\n> example, www.host.example.com would satisfy the constraint but\n> host1.example.com would not.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUJvuhcqoW3+i5d6+WWKUg+g/Z8M4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASEzAbb0mxfLN+fAMVvJMx5rqopQ/0TRmSgMPFa\nEp29CluBeGVbJDhOmJAgi7ByhEzHpIj5o+Y2F8PASOXkJ6PYo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUwNJh6ZKJgT4IFD/FQOABlE7Sz9QwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDXW/TOgUQh8TD7+6malYHp\n435c/oQ5ABRrw8Tpt+jM9wIhAIa5MKtHR68BU1cK+OheEo7CdHBOHtyWjiTKo1Jm\nuAnd\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUC62TPusFNTdwpE9N0ZCuc92bpFQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATFWDu5LYKa5PylCWJ56T9iNvrGlluXgh6bFhfr\nEJ7W9GNRndwsqzuIBE/ZQGo23xBr56Xv9x49tNhZxpigODZIo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUAeCH4HRrzp6DydAtG+uaB+WzA48wHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDlS6EtKd5A2TGE2f6Wh+hh\nE/lq1AYQSCJJWZSC4zJy/QIhANmykrZw3JWo3sA207plqyopSBbkOwgjnwjX1nuh\n73P7\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuzCCAWCgAwIBAgIUQmr0fdhgKkCiTUhGTS579N04mZ8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBoCSPQWm9KmrOLOQV2Vf1kXlw4zG6XyGQFzIfhZw1Ph\nIG579OYzpTVjqgopf7OS0Ta408KC1WBQvFSu5+NVYvmjgYUwgYIwHQYDVR0OBBYE\nFPE721rjwf2pRsvZMMD55JMFezZ0MB8GA1UdIwQYMBaAFMDSYemSiYE+CBQ/xUDg\nAZRO0s/UMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAeBgNVHREE\nFzAVghNmb28uYmFyLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDEYYPY\n5kV9jFajqyGWsJXbE+XpXjQxrfuKfr/CYNO74AIhAP7sIEXq3HaDCURaxTwA+2oS\nDmE+WiIopdPp2/LCP+tA\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuzCCAWCgAwIBAgIUJ+nEI1ezuOTCZhT/dzYwPLWCRrgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABI5NsVUu/7nEQOJxynIkfVthl0tXPJ6X+vTPRnZTmen8\nkxmDq8HOBPliY4bvzO0bOhQdnYnbH75/qLhJtG85pOijgYUwgYIwHQYDVR0OBBYE\nFPomOZHPvDTAOBQIY+Thx5gQvY5XMB8GA1UdIwQYMBaAFAHgh+B0a86eg8nQLRvr\nmgflswOPMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAeBgNVHREE\nFzAVghNmb28uYmFyLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDVa2n2\nDr8YP2m1o8TnEDXmgSwQA2Rjdb+2GtWvbPQUNQIhAK7m6q9Y44l/Me/7A3ueqOMq\n6wi5/3IVGerINmXFrnyA\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -743,10 +743,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded dNSName of\n\"not-allowed.example.com\". This should match the leaf's second\nSubjectAlternativeName entry.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBvDCCAWKgAwIBAgIUPOXXLMfq6HEue1TIRdNgEY9/77cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASLZtzwOMHxt9GIFhVSBQdiY6kw+BH5prt3tJK2\n+MVntqkirdp/sUN4hkH0PLeclR8XOHmdmtLNMWPTO6ianRUoo4GDMIGAMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBSGCaCG/Hq4jEwp5s/ZWcE/YdEv+TApBgNVHR4BAf8EHzAdoRsw\nGYIXbm90LWFsbG93ZWQuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgckjk\nTtNZFavIrbtGMpOLDxPKuL25WAs+eS2qZZEG8A8CIQClnQgCdSo+pP5VIgTh24N2\nZLkxuy6r+qepbNxj2o9v4A==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBvDCCAWKgAwIBAgIUOBRyxxcvK8kD+w7t7+/odkGibNAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQmaFa4c0684p9dMZ5+gOpgkDJjKpMIBb9pXMh+\nP8HUYCXnGXh++1CRSbLbVIn8fyMkx5gU1JdROxmajXVrSRHoo4GDMIGAMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBRlQetgWPQYC/ab8kPouI23ifmlgTApBgNVHR4BAf8EHzAdoRsw\nGYIXbm90LWFsbG93ZWQuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgVC5T\nKo+AfsOpYRU04pzO89ItNfkeehvFLXHo974JOPcCIQD+zeCWsa/HeNz3KAP124xI\nyRqlGCJYb6J5UlaFF0ko6A==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIByzCCAXGgAwIBAgIUO7iB5Fq5Y1/V4rAa2JEvni0M8XwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBN2bKvVIpilG5jiZ4hSOxQEn1FbAUMaV8GdeiP2ICIa\nAXfrSXRkYftZPUxB2EwJMtyH8tNBCqcAKqFUR6ERDC6jgZYwgZMwHQYDVR0OBBYE\nFM/fo6ibk96gpNIrxVWoOYz4460NMB8GA1UdIwQYMBaAFIYJoIb8eriMTCnmz9lZ\nwT9h0S/5MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAvBgNVHREE\nKDAmggtleGFtcGxlLmNvbYIXbm90LWFsbG93ZWQuZXhhbXBsZS5jb20wCgYIKoZI\nzj0EAwIDSAAwRQIgeeZB2g+/4nzwOpff+cjEQLfWBMbKn3+rcEeALzEuWfwCIQCw\nV1q8U9EHxve9wOeDFM+dW73ZOX7rUEZspdI625xAEA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIByjCCAXGgAwIBAgIUJUi05uOP7D01Vumi+8MNuDk/kk4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABLwVt46xK+N13g+/ptgacVvUOW0GWkKIEZBfqBj+Kptr\nT6fcYm0D+EhTfAITw9FSmkh0SIBVheNxZYQsGjywwo2jgZYwgZMwHQYDVR0OBBYE\nFCUMWrc4zpVOBDwnm0GUxXItJ+ihMB8GA1UdIwQYMBaAFGVB62BY9BgL9pvyQ+i4\njbeJ+aWBMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAvBgNVHREE\nKDAmggtleGFtcGxlLmNvbYIXbm90LWFsbG93ZWQuZXhhbXBsZS5jb20wCgYIKoZI\nzj0EAwIDRwAwRAIgBrzxd45+qloP/kOtS5huwJjR746eZwhL/HrDpAWRwLgCIA3C\nds1awby3nM/WuMfNcjHngj2iQPyCmeGA1QAV1eZg\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -766,10 +766,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted iPAddress of\n`192.0.2.0/24`, which does not match the iPAddress in the SubjectAlternativeName\nof the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUSNrbBRI1TWpFNldhAgyk/FQKRh0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARjB7JTE7gU9qumaK9YqF+4xNlutu77jSt1Jsfm\nj1M/CRWJN5P/olwXBYlBCD9OyHZWnDR31Q3N5yjEy3ORPRqfo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU9hxf2FMsuB6tYL1H+yx0HPVvVd4wGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0gAMEUCIQC02mOQ/kDMNyREq7sT0QVD5zeW\nmJdsYhWTf/v3Pv2CCgIgP9wkWuWQv1RI881IYk6eLSPAWtsO8qESaFUpTMbSafE=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIUbl/YbUQChzJUWVKeTH5E0Fje1kYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQVYCPT9s0p/GsU6ksUvpTziWiEkSLqAeZFXE/F\n05SoF9uOejiHj3a0TH1O7Oj82a/cXsvA7g4umFawlfDRTonIo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUZudwqKIzuCORxqdnxhmLnZfFfDkwGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0kAMEYCIQCm92LXv32E8HN0lQysapp9mfaj\ned2sBSmYGp1a2g40kQIhAIaDZH/Gh3SJKDGIe0fqgvk5CaUGJNxPujcRwqgt3CtE\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU+gAwIBAgIUTTYopyiDe49gefuVh3++csZ/+y4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABFtof41Y3rlAXB/6aqyBG9XF/t6RYXCK5ODq8nLs+/5g\n4y3hE8NX2KC2hZNz2R3WVV9Gx25Zqt3grjf2doD/NySjdTBzMB0GA1UdDgQWBBTJ\nv79eSmaMobziyDJWxiNoHZDnmjAfBgNVHSMEGDAWgBT2HF/YUyy4Hq1gvUf7LHQc\n9W9V3jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEwAADATAKBggqhkjOPQQDAgNIADBFAiEAszXJJSDE//M+QQjCdzK63v2rDDGD\njZq41HzgmPeBXSACIBiJ2xPFAPCGDTiOBhuK0qvY/E7AkVVlvNZpq7v/Dlks\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU+gAwIBAgIUMQpmNu7l5rHJz6TmGCLbnSxTq88wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHqGC89n9/K82UV57kKIWdtvDdRRrwK6A6FNixabkcNH\nQYr21oPWAAceU6Irr/retXCABa8dHsih81ws8NqmK12jdTBzMB0GA1UdDgQWBBSt\n6jLmGWOAkcniXKnV5q4LEacPxzAfBgNVHSMEGDAWgBRm53CoojO4I5HGp2fGGYud\nl8V8OTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEwAADATAKBggqhkjOPQQDAgNHADBEAiB9ELudfmtqRbTjdcrhazfo7LbfwHcg\nh4ktAMrSLmx0dQIgP2452nmV2OOiENgHKnGMz8g5hhwr9pjGZkkE98XJgbs=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -789,10 +789,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded iPAddress of\n`192.0.2.0/24`, matching the iPAddress in the SubjectAlternativeName of the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqjCCAVGgAwIBAgIUapZ2UpDOohFUiITODX0cysB5DqMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASQKOXybDr/itZzTCV7POjGdT1mPLgAKxvPw6k0\n4qdFotR4efbZ2xo7isu6aE28DkeYYsHOVuskGHP4JEJ+k+Z5o3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUNb7FV5vHGicDT1tY2rG7Gz9zplMwGgYDVR0eAQH/BBAwDqEMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0cAMEQCID9WX3TV2kjRpmm6dgXlAWZiJq4H\n5p6oKy4zzS2+rGs/AiAoEyjsxApowE+fKFYtzAWLNRsHt+5EUUXdEOzgudwKbg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIUMbDtDP8xtVM8a+vQRGthN2YHljEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASMfOf7Mg+5D33KEadCyiYe1n35ZcEuM+ol6H3Q\nuBcW+UcFNqk8Gp/I63GDKFESFlUSH1R6dbpH1uPKW/eo5D0uo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQURiQOsxFg+4KpEmGz2auGhkkQo8EwGgYDVR0eAQH/BBAwDqEMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0kAMEYCIQDYYPuXMXMEGn0cO0ixceA3lx9W\nDMpmAozx/c92NqApogIhANyjcK/RcwGzqobq3LOEOXOB6S21OuoJDllUaaqUA7+5\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU+gAwIBAgIUQU1wv9S/jpOEMWY4zTK8dXmEB/8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABFtNCtS9vce62P9CGRVNo3Au6Y9o+Jmk0yEvUbPf1G2q\n0rI1dU7P1z7QGSjfAbIlmI1Ue1xNBaRcc0uMyUQQnrujdTBzMB0GA1UdDgQWBBRc\nb/NQbmVs1GPG7G/JB0ogiW816zAfBgNVHSMEGDAWgBQ1vsVXm8caJwNPW1jasbsb\nP3OmUzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEwAACATAKBggqhkjOPQQDAgNIADBFAiEA87bEAarlv8fGKEp/E/Imk4hkDvqZ\nSNcY8BLiYyuotOgCIBJZ2p9iRngyYdTVRxuKRBZDDfVVHK85yxErApivhhiU\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU+gAwIBAgIUZgCtUt50Q6NQpAhjj8/GSH0Wp7EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABL96n8IXZhHfLNpse6RTcdic2YGpeDt2Bs/Ten6fcDIe\nRCYkRmDQVZJ5fi4ak4IM/0d92QaciYbtS7H7Q4XhArOjdTBzMB0GA1UdDgQWBBQU\nybYo+5yPp4oQsjH65T6q6p3axzAfBgNVHSMEGDAWgBRGJA6zEWD7gqkSYbPZq4aG\nSRCjwTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEwAACATAKBggqhkjOPQQDAgNHADBEAiBzjcGVrgQyxoclHy/JzSWksRIcJxR2\nYDkcwnt7Ps3GHAIgaj06sED+MIlfbakSCw/eZ2y1GSDUf9ML+CkYAvUIg1Y=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -812,10 +812,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded iPAddress of\n`::1/128`, matching the iPAddress in the SubjectAlternativeName of the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBxjCCAWugAwIBAgIUCTCfDTXgK6uR4EoRQSfZer0Bd3wwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ1R0niL0+TwpahX4LHdFUFVEhNRk5wuXi6f+X9\nSUhKMKxUMQ2pt+l3dqvTzGahvsG1FPmWI75HmizlBP5tG/Afo4GMMIGJMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBTv0wt3KcbKrUkQ3AihLvcfkzWtZTAyBgNVHR4BAf8EKDAmoSQw\nIocgAAAAAAAAAAAAAAAAAAAAAf////////////////////8wCgYIKoZIzj0EAwID\nSQAwRgIhAIa52T05+jCjgsFvUd6jeaQo7+M0NB/vnNVMNyiIyVahAiEAuWmYVTKF\nssLMbKRpzSI34sxHThv7zggN2oFBC9+fQi0=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBxDCCAWugAwIBAgIUQVDSdSMIwEnbRCpq7oVleTE1E8MwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARjNYYeGOrQDNscuzQJWqIocy1TwWvkD+F9AMZH\nP0Jk00RTkBWngRjmdIYcr5JWIsmx8PP7AzEe3T3xpP2PaM/0o4GMMIGJMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBQQ28rz9VQ8zVA9piY4Vcvd8HA3izAyBgNVHR4BAf8EKDAmoSQw\nIocgAAAAAAAAAAAAAAAAAAAAAf////////////////////8wCgYIKoZIzj0EAwID\nRwAwRAIgYu4/TS6eEG2xZhdpJJhHkfX+WkIBF8K/PTKpHqv0x5cCIFTPJPGs24bs\nfwWpida1skw3i0UUoIR3jPcHl0Tdmzwg\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVygAwIBAgIUE6pCC+b5F4CbsDtUXcHsgxyhSo8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBbJrMgZPSMTgrKiOCEzkWcbJqYBIxt4SveRSMPxBXE5\nLu4lGueCu+JbDVsbkOQ6SJbOc/Y7Lc+43KfZ2nZHS6ajgYEwfzAdBgNVHQ4EFgQU\nElVSNhFlMdpVeBV2wgbXGpgZ6XEwHwYDVR0jBBgwFoAU79MLdynGyq1JENwIoS73\nH5M1rWUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSAAwRQIhAKvkGLRJ2LzE\nRbAizeN2oPxii4c41zsIiWKRWDyH4VhZAiBZFGyRhvsoG6eOU14SChWRQ9bbK+Fo\n1C+5kT2Q6shv0g==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtzCCAVygAwIBAgIUGmp7Oonz6DisYWHBt52wX8zZIA0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBjrfIxfIT2aZvlPKBI7W4Dwc7keauaX3SL2U0wTaTwE\nula9eo0javN7tCrT5wenChykf/f7gfWKCjhfLZQybLyjgYEwfzAdBgNVHQ4EFgQU\nVhjuB5a/7SfCzTKpAXl6q3rzk50wHwYDVR0jBBgwFoAUENvK8/VUPM1QPaYmOFXL\n3fBwN4swCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSQAwRgIhAK+Z0jDf0j3E\nP+iJSBfsX1+tk5/RSELkUeDKcHO5aKmBAiEAqLfH0URmjF9UAp1f3JLHZ2eJmKGW\nzUgQ9u/DV5xSWn8=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -835,10 +835,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted iPAddress of\n`192.0.2.0/24`, which matches the iPAddress in the SubjectAlternativeName\nof the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUH9iaU3mF7CsxKc2WOjTlmf5V6T8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASFvd/hIGa4p3zffJZHVf7BQOwxP0c9NAhbHRO5\nnSbOWyZWEtzzT3d/XI/1MJDVcyBqdKDVvIYszykubu5sHAoNo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQURGbMrIJMzbyMY0yMTtiA5bZW+7MwGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0gAMEUCIFk9FFYCYRVBD4XXh6rHQhCr0MUI\nTFXKUWYiA8A6g75wAiEA2QkNjYaZ65X4LuAlECG7Ez3yVp7QYkrdgt4Pom1MVHo=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBqjCCAVGgAwIBAgIUMYZwa4P5eDp0ve87LZZxUrkoKQQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT2250SjmdyHbHutzwRQ8qqix+UOkRKjWULkVDT\n3llXNF36krHlchJrBw4in5VcgFt85tp8C5PemBl1paUX5wM6o3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUrJW9QnPc3VwESKls0rZTsiL7rhwwGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0cAMEQCIGIet7gCp4VMekOdfoIvdOEzSu4N\nzfB11YfDG0RreLM3AiAbfyGTt9UKGK3FUfAsGiX7hDqCBzisTWLQRiJDGVe08g==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU+gAwIBAgIUVqHvlNSAUjV3/Yh50my5132qy4QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHj+pVaaqVZV2lBaij4GWmO43HVCszXKMWMgiWVDK93T\n9uxLmEGneBf+c0lyoMUMt5Cfao9O1Q+UKp7wnxGuhNijdTBzMB0GA1UdDgQWBBSN\ne8zLLoBfaaM+Dh4Wen24H87FGDAfBgNVHSMEGDAWgBREZsysgkzNvIxjTIxO2IDl\ntlb7szALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEwAACATAKBggqhkjOPQQDAgNHADBEAiBUmO9+9Lt2qmn8Vtca1b88C4Q1mpd2\nMSifMDKl5GkedwIgCdqick69mURTvipk7LyObgjR7Tyg0QG1EYCoqU9vXIM=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU+gAwIBAgIURQ0jtspEYHBdTyX2Y6O4fYskCoIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNJQ5Pc7DiLsTlRf+7/l5c+9T4qbXD1kcEq+qAtaDF2j\nnWUnKBoWt0fqVb5GaHzqqQQXAD5tWf6phSZ4GDIs20GjdTBzMB0GA1UdDgQWBBTk\n3q7BJPeWAmosZSTyHxHPXWAbjzAfBgNVHSMEGDAWgBSslb1Cc9zdXARIqWzStlOy\nIvuuHDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEwAACATAKBggqhkjOPQQDAgNIADBFAiBgn6psexmicA8H150I9opkS3w5YW6R\nYiXXIOOMWtgWrwIhANzDYTQsMOuRzMb+FXNdN2icAMQY13t5Fr0jrux0ypNi\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -858,10 +858,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted iPAddress of\n`::1/128`, which matches the iPAddress in the SubjectAlternativeName\nof the leaf.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBxDCCAWugAwIBAgIUTH8XbqDZMdqoBDVgBmq5r1il8nUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASEbYJONuGZVvQba2LLbD1kjn1bK3zyEkr+DVzP\nexfExmbujf17R7Z4CM1UY7VROGSj+8lQk3Nc7zi811HUGyywo4GMMIGJMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBSnXDYFf3XCsjZRDMO/W8mvjh6QVjAyBgNVHR4BAf8EKDAmoCQw\nIocgAAAAAAAAAAAAAAAAAAAAAf////////////////////8wCgYIKoZIzj0EAwID\nRwAwRAIgNHFoNgF+mHcedQ/aybEJhnwKJXg7P1MqpF99jPQ/bUgCIHbem0iLZjWH\nJTqCpAuEnq5IGe1S8sqj+L9VZ0rThflR\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBxjCCAWugAwIBAgIUL6P4tVbG7JvAJRYpt0oj6YXxoq0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASmWm5QzdIQ6ynoFTRNMZQDqfeIHNn4SNzoXG75\n2UI4lgPmuG5Dq1KY6bqAQ0EC0Gx6a6VwGk+EOwToLMYLXxlZo4GMMIGJMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBSAkt8u4diSpKd785bhJGWgH42E6zAyBgNVHR4BAf8EKDAmoCQw\nIocgAAAAAAAAAAAAAAAAAAAAAf////////////////////8wCgYIKoZIzj0EAwID\nSQAwRgIhAJtMrZLzN+jYJSpemwxTZPPyQ1w8TX4TcRCaGwe7vyyGAiEAm7hsESc7\nxU8/LPisVYo/dwAwk2tQanYMpesjegG0P1c=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVygAwIBAgIUavEC2EWS5+YC5G1bhZkNCuzlxYMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDIhruCxZGy9OYY4r1ans1w/i3hwQ2/PLU/PgLpyuK62\nuBWHEREWDd2ly+SA2rWycDsmGTpVgKNCXPjeoXVVclOjgYEwfzAdBgNVHQ4EFgQU\nQI4ea1n7j2FnnU3CJh+yAsYYjBgwHwYDVR0jBBgwFoAUp1w2BX91wrI2UQzDv1vJ\nr44ekFYwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSAAwRQIhAN6DsSIEAhL3\nfFDnkqs0foDHsDZwT6JKnSFAg9tghP2lAiB6KqMEbLwVM2sm3fcanu9ah2oeV55N\n+0J9A9bv9r7MlA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVygAwIBAgIUVow0vdkdaRRb3mzgBtgzyLh6pPswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOFZyvU+EfzeRUVw6Hu1g5dYVQv+1eQFteiicO87EykU\nMY5ieHdt9a5XeeVFd4qE8pMoFsxHGuNvtJvYu9sQrCKjgYEwfzAdBgNVHQ4EFgQU\nQ5TFjfnZsW1vDEthhhyYggnbSScwHwYDVR0jBBgwFoAUgJLfLuHYkqSne/OW4SRl\noB+NhOswCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDRwAwRAIgPPJaQ+2Be2mz\nUp0lM5z4W4XKrPY7B16SMg0tb9CynEQCIAuczWK63zn7p589xRnBi/XMA3bvwEWd\n3ePd57oUhV6i\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -883,10 +883,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted DirectoryName\nof `CN=foo`. This should not match the child's DirectoryName of `CN=not-foo`.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIUeIEPlgg/dMe0k+byspvlawCPp8AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASnlnK7GUptPLeXgo+iC5E/RdCPflvrgMlXuXk7\nVtX+0HXjzLke9WpXEphUiwsr5EuTE8IpkyIXnnvEecqG2/S9o3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUbFS6Kuc+OY/gQ7iCPfOxDf5w1AcwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDRwAwRAIgaFxreT1yVucFDf+M\nFl597xnrk58aHNpVsQJ3bLueWN4CIBpm0KBzsb/lV7bKvjhbTOP84CfAazQ+0y1M\n0A+fyGHt\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUbqRuL6isg93wdi9/04N77VY8YkQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQz3EDxMbEt3sKgfJnkqu7zXZ0er64I7KSocR//\nexv3pIocMpDl+TpoiG546/YAH5lBHYnv24dK0roq1zYMIi9No3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU/3NHdKcrZZD8kR9K1fSH2n+nIrYwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSQAwRgIhALunaouZougeG4PG\n9mKG22A0WZe283RBjfUHimm7Jo92AiEAjGqMrjl+93P0hnd2nf/Z7lGvuj8jL3aC\nL9SuXmHakqQ=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAV2gAwIBAgIUTLeb/FFDf7owZbI1X1KlkHkLFpwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjASMRAwDgYDVQQDDAdub3QtZm9vMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAE3LH16s5rf7GtxH6KCqSZcT13dG/N6G3TX2UNJHUCGNrOUlGZ\nMbDeBl14672K1bq+sJ9IIFxX4n8WqZWe/zmuF6OBhjCBgzAdBgNVHQ4EFgQUY8dG\nmqNUk9Wxbgp+5LbHM+CmoUIwHwYDVR0jBBgwFoAUbFS6Kuc+OY/gQ7iCPfOxDf5w\n1AcwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB8GA1UdEQQYMBak\nFDASMRAwDgYDVQQDDAdub3QtZm9vMAoGCCqGSM49BAMCA0cAMEQCIGdTZl8QdTNN\nVYpbtH6CA6J7ni21lXDzGQ7RshOs/htAAiBjOEecgRCzZk6NrfnEG38UCQKv3TJ0\n+FkJxLp4YlaNVQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV2gAwIBAgIUSUdykOOXyNYjLNgHxf/cQsueSVEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjASMRAwDgYDVQQDDAdub3QtZm9vMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAETdU975Ffiwqt28viqdxvSCj44YkVZwBXLX2Tm4Ci4dgO+Rkn\nXPmVHCzuB9Io+hq+pKhgdTWa6XP2+rMPnE6vx6OBhjCBgzAdBgNVHQ4EFgQUeo8c\nwiDFgiC3dDc8IT/uI8SeO+IwHwYDVR0jBBgwFoAU/3NHdKcrZZD8kR9K1fSH2n+n\nIrYwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB8GA1UdEQQYMBak\nFDASMRAwDgYDVQQDDAdub3QtZm9vMAoGCCqGSM49BAMCA0kAMEYCIQC/0ZvAP5Ei\naGshXcJXLfuCrJPbueXkKlILD7RdGZOrCAIhAI69wBGmKIB9jp89Ai/SI8Y/F5sm\nHYdLkhcDOQxfFeXm\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -908,10 +908,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded DirectoryName\nof `CN=foo`, matching the leaf's SubjectAlternativeName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUCbzbPqhklx836yfWWQzetqZtdkUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQLT+9PZd/PxEbGuDUyBpl75wSbAdYevPh+Zf3g\n+bEEEpMNMDaFacKtaHDo56YqoCCuV4mDbcs6k/bbseXHKcZYo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUez2PnjeHmGH4wa6Ir37zyc/OQDowIgYDVR0eAQH/BBgwFqEUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSAAwRQIhAJ18TGEchwTD4c7x\niJbktSfrbKT230UL271enrPCehg6AiBifI4ty5ukS0KNkGww7gLeJC04IaytfWqI\niY4cLm4ODQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUN22U3bQZMHPLD9Sbu10dLiTfePEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASglbHjHJlIYuRRRx2RZVu0mKS3UStzW57iCSbG\nfRlDocEBCFyBHVv/6cVWXBGsz2T6xQ6SbTJjbK/UKWSAHGyvo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUnFVRbsnxKP03DZc1PRhcIWlv+xAwIgYDVR0eAQH/BBgwFqEUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSAAwRQIhAKnjbqPQJGyDhY/P\nKH76d9uwNZSjpuTKROAS/b34K2kuAiBGSXLrCccwv7wlZ0vVgEoJ/4ZBXEE3KlPZ\npOlovFyzeg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUSz0IMeesRj3Lx8t9VkVqkG72z6EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAQNs+klTCkpWJYaTQZWI6CFZ35cAYf1rIBb0+jvh0CdvwsI+WOftbWG\nxXeaAxYKLf8hdo+a3JFfUnHXyzSdpSDJo4GBMH8wHQYDVR0OBBYEFHtDxHfptAIN\nTcX+m6H3mTEYKHntMB8GA1UdIwQYMBaAFHs9j543h5hh+MGuiK9+88nPzkA6MAsG\nA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAbBgNVHREEFDASpBAwDjEM\nMAoGA1UEAwwDZm9vMAoGCCqGSM49BAMCA0kAMEYCIQC33oyL+9wM9bF0CzSGYAqv\n+Ft2dDa2r/F9S2jUz4JCEgIhAM1JWk40OyIezrDCtdvBxhydJcqpw3ZsOoEpSA5L\no93p\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUNByFO5YDnvYaJHcfkChcmfhHfNYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAATOJAfT73a3wMfRZNoXBSbU8+EhA7k1ZoEu5wo/qbRO77scNMfmMamq\npDm9OefnSl79UZG/8wNnkNLG6kfnksYVo4GBMH8wHQYDVR0OBBYEFAIzU8Lhx5jg\nZL0eoL5ICTisvG3FMB8GA1UdIwQYMBaAFJxVUW7J8Sj9Nw2XNT0YXCFpb/sQMAsG\nA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAbBgNVHREEFDASpBAwDjEM\nMAoGA1UEAwwDZm9vMAoGCCqGSM49BAMCA0gAMEUCIAjyPKq9Bjt93UfPM7Ny9t8o\n12n92etOoHRIzGW9n8ZeAiEA4JmiAUJNdmFRrsMKt4TnuLjO0FA6LMxo+3WPaWWg\nyK8=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -933,10 +933,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted DirectoryName\nof `CN=foo`, matching the leaf's SubjectAlternativeName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIULGLubsobHyU9HgDX25utJEe0Iz8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT5x9s5sdlDTnz1xzMrPJy3GI92svr8buB3/lNj\nhp+3nrE228kAVp2qUgW4z/LCS0BSlEFxdIinNmAWZyQd1Hrro3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUwb9W1VPXXmvicBk3skCqQJLqVhowIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSQAwRgIhAKM0wIJR4nK8FlDs\nQI6TRs/ygP8WqGIgxmER2VSPVZH0AiEA77wZcBm8rzum3FZzyARKVipSap72OEzR\ngjIvb9reicQ=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIURmVj47Cfp8MPH6aUBy0xTlxR2QYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATy6DTLpOX91GKg93XF8mb0gKuoVc5LEnlUFqm5\npRwnTnJcAA+RyH9BkAdOpmw0C0jhpE3Iwmpkc8JqHeUhGL1Xo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUzseTbBPmbEw7XQmFJYSEh5PgkP8wIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDRwAwRAIgYaKrozIDmNFsk8cZ\nFueW6l/xYTd8eWn0B5atZorrVLsCIBxlEShHhaLxyrbrVIs3AFQ2fqw+J1/kfKqh\nYBNYIBh/\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUAPxBhX3KQxrnMy/1Nq4f92416TIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAQWle5FFL5ojIZ9II8irzXpBJZ827QdUUkD4yuUsIsFPidraiS1laNM\niwi3rFDYFgrB66tTT1Dfgwq7Z7gzxndzo4GBMH8wHQYDVR0OBBYEFLDwsZvTN/rO\n/xLvrGqMidC+Xv6lMB8GA1UdIwQYMBaAFMG/VtVT115r4nAZN7JAqkCS6lYaMAsG\nA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAbBgNVHREEFDASpBAwDjEM\nMAoGA1UEAwwDZm9vMAoGCCqGSM49BAMCA0gAMEUCIQD1DdubbDL2y90Kl9sk2FE9\nWGoQkiJ3er82xy17UVo+SAIgDL1H0l1jw9oz8vDR+9IW1SxSmVFCkTy4RW9snfn5\ne1g=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUJs+fwLoKsZg/11KQPCrdsii5uPowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAShbYy+DDD22dQc/sMAR4Wh59bJkjEgA8iZRZfmINRNH40ye6JhRWWG\n4UZ8xezjtXyHD92BiUROuv2nfxIc8p+8o4GBMH8wHQYDVR0OBBYEFNIWVuOqbfhc\nAKKaZ8dtiyXPVSh4MB8GA1UdIwQYMBaAFM7Hk2wT5mxMO10JhSWEhIeT4JD/MAsG\nA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAbBgNVHREEFDASpBAwDjEM\nMAoGA1UEAwwDZm9vMAoGCCqGSM49BAMCA0kAMEYCIQCG749r3cbz7Qve8awmP5ac\nQvXW7c/xA+7h03S+JW9yXwIhAKJZv909AEqNoTai1Bxm1PhAqi3c24HXIqi43pjz\nKozU\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -958,10 +958,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted DirectoryName\nof \"CN=foo\", matching the leaf's SubjectAlternativeName but not its subject.\nThe leaf must be rejected per RFC 5280 4.2.1.10 due to this mismatch:\n\n> Restrictions of the form directoryName MUST be applied to the subject\n> field in the certificate (when the certificate includes a non-empty\n> subject field) and to any names of type directoryName in the\n> subjectAltName extension.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIUSOB1WyGs0gcOv6WDRXEELymk74cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARi+IPEy2t2X+H5zZMFK/WDDNSgqGcd1/GVVQP8\ngo/jwO9pq1OdQlY0pZolAHcI6GYrfMNWTq8WrfgC24IdlW62o3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUhpzox4JP4dF+OdIq40WRyosSs0wwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDRwAwRAIgS8mgCzuKawjK68KX\nIOe8ZXJRCZ4MNMRrK/ucyPOcfOwCIHDyobBfBBjN5/rZhgG5reXCiPadV0mbGRkA\nfBXrM7PZ\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUO0nHz8lKf+6DFiT7shYBEodrwOQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ2Rk6Ck7/nB316bYFE9YTfXgoyqCeYcPYxMAKu\nK/SYuraP1vgSk2+TOnabs4sfAecTX3t02Bq+BemQSFhOXALlo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUCSceWLHngsyRN36MzkhUuzrr+OkwIgYDVR0eAQH/BBgwFqAUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSAAwRQIgWgKfzuGbZzez8pzD\noXV3/sUhGhgl5QAW2BYePlBEGSwCIQDaYcV1DmT7NZs9ulCD0BIgj8jYjsjgvyII\nhQq9uhfHPQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBszCCAVigAwIBAgIUYaxUE9cy0HUWShvDkAp1Zp0H5qEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjASMRAwDgYDVQQDDAdub3QtZm9vMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAEdGGCYK+A1He2kF9ownp2Vo9JdfPoCrQHLOlsAXmTr5kwrvwD\nn75JXrqf9FJTertjwKsZzb+ok3uGy1jai5SjZKOBgTB/MB0GA1UdDgQWBBRz+efz\n9pQLmSg9HiQISxxXWXtyozAfBgNVHSMEGDAWgBSGnOjHgk/h0X450irjRZHKixKz\nTDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGwYDVR0RBBQwEqQQ\nMA4xDDAKBgNVBAMMA2ZvbzAKBggqhkjOPQQDAgNJADBGAiEA/mJSdKx7fIozuLiP\nUrLZhU+pjHqhTrpgd24FbCJhZTkCIQCCE4Uw95bk/Zz0DFNhuIHA1cyLovPC6yXd\nfZeFqYkihA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVigAwIBAgIUKqT/hvNmSJmWjZIIDMEygo1FlAwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjASMRAwDgYDVQQDDAdub3QtZm9vMFkwEwYHKoZIzj0CAQYI\nKoZIzj0DAQcDQgAEtFHoIGpGk/6i3xhwJP3Zp7hCaDKJDkjRkpRYEZtuWngJTRyN\nZ2sYanFwkJF1R1JMli/Qy0o2irJWXaV1w++UbKOBgTB/MB0GA1UdDgQWBBTgMw7u\nkaI7T9yWIZkyLw7q2Q1roDAfBgNVHSMEGDAWgBQJJx5YseeCzJE3fozOSFS7Ouv4\n6TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGwYDVR0RBBQwEqQQ\nMA4xDDAKBgNVBAMMA2ZvbzAKBggqhkjOPQQDAgNHADBEAiB5i0hSnWsvvnhST7Ry\nytGDs+5IYZdh719r9uxjQAWt6QIgNogn5yYsM/GRtSecU3QUXM1L8gQnpaQHJbsp\nf38CbeA=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -983,10 +983,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded DirectoryName\nof \"CN=foo\", matching the leaf's subject but not its SubjectAlternativeName.\nThe leaf must be rejected per RFC 5280 4.2.1.10 due to this match:\n\n> Restrictions of the form directoryName MUST be applied to the subject\n> field in the certificate (when the certificate includes a non-empty\n> subject field) and to any names of type directoryName in the\n> subjectAltName extension.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUUh7zb6mTAwDq9gT1f5cOOnX3VNEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQlyJqyQAzXWICJlXuhFFLzmP2x/BOrvVjR3eSB\nt66Qgt9JP55E4G2F0OTv2nv+9w0Au1GVdRx7Wynf6UTPXOR0o3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUX9IAKUKRNBYOYXrFBHx8t0qoQBIwIgYDVR0eAQH/BBgwFqEUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSAAwRQIgNCruiSStMijHcQVd\nUgwNmpCjX9ocJma5PayEBkOFP68CIQDIzrEVKc4eEqahYtLArxNUSW++Zi+Oipn/\nP2ilM+Uy1g==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUNrRzhx2VaVTVXhHHVTljobv26JowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATWdIP20VvRufQqQcI4GflxbUS0mrL/mA3+hNbH\nzskulQzvkDT4+FITbkdv8E2LUknnPPsjuEqnKnoyLERzTK8/o3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUsg5zoGWE3cPpPSeNQeLWWDWhd20wIgYDVR0eAQH/BBgwFqEUMBKk\nEDAOMQwwCgYDVQQDDANmb28wCgYIKoZIzj0EAwIDSAAwRQIgNZi7ZZ+74pfAIhCV\nZLAKZ0i00Gaw3LJsyrkas/oZypECIQCvsM5sIhfXWhQw0cdYjcaqLuy+liSOp6BX\nWJ7g2tbEEw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVmgAwIBAgIURrwEbUrLBqfjwxSATQ3fvI5GNTcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAR7N1m0yFqiYg0GMwMrIzA/ERklrk4wj+gLd5U+htulqu84faGfdsOp\nA55haSK2igw0P4QU3lGnJQZFOhNfGEPxo4GGMIGDMB0GA1UdDgQWBBTgh4oIPsTC\n7Uqo5N0BFvuzSz3EozAfBgNVHSMEGDAWgBRf0gApQpE0Fg5hesUEfHy3SqhAEjAL\nBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0RBBgwFqQUMBIx\nEDAOBgNVBAMMB25vdC1mb28wCgYIKoZIzj0EAwIDRwAwRAIgIptFfiSe/JCAfHha\nVmjJ5VVs3XkHa82Z4aV11lmcevECIH0TDLFq+NXb5aIyXkhutCbarVvi9AsJqzWh\ncwbC+H2K\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIURJVyFg+KaNW6xiSzz1+3GgLRIXUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAOMQwwCgYDVQQDDANmb28wWTATBgcqhkjOPQIBBggqhkjO\nPQMBBwNCAAQTcVXg22Q5+42sV7RvHmKIgvUgDtHrwR8q0DMDU9r4uyzSelgz37Ld\nqYczf8ic3d4fJJEmDihpaKUJpzzEvkNHo4GGMIGDMB0GA1UdDgQWBBRuQFDJ68JG\ngzyV7nDw6QUe9GRxrzAfBgNVHSMEGDAWgBSyDnOgZYTdw+k9J41B4tZYNaF3bTAL\nBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0RBBgwFqQUMBIx\nEDAOBgNVBAMMB25vdC1mb28wCgYIKoZIzj0EAwIDSAAwRQIgVw4/zINWoPukzmu3\nLsPAcVjVkXbKY840smHb09JtLdMCIQC+UEqyZgrLozGaniVGscZTqPwtIhA9wT33\nY5PDMFBGag==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1006,12 +1006,12 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> intermediate -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", whereas the intermediate certificate has a\nSubjectAlternativeName with a dNSName of \"not-example.com\".\n\nNormally, this would mean that the chain would be rejected, however the\nintermediate is self-issued so name constraints don't apply to it.\n\n> Name constraints are not applied to self-issued certificates (unless\n> the certificate is the final certificate in the path). (This could\n> prevent CAs that use name constraints from employing self-issued\n> certificates to implement key rollover.)", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVigAwIBAgIUXVTqJJ7rfJyo3CKUuZcC/3ZAXZowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARQJsNwcibVsdPZeV9DBxQZKtdRvbIIkRttc6Al\npJQPki+8Fy30qd7QZdGDDfssr5zewf8gkK8yhNQMx/16fPopo3oweDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHQYDVR0OBBYEFFgZwDEDodRk65rZig8mL+xRklhpMB0GA1UdHgEB/wQTMBGg\nDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBnOptJIKTnLv+aAuUT\n0GjR5bsQgk/JIgnHoOUTgHJj2gIgWweBXwbok5+T9HCdLWvkPZnZw6jbE3kZFtMy\n4Vip71E=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVigAwIBAgIUaiZlumhNK9QvSh06fFyeneZ0FsswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATs/Q8jZA78CnEzzGFoMKcQBaIUIbjfnE8v/lmu\n3zR0G+iY1hL0kZJdDP1lAlj1Hz4fPbN7bFtUne0hw2PimUUCo3oweDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHQYDVR0OBBYEFITXFpcYZ0EVwXvgaysjyHX8OINRMB0GA1UdHgEB/wQTMBGg\nDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEApUAEpegQ+MU2zZDl\nCPPyJKCUKGr8waTQzDN2Yv29Z+ECIQDnTkZq+4FxnA8xN7DEzU3MVeo04hpmnfu7\nxR3BwqSyaA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBszCCAVqgAwIBAgIUV2cncg53SlxTQhMQp7HsQn34vCowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASlHi5LGZRemUtzM1ckGn5O5u4XhqaHC7EtrCcw\nYbk48BbqJYfwsz6M0cWWajbS941XHoftAseZZ1W8bNxY/nSKo3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHwYDVR0jBBgwFoAUWBnAMQOh1GTrmtmKDyYv7FGSWGkwHQYDVR0OBBYEFBOF\nWSKUxaZ4YWL/qBu0s+a2vOyCMAoGCCqGSM49BAMCA0cAMEQCIGCr/U/n+AaU2fmH\n46qMXk7O3Kj+MIAb3XwAmZ9Fj2zQAiBrjt2s24y+oi8dZqx1hom1xGr3Cl9DXHHP\nay3uogEv4A==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVqgAwIBAgIUPLJ7SKLi9Ws+TQOImRkZLSCDzUAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASS5g1f+eQiOasFEaOrnuYYYuntHIYflpCRegR+\nyPwiMDcjKnirkfWXZB62XCRpQIT/66RdAAEUKRbq/T8Y5Bgao3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHwYDVR0jBBgwFoAUhNcWlxhnQRXBe+BrKyPIdfw4g1EwHQYDVR0OBBYEFL9L\n5InCrTzBJCZLm8/V9u12+pwlMAoGCCqGSM49BAMCA0gAMEUCIAo5ZqZsiQtG6Bph\nAemxZci8Rjmox9hzsfnm8fvAgrqJAiEAx+xYcToWSsmo5HWFvXCpsyijFPjF9SdN\nSkOxcOCQ9hY=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUBhcl5ZnHXcDTbDg7qeM9e5f/op8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDC5fW3mJR6TX2krqkmLhWLiVVrbk+YOaAAGH/C5q9+8\njj4R/usXMWAcfDTbz7zWkQedv13pfjNiWqK9Pah1riOjfDB6MB0GA1UdDgQWBBRU\nI2B9wIvxK6UiE5BV2amgXw478DAfBgNVHSMEGDAWgBQThVkilMWmeGFi/6gbtLPm\ntrzsgjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgYaBeM9UQgJCIcOfp54kb\ncAUs4kezScMIT3HU5x2XEFMCIEQWvLx94WPPJOE6SsABOg2c9jRLgCdHaeUNITIJ\nil6i\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUJ/VlusQOEEA8J8K6qmtLU3E4cckwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABPhWpxC21ZTKW4U7OfdqFX3LRaBb5D/fRNz1ZekjJq8u\n8rAjpu1gN9cRoVi/tMqodMzlfv/ureNTRBXpsVxlHj2jfDB6MB0GA1UdDgQWBBQA\nY7fwLB9lw/xnRvu6VohUuisG8TAfBgNVHSMEGDAWgBS/S+SJwq08wSQmS5vP1fbt\ndvqcJTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgIdl0+KsRoBuLcH9ScYlj\nsAZtIAxMpLm9AqNZFn2ka4ACIQC/CtgpJw4yyCNuPZpgk9P/5mrwHcRjJqiTrIil\nvCUXrg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1031,12 +1031,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", whereas the leaf certificate has a SubjectAlternativeName\nwith a dNSName of \"not-example.com\".\n\nIn this case, the chain would still be rejected as name constraints do apply\nto self-issued certificates if they are in the leaf position.\n\n> Name constraints are not applied to self-issued certificates (unless\n> the certificate is the final certificate in the path). (This could\n> prevent CAs that use name constraints from employing self-issued\n> certificates to implement key rollover.)", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVSgAwIBAgIUZGRu10TEdXYzn4FmPeJI+17uiqQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQQndQKipDsBGlxqksTSfS1IiKZR9nXRJvDJGjt\n1sDqjRR9pbE+x7XGNKW2xT24nUSMBHjTHm4eF1wlc/B6NMDeo3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUmwt/hP7c6l5XCz7BhhLB9HtydXwwHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQCPQqnK6cZSu3qO4mhlN7Jl\nGOqyYPruMibBx8e500b/twIhANCb6A1zGmuxxQ1eMI0nQfNED1vN0gCc1uuMXYXJ\nPPCz\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrjCCAVSgAwIBAgIUIOrPEL1BgcesgH17zEq9QvixT6EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQtCttuNsTp265F3pG6tjnbEAJZlXPsXGYeXSJY\nGq4rTzCpilIOZva3PUFaz7JX4nBrAtPzY7gUa/PLTtVaNlW8o3YwdDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUn1qqiUWPETtspQNHCS4FRxr8rZswHQYDVR0eAQH/BBMwEaAPMA2C\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQCYvqzz64BhGcXbKJMueC0B\nAa3VV5ISREDP+ptkl01pbAIgDFRz9tKkIrZBTmks9lUHoAVrR2Z3Ziuknl6PJrfT\nmek=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVqgAwIBAgIUfHPCkFiQ4FD8nETmQpQEpPqEDPMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASBdbJFRAMMFiTKYMzmTgmn9EfeSnsSoHL8Vg9S\nWXjDn1DU6czKSH2eC2SoGt1NVeanAKuFdhoOa0vz513UKVG5o3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHwYDVR0jBBgwFoAUmwt/hP7c6l5XCz7BhhLB9HtydXwwHQYDVR0OBBYEFJVT\nGucrCmhxvgGGHHtiABeL1Dv6MAoGCCqGSM49BAMCA0gAMEUCIQDkSnQK5TqjZsVL\na3pdFUhQmp4Wfy+Z+AiUSIFQnGGT1gIgchssHdUP28ja/5Rvk2Tf2l8W9EsvtlS7\nGC6qpJVaN+0=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVqgAwIBAgIUMzhaUpCLRXCD+mPb9t66J4VgpucwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARfErOy9hP6EoKc6qjlWBjkZT+0JssR1iU+u/T3\nJl/IHn2jSY78vA7jm/cX8fzcDcvnkqc2/cTIphL1e9BojU9oo3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAaBgNVHREEEzARgg9ub3QtZXhhbXBsZS5j\nb20wHwYDVR0jBBgwFoAUn1qqiUWPETtspQNHCS4FRxr8rZswHQYDVR0OBBYEFOYt\nvLSBhuULShFVb9wGmzwlNu72MAoGCCqGSM49BAMCA0gAMEUCIEnA3+ztqLZG1QBf\nFDg3sbIjnokzu+dSyCxCP2FxQHghAiEAyu3zTIk7e0UNwbxY9/ulSJrOBwqxn+R0\nLX3F45Hw5ko=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBujCCAV+gAwIBAgIURkPy+TQAZSTKqIcxgIEQ1iVeL2IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATP7qvfCKfR73ODrV4wDvkUzICKInp9+0Wc6yUu\nh3xT23I5Q/kkJgmhBRWl/PY3denB58UMKNSU6aDtdgRlTd7/o4GAMH4wHQYDVR0O\nBBYEFCPfrih+cSUge+j3/MH9wWNONOwLMB8GA1UdIwQYMBaAFJVTGucrCmhxvgGG\nHHtiABeL1Dv6MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAaBgNV\nHREEEzARgg9ub3QtZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhALb+LZjO\nqyh3qSqCyuQbU8nfoVWg1Tg2+/MUcjUerERhAiEAtV+w0Oj5Q9bY8tR7Fy/ASeLB\nW0GooYPUxXn4SayxHHI=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV+gAwIBAgIUbq482L5Iv1B8EKcU9ipYH/xwweIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPbm90LWV4YW1wbGUuY29tMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9ub3QtZXhhbXBsZS5jb20wWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASQwLrrdNn9P47gPOic5mXkkXl/T5ojM5wbGbcJ\nRlk72ktKXexcviR22fc4TMAKQnFV0mkBS2ug1cZDCZhNrChdo4GAMH4wHQYDVR0O\nBBYEFG+SjzFDwnUh40g2rusSPJlfbnEwMB8GA1UdIwQYMBaAFOYtvLSBhuULShFV\nb9wGmzwlNu72MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAaBgNV\nHREEEzARgg9ub3QtZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgYSNUjl4z\ne+ZTGzpwW0RxYJXNGw3mvOXyzEGcUGfkKUgCIGjmvcFHmoit6uOZroAwYucLYZFe\nAsIFVAK4gd/Foa1t\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1056,10 +1056,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted and excluded\ndNSName of \"example.com\", both of which match the leaf's\nSubjectAlternativeName.\n\nThe excluded constraint takes precedence over the the permitted so this\nchain should be marked as invalid.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBwjCCAWegAwIBAgIUOLIDFK4Lyp6gGj24LEmTWT3ZrcwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASZKKuDxxM2xnEmPOVdpHRvMRIeiypXZ0Z8aw+u\nSsN+/QgChSGYQdDhvcEYvuNF3+p3reoqBdAET8M0U+yWupKWo4GIMIGFMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBTRHkQtvrQcMQ/iScHSAJDJg5UWqTAuBgNVHR4BAf8EJDAioA8w\nDYILZXhhbXBsZS5jb22hDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBG\nAiEA+eGYfWpNtEbCLrGylAsPP0dUtVAGmFvFclqrCyTr1OICIQCl82t624oUY4DN\nEMuhD7Ir1Hd96mMyRbelWQ99ZFB4pg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBwTCCAWegAwIBAgIUYvDxrGt1lr8WGaRg3JJOYiudwPswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ4mkuGKNKJkXrNI4Kja2dh3O6jSkrh6KguTPc4\njiQQde0Y8cMx6XuG2esWS+5AfEQzXYsrOPdMuqEkbRu6zQwQo4GIMIGFMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBScetK3XhbpaG471cxfMpwvyYHwajAuBgNVHR4BAf8EJDAioA8w\nDYILZXhhbXBsZS5jb22hDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBF\nAiEA9AZsNEsYxN+s0d0Ml1T9YHu3uk8l/BTzcJi18sDZGscCIC3Meln8tz+AEI1h\njuZrWdeSsveEAbOUls7KDJUuuuhv\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUS2sVmIQKPWqz4kZpu+WeYbPH8VAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNJ+oblveXCClZFOzHbtsdElrQhsWs/nEXBspFY0iITB\nj/d8c0UL79HnEVGh7KSSVMjMHFwh6esRdlkFgd5i3IejfDB6MB0GA1UdDgQWBBQd\njAX1LOc7A7jaTl3G4KdXpGEw9jAfBgNVHSMEGDAWgBTRHkQtvrQcMQ/iScHSAJDJ\ng5UWqTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhALk+OKRFxXhEm8SXTlG1\n04kA+X4qtIP2aWGiq6Dpp+wpAiBckfGJuF8T+LwGOsBhkMh4JFjZtkaxX/zeWp7P\nzZVcQw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUJZHV8DCn5w5+eE/be5HtTpF/rdwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABG/5FERU2v6OwZCluSIRP5z2pN7x5GQ2wg7YpEffIFEk\nEanuT+4tjv7oAAIC5OAnH0Ehs/GOwYOT68shRAZHMwSjfDB6MB0GA1UdDgQWBBQY\n5paU2lufMk4OUqHrIsoj4LulVzAfBgNVHSMEGDAWgBScetK3XhbpaG471cxfMpwv\nyYHwajALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgCuw23S81jrdY0aPyg10s\nY+CScH3j9L++b6VO5rAzFq0CIQD+xZGYZPfhjfI0q1wJfwQyIOh3arL9nksrQKnj\n3sPl0g==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1079,10 +1079,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted iPAddress of\n`192.0.2.0/24`, while the leaf's SubjectAlternativeName is a dNSName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIUWnwx5zPMxNdTqE6+omi7srJ76NkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARpdyfmkh7EQQtWw/TJEG9k/TAyJ+wmnCOnyKeJ\nPGs9oeAo2ndQ2oqX32cYiIUB39H/bYtmgyehYeCuhaQJNHKVo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUYn1fr+8AP4iHhBuBgn78ba2q5vEwGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0kAMEYCIQDpg9p1YuH1Iol0aEDRnL5FIOvH\neN48CR5AzgrnJwfDzQIhAMLvjSLxg6I5CAVr/PglZRJH0bYECSlKiLRQrzOqMPku\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIUUZJqyfZ4DYPj8Zm/l/e52GoUxfswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARx7pyErwbwXFhIYBsdsoqgxOkKsKsJyo+7Y7Ki\n5gSDZlIWcKqtCUPJVQcaCbZ6dC+LPmjqC9bgVIrrnKcszSLjo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUkZ1+E1KQi7Ge86wzag5DoLaQxwAwGgYDVR0eAQH/BBAwDqAMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0kAMEYCIQCr/EBHm9goLO+J4YzoJI/JJxgv\nDtHdoPWRPPlXvIAECwIhAKfFKlg8tMHqBQjZVZkir4tW+oGX9UX+YyszV2JDIxUR\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUdtqWihcr2CRVgvoiu/9POeNLUiswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOA1F8KouAMCgZei+eQvouPEkmIyiwQfeJ/9AYM5BWzk\nLzlw/rhdumbqFo2I7vFfh5fh4N4mrh3lHMndGPnDzL2jfDB6MB0GA1UdDgQWBBQI\nIEhNzKIEx79x12C18yOqnQ/iwTAfBgNVHSMEGDAWgBRifV+v7wA/iIeEG4GCfvxt\nrarm8TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhANbipxJrJKFhJj2i6bgj\noz9rfyk5+5kdPfVvaOLbNKFaAiA7tzFnttFqEgyvd3uT6zLjiuOM4qdDdStMp9KM\nkrY3zA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUTtf/TFOV/qD2d+yA0xJNcLvhMp4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABLaEsr2Fa2jZrzzpb5DBjwbUcwhYeuNCiChCiTfjLtLC\nqJwTjoyweN1ZErRO5hApswiU1IgaX6Fo/qWpwlnW5oWjfDB6MB0GA1UdDgQWBBRh\n2IBi+nOif+H24B4G9PX0jIuYpDAfBgNVHSMEGDAWgBSRnX4TUpCLsZ7zrDNqDkOg\ntpDHADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIge5sOHC8gPgqzd+JIZqaM\nA2a03/L3Q447GNTToz57/wgCIGgfnUW8+Q9jlO9lA7S5zNT1D29g4vXaiRa6AMA/\nAS9k\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1102,10 +1102,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with an excluded iPAddress of\n`192.0.2.0/24`, while the leaf's SubjectAlternativeName is a dNSName.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUQl1s5GYmk06U3N0X1xnJzgD8FhowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARggZJbgZANldAUZxKp95p4Nx+v29r1m5+Kdjrv\nXq8nfeMtSSKPRp4yEsZO3QLG8Lh888lPvD7QvF8JxrzehFWho3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUvkXCTs/RfFbfD9z8XEXvqno0sMowGgYDVR0eAQH/BBAwDqEMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0gAMEUCIQDf7+ebnkpiO3/ikaKOSi//8CgG\nDsBBqbCRGWterauDmwIgM7nTElFjyvD3xcjHHiuyuz+HsObvQPOVljNDSngdV84=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUalntdC1A1JUqR3CS4KdRnfl5yGowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS06smWnl0ynC/Mg2FCRn1900+gKgm5FIbBUUyJ\nWvpudwtBR22GohXSEqIMcBC+2cbENvGAODeRy3qi0p2w2YJwo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUw5C4gTW/zjoRALu9p+p3Bo82rSswGgYDVR0eAQH/BBAwDqEMMAqH\nCMAAAgD///8AMAoGCCqGSM49BAMCA0gAMEUCIQC0t+MFnO6IApBP1iV4wfPKMRrL\nQb9UQEVEpCqk3+RzyAIgXvO06uaAyhnxAlzpAGRJWizAXk6Gzzb6sCbUkii2brk=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUDAkHnehQd2SJHrRvZFJBHoXcCDgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABPztyPruldCE4+HbodCSz2Tz0qv444JU9ksN7ePuKWio\nW/RYuNIpwJcfGGqqfbrznxEXDpN+wi7RtRiYI5kPxqyjfDB6MB0GA1UdDgQWBBTX\ntHy2wNbJrCHCBKff4P3+OxHMBDAfBgNVHSMEGDAWgBS+RcJOz9F8Vt8P3PxcRe+q\nejSwyjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgbZltTk8rBR11xQ3/dJDc\nqoSldBG8EzMn89zrHxBfB2cCIQCKvlocWj54wMqKh/RovPg8T2bfj/27JmySm48Q\ny4/hSw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIULUcnlkMVJmK6/mGqnsLaeHzHHn8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABB0vJPjzvr+ztRyOtsXpcwxpnM5Vi9/CHnilqcrMhdbS\ngapAzbrgEjSkrLNt7C4XFPhEwCFUWMd6XPLTzU6VUV2jfDB6MB0GA1UdDgQWBBQr\nkTyS493VZx8+k0RtqjFCnWJNPTAfBgNVHSMEGDAWgBTDkLiBNb/OOhEAu72n6ncG\njzatKzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAKySJZb1BWwPi1szVuvE\nQaQxQopG+K6jDwdrXJFrB/3eAiEA99b+J7++AlFhZrm4Xo8lV8obKlDCPHk/LynJ\no6ARYKY=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1125,10 +1125,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a malformed dNSName\n(uses a wildcard pattern, which is not permitted under RFC 5280).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUaF9GGbQzNJqvGZDE913ZGQGyuvEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATwfFcyi0CXo2nhfv9u+EzFJO/BvjtqRPF9SIXW\n3qr+vJsXU4AhWmF3mFyJRWenCzlQJn4RwOzeOyF8HdZ6q9lKo3gwdjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUHloZL4TOFZMk4DTqFAwj5be9bXwwHwYDVR0eAQH/BBUwE6ARMA+C\nDSouZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAIZ/RjC/7c9XrARbjHHe\nn3cl3JX3zQuF7yAOBu3HP1bQAiEAg1/ZE93VoUTfvKBSY64Dep1jDPEN41Osy2nl\nOktFJtM=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIURVWC93Kw0yoMHe1HKb7Al3NjsGAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASGiKAzdueCYbhqmB3cFLoXuqbWqOEzmw15Afrc\nX1TnI2GMQCc0Ctu3j9HiDr0AsPj0ykiCDfnOaKSG1717gZ7Qo3gwdjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUZ+LPX9OdAi1oK5i/0IJPC8ha/FAwHwYDVR0eAQH/BBUwE6ARMA+C\nDSouZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgYEyhT04Z4RbWx3VxZZZl\nPG8ZXJ5tVseoMH6sch+01F0CIQDYANgkem+zpDqXT/5RVhw+UE/sgIg7ZQlXffhE\nAehG0A==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVugAwIBAgIUW1Kxv1bTHpA9sZsq5eIZlqS3C8AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHd1f65AqCxz/eoQx4TFC0M/XkXFxhnXAQ8a8lXjQyDL\nzWBm4nqiJCn4CH+nsM7BH61ttJ3HBEnkSk+xjFsr87ajgYAwfjAdBgNVHQ4EFgQU\nGA9djmDSfnUTn+l7mGDxt22xxtkwHwYDVR0jBBgwFoAUHloZL4TOFZMk4DTqFAwj\n5be9bXwwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2Zvby5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA6k57h4Lmesjr\nGP5qyEF4rzzGBLWp7XmhCMci+CVSR6sCIQDs/TAUWh2kaHw9Icg53lfgO8n0pCPb\nipZA+0SV/GPmcQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVugAwIBAgIUWk2reyUyGGbiAVFtLNYLBDQlBbwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABG3Lg6DzzL1UeENEf9nwPLjItkdsFAE6+iZ011AWj2uv\nWt4X+1EZIpc0s/Zgm5gAsM3ocENOG1t2Bvt4ZalSXfyjgYAwfjAdBgNVHQ4EFgQU\n5P74nCOav4U0T+7kf6nVK+/nvpowHwYDVR0jBBgwFoAUZ+LPX9OdAi1oK5i/0IJP\nC8ha/FAwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2Zvby5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBSK+moHX5n7B05\n726raHmVd8oK2B9EaoSDyTEqAlXaswIgGzlAsp0w3J/SlUwxNJLZ0QOlfvRocBLQ\n94oMcHZRuFM=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1148,10 +1148,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a malformed IPv4\niPAddress (not in CIDR form).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqDCCAU2gAwIBAgIULiilcJWhuKxPizTDNGLIvsoGT/0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASe+qVNR+NkLD6klBwiL4YPO1vkW0fKgMZcObUa\n+OmGthhA+BAlsK408SogULlTvcWlSPLpoTSGESxAlc3zy280o28wbTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQULhW+XFHs469OAZmOWjVO8lXYzY8wFgYDVR0eAQH/BAwwCqAIMAaH\nBH8AAAEwCgYIKoZIzj0EAwIDSQAwRgIhAJsDqY+txtLjnSw9zebIHAgDYwNLdBjM\nezJAlCL3wHKSAiEAgsBnhkh0ofXzby/2Fa3CfRsIxWIvF1Xsqaud1cdvZD8=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBpzCCAU2gAwIBAgIUfX4mQGd0d5kAKOkJJCCFAbjXcfYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQEDIknCVnJCvEZxamPK1vqVSOqKX5CavlJNXDX\nuVy/59bbYb3Dfd8qS4eVWjGllAAq2kbFQYorNeJPtxRPwvwmo28wbTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUd27MkazZKNOr1wMGI1SjWEkjQ2MwFgYDVR0eAQH/BAwwCqAIMAaH\nBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIhALd2WJm6gL/4vwa4knL6SrPsNm3CNj2D\nLpCdvv+SollyAiBD18Mu1t72sOA62j7kHxxGJcvoEMrlzj21MH1/tL1NbQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqjCCAU+gAwIBAgIUefGW24qkj2A+OyPM5L6S88tIMGAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGTocHBfGOvZvI0/urMoIxvOHyfDhokKYov2TFhZjwiV\nHHjDhy3V8oH4k6sIgyqYvlJzWTyOF5QUUcwKDJtyI9ajdTBzMB0GA1UdDgQWBBRA\nGyl7JCKrscySI2bWbKCgyPJBoDAfBgNVHSMEGDAWgBQuFb5cUezjr04BmY5aNU7y\nVdjNjzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAnXoehGXu0wYz9o8N0GGh06hzEi2Y\n1jJK4ml78vRr/U0CIQCwMSJQR8VGrH/MldhY5XzimGzMz94VQI7U9xk5A4RULg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAU+gAwIBAgIUaLDH/UntmX4iUQS66Oawv/HtevAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABEdfZ3OT2/S7RiBEnZgfqu9Xb7rAlMI06MXK8Ga3oi7b\nL/gANUOrHYfVgrYe/hcvNdecpnEoruXpQTneMZ7Hn6WjdTBzMB0GA1UdDgQWBBTz\nPCWImiTuuHGUeRBr+RjdG7D0LjAfBgNVHSMEGDAWgBR3bsyRrNko06vXAwYjVKNY\nSSNDYzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgw\nBocEfwAAATAKBggqhkjOPQQDAgNIADBFAiAU94DuM9u+B5LzkYGTO9GPn0m6GwiJ\nLEp4TSf9JRp42wIhALxIvmsUshB42C3f7djftRObBXRi2O6y2RHnwUClN39D\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1171,10 +1171,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a malformed IPv6\niPAddress (not in CIDR form).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUOZcqehx3b9gtc/x7nC9Oo1cbqZswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASiZAlMwsCUkF162K6IhVVd1KnBBs2HCsv+hz2U\nGtDoB9D5AHpRZdy/aoum9ht0uETkH8AUw1k5lHfvwRsMVrgXo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUlYh+rfZHBmabr9dyHpE9qTM9Ru0wIgYDVR0eAQH/BBgwFqAUMBKH\nEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSQAwRgIhAKAzWOLy+rfWuvDd\ntKBiDNJKLAD5c7sb2UpSAHc1H066AiEA+GrbygsneIZrms0P5yKJq3MWnQDZ+0Jf\nx1MUk1QeuWc=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUJtqUAcSjkXlCWIswX5sCf9c0y0AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATgZT/bShk/Tjqt/ePDK6IgQtfAP4Fl5EGhtv5/\n+67denYjUm0Cc86tk4FySavo+mO+l2RsIKNkGU+vmxJMu8iMo3sweTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUl7nGpNpMZj2nduONaFKNYv8LC9UwIgYDVR0eAQH/BBgwFqAUMBKH\nEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSAAwRQIhAO/lbkH4jvteZyBi\n5nCHZWuK/XByvjoyq6GzOPfmVxaVAiBV8H3oHdukR7eKyBUxb88bNN78MXQf4FhT\nM3LSp9Qbsg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVygAwIBAgIUC/8JV7a7E4dJweqs/hZrITDGYTkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABA0Lfj9Ct/b09mjh4V0WKYkk1jjqHIoAiKMSUmyLWiUU\ndPsYhJSls64VG2lrD2sdvhIGi/YqAUgA3azABeyxuKajgYEwfzAdBgNVHQ4EFgQU\nrdjbVAt3Hpqv85UlrsSvu0nK3rMwHwYDVR0jBBgwFoAUlYh+rfZHBmabr9dyHpE9\nqTM9Ru0wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDSAAwRQIhAJ0WI9/sQieW\nUYLmmi1DdVdDQjXE55Ww1GGT4p+XTLdfAiAPvDpXr2Uz1+FH+H6bCc13jrpWJ3hb\nR4c9zy2kUkyOiw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVygAwIBAgIUPQBoeh0W1+cilClhikSBXUmKf/YwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABFA+KW7qeuysVejjiU23www5nY2+dIjmH5LRreKGWzd8\nrQn2IoIWL9TjB01tlEkglQ6UzNVaWP6+/gVGbqvFNpujgYEwfzAdBgNVHQ4EFgQU\nOueSLV3coPAgzPIX6Xvz37dhzakwHwYDVR0jBBgwFoAUl7nGpNpMZj2nduONaFKN\nYv8LC9UwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKHEAAAAAAAAAAAAAAAAAAAAAEwCgYIKoZIzj0EAwIDRwAwRAIgbL43eoD8dulU\nybwKEw41LHfjtF7mC3mFRA85KM0IP28CIFSrMAITq0jyu5NwvbKeWH0E5h+zKtdL\nvyfvQeIWmcE9\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1194,10 +1194,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE contains a non-critical NameConstraints extension, which is not\npermitted under the RFC 5280 profile:\n\n> The name constraints extension, which MUST be used only in a CA certificate", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUXINn7dvOco2HtFm9y65H+Nfif1AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT7pCrZXRkXLb2aX2uAOjbXz2h4rDj+Oq/HiUC3\nQ24bn3TjrDKJVMMeK24Yy8aKgXFQpd5TQxj871sfewTmghKTo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUBVAzUawDbCHggTeaExLMfDXdQFQwCgYIKoZIzj0EAwIDSQAwRgIh\nAObVVeFGvCrgiB6Pf73F4kxh4rNtpSghlDUdoYlrd2X3AiEA0gCJ30WCHmctXjV/\nj8DfMPK1hswNBfFjBqt+4RLEpMA=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUdaS7F147heyIdIQNtYLcdCfk6QQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARR1D+wqEq4oGiM+IsRW3+EjgwY2W+RehRXHU6B\nm6vgJg0MG2cmmtSvc18loXRuOrllDdOLM1qMetTwyscxxvB0o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUPQazOC2PX2Zt0DpkPMVEVtt7oCgwCgYIKoZIzj0EAwIDSAAwRQIh\nALmKVsVOsexg/Q93jN+Cozmy8eiO7bSVrkQfQgg6CE9BAiBbsZxLsM+FToTPv9dn\npOgSJh4GvML5k/iunqfm97YXZQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBzTCCAXSgAwIBAgIUPUFE9LYWId2lpRcOowjisBMltTEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBhgiaUiRsebPe+3mStUtoZTph7nZEiK+BvhZR87BrsB\nYOjYh35VvQcUTH8soO5q8l56At9aKysvuwnVn3vbB9OjgZkwgZYwHQYDVR0OBBYE\nFFMM450viT+LhMZocwl21Mcnw1kzMB8GA1UdIwQYMBaAFAVQM1GsA2wh4IE3mhMS\nzHw13UBUMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAaBgNVHR4EEzARoA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDRwAwRAIgBTVGPKm0wvUlWH0VmE0ogrp+wuyU14shFrg0AbTnDeYC\nIC7z8KfvE5X3UXYwS3AGpfp9PPQkbdTo0FEZCINja6Ux\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBzjCCAXSgAwIBAgIUREMnLGe3um6iCUPKj6UkKsP28XkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDR7vtHYLhfX10g538jMX1dHc6LKM3TuJby2flImZr35\no2Z2M+bVzdKjQnpZ3OG8Oue3M9h7pbFn9r7z61XGC7ujgZkwgZYwHQYDVR0OBBYE\nFD33aBT5SYE9A0dFj0/vllsFwUfRMB8GA1UdIwQYMBaAFD0Gszgtj19mbdA6ZDzF\nRFbbe6AoMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAaBgNVHR4EEzARoA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSAAwRQIhAJCJBy1s/8emMPNSebnhvvDZT7SlDnFWU5mtaBI/DR+1\nAiA+1hrA6xzFM10Eat/hwqbytVp2llAuNnLopZvSyjpXww==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1217,10 +1217,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE contains a critical NameConstraints extension, which is not\npermitted under the RFC 5280 profile:\n\n> The name constraints extension, which MUST be used only in a CA certificate", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUUSXZCvJRO6nO9OBw4uLQq4ZcxyQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARkkSyHrRulXuiOnyNx/hkV7hSU+VzAg7iYYvRG\nsx5QoEYrvvnbU7zN4LMWpZMALYQz9AbiGCzZ9/VfAEtB9NY+o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU/49UjEU/oIhWQuDINfZ9mMJhHP8wCgYIKoZIzj0EAwIDSAAwRQIh\nAPR9MaI8/yTinxViGDg9nSMBpfRAz3/TXc1gz99c99ayAiBuDB+cnOprHoPuLfP4\nYoUy5osDbJeJ/Qb7C3dTW7OBiQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUDbdjg/ZE8aqI2tjyCxlGuDmgYJAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASZ7m6jfGo/z6+R6zRVoMHMOLM9oiBoD1QFZZWD\n+S30wp2pW4TSJN9LO90VXNuFKdU3uMF5jHZwezv4+nZYX4ODo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUOYKzAmfQGmPkInHsoM6tVys1xv4wCgYIKoZIzj0EAwIDSAAwRQIh\nAMLj5cUv1yg/c9Uj+NLBwQfanD5mZmLhFK+vm7xi646LAiAx68yuhD0K69XSAWt4\nT3ktaHAyETnbP06yDfzNjyMyAQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB0TCCAXegAwIBAgIULG+mmsGcOQgg4VNLHsX/ssiQfQgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMuDQ8KKE1u/ztljgqLYO7rrYvBdFoHz8FLN1gQeti8U\nazATV2qYPXkVDt01um4cShpTo7dqYyvK9nZF8oO2qYijgZwwgZkwHQYDVR0OBBYE\nFLtwMXCP1/nzbG5K08O3S7eU6YluMB8GA1UdIwQYMBaAFP+PVIxFP6CIVkLgyDX2\nfZjCYRz/MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAdBgNVHR4BAf8EEzARoA8wDYILZXhhbXBsZS5jb20w\nCgYIKoZIzj0EAwIDSAAwRQIhAM9E5RrO4l8xNFSOXGtdZYwE1kXkq62cTR20baQG\nuMrMAiAQPTMCM4Z1cIZpcuc7hDa8ipMGExq6IKkeZYBH7UIDgw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB0DCCAXegAwIBAgIUA08xv3EZ8RdoGqj/OIlhEbPqiLIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABKYAEfZaGqZRTe9j/+Fq9ur9w2OPaV0fhpU+Qd26wAun\nqD324VJy+xZ1CELSiXHw9PncyyZGozjlZh3tFCahlKWjgZwwgZkwHQYDVR0OBBYE\nFMEVzuADslBFlMnYO+zrd2STpyubMB8GA1UdIwQYMBaAFDmCswJn0Bpj5CJx7KDO\nrVcrNcb+MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAdBgNVHR4BAf8EEzARoA8wDYILZXhhbXBsZS5jb20w\nCgYIKoZIzj0EAwIDRwAwRAIgIEKe4St23dweJBaRIur+3z9QBiB3D8uSdub0Ska3\nTuICIADgE5Dm1wQBhFdZjiR/2VWkRNafXbWlFfAXFsyxMBZe\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1240,13 +1240,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA1 -> ICA2 -> EE\n | | |\n | | |\n NC SAN1 SAN2\n```\n\nICA1 contains a NameConstraints extension that forbids\nSAN1 (forbidden.example.com) and permits SAN2 (permitted.example.com),\nwhich should be rejected under RFC 5280:\n\n> The name constraints extension, which MUST be used only in a CA\n> certificate, indicates a name space within which all subject names in\n> subsequent certificates in a certification path MUST be located.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUZljgqiNl4aiP2JAmylN0t1NvFcAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARe/8LhKlE1ofP1cP1rby0xMxprQskISwpXaoWW\n+H+OO6GBM0Msd2ZQ1ZX+W3Bz3UcPWGX7sAdsKgiHsgKaJ3gso1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUS+24IL4iOV20tGhzU09Pf5x0gnQwCgYIKoZIzj0EAwIDRwAwRAIg\nOUsctAUpDmW7DPjAc2rK9jHd8/fta2OCNAyF7AqQDFcCIC+bWqbJuF1JNB25D471\nGiZyWzv7rWSCe5EXbubCWL8w\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIULtK30ucYdg1Vr66HNgZapiV5t7cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQxTuiaApoW5RKbB5wM+L+woned3Is6FnL4lweM\n7y/6dPq36IrljLVuJlv+G098ZC16GPt2OX8cuqOw2XS1cDF5o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUpHz5jVoTTSv4K/Alh616f235pY8wCgYIKoZIzj0EAwIDSQAwRgIh\nAK2SzfVdD5cDBDrTKG+jrrJs4l8PNR+TCXHV7yaDVT8OAiEA0VSIycUgtDkcsvUY\nx031PonVIf3dZy5ls+cz+AxOS2A=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICRjCCAeygAwIBAgIUAmGTBkAatK33ivJDE5wu6TIxyyEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA1ODQyOTkwOTUyNDg2MDUzOTU4OTUy\nMTc4MTM1NTI3NDU4NzA3NjgyOTY4OTE4NDAxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABHPU08svyZLpLSGMOHvyZkfM4OGpuJgVw/iJNjiscr1ErTry2TYPP7tqfgsp\nJPFyJy20F6ComfXcS202D6KSpHCjgb0wgbowDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUS+24\nIL4iOV20tGhzU09Pf5x0gnQwHQYDVR0OBBYEFCG+vBN730PI6qdmImB/gCntHD/H\nMEIGA1UdHgEB/wQ4MDagGTAXghVwZXJtaXR0ZWQuZXhhbXBsZS5jb22hGTAXghVm\nb3JiaWRkZW4uZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAMwMwGmAre18\nNTbD5RxPyon/yU9GrBdz3sxJVSo6UNuRAiBgjcC/7HxkOZhoV0hXOeMqbxaeusQY\n31Xu0u0rtc1ylQ==\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICWjCCAgGgAwIBAgIUWenhkFiXxOlD7UY2YOUaaoQqH1UwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNTg0Mjk5MDk1MjQ4NjA1Mzk1ODk1MjE3ODEzNTUyNzQ1ODcw\nNzY4Mjk2ODkxODQwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGkx\nODA2BgNVBAsMLzEzNTkzOTYxNDU4ODQwNTc1ODQwNDUxMTUzODEzMTIyMzQyMTU1\nOTI1NDQxMzEzMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRo\nbGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARNfOVjV67ILtvmcRiu\n0o5CEGGB5DsWmpNX0osyTm4N/sjPmDqJdaD15D6VyJk5Lfdctx4h/Twz2ng2VOjL\nm8fho4GDMIGAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMCAGA1UdEQQZ\nMBeCFWZvcmJpZGRlbi5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQhvrwTe99DyOqn\nZiJgf4Ap7Rw/xzAdBgNVHQ4EFgQUfUKDvH2Bc9jjf3EbHYinG9BzGUEwCgYIKoZI\nzj0EAwIDRwAwRAIgM0LW3qz7QBa2Yo8/mGLxNvqdyf90TFLnLlWZsr1J1jcCIGik\nKanYOYdRWvX+B8JFUbbyP9/0/HVZheZ02GWzdwgr\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICRjCCAeygAwIBAgIUBWgz0vvX6t1jNiHP7qmBi1bs4akwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyNjczMTI3NDUyNjQzODkyOTEwMjgz\nOTkxMzY4MjM4Njg2MjEzMDEzNDQ3NDUzOTkxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABK5Lh9Kl3KHzoiSXs0IdEeqpsLhI5RAnNMyqhvVkPSsn8FjfumjBTAJ5IcSH\nPgx3+alREr1RLBo0zSaOQHwHfcejgb0wgbowDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUpHz5\njVoTTSv4K/Alh616f235pY8wHQYDVR0OBBYEFHjIMU/foiNM70iA7sGRRji7wYOB\nMEIGA1UdHgEB/wQ4MDagGTAXghVwZXJtaXR0ZWQuZXhhbXBsZS5jb22hGTAXghVm\nb3JiaWRkZW4uZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhALb+pVWCOBxI\nowhIijIkngyf5QHfzIBbvukyGKb92BMVAiAasz3d2qYRuuPNW2OaMQE/rSy1iojt\n5fzAoJgoThFAOQ==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICWzCCAgGgAwIBAgIUG4/fj0kh1nT6z+fKB5u4YjOG6W0wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjY3MzEyNzQ1MjY0Mzg5MjkxMDI4Mzk5MTM2ODIzODY4NjIx\nMzAxMzQ0NzQ1Mzk5MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGkx\nODA2BgNVBAsMLzMwODY4NzQ1ODc1NDAzMjg5OTg4MTE2MjM5MDM5NTE0NjkxNjU1\nNDM5Mjc4NTA1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRo\nbGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATsj4hegbcwDXVwuPdU\nnEBLvaL36Y6uyDL89KvNRfNNkrMIaf2s+QfTM5R7gEBjPvvD+Es3fh0fi2UPXLSx\nhukoo4GDMIGAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMCAGA1UdEQQZ\nMBeCFWZvcmJpZGRlbi5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBR4yDFP36IjTO9I\ngO7BkUY4u8GDgTAdBgNVHQ4EFgQU61ZdEWH5Sm8IyqIWU3vdkLGYlaUwCgYIKoZI\nzj0EAwIDSAAwRQIgYlFz3psicukt9/dHFCv2ehF9iNgluMrIOXYqCbWD+K8CIQC9\neH664YwSJPacQSZKryxrm2cwxEIMx/JM1JE2Pynsjw==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICDDCCAbGgAwIBAgIUHVDfeJZAZpjovlWZB7TR54TW4gEwCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvMTM1OTM5NjE0NTg4NDA1NzU4NDA0NTExNTM4MTMxMjIzNDIx\nNTU5MjU0NDEzMTMxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEU\nMBIGA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQn\n2ub/Ka+NehTjvV+P41I9WLXgQmcOVx7yoK3eZTSYHq7jRRhZWMpnwBTaXCBirgJS\nc+Yi7SxQ3qeHT55nHhOYo4GHMIGEMB0GA1UdDgQWBBQ9HSqFPdMiHdt6wR7xbp13\n3UNwkDAfBgNVHSMEGDAWgBR9QoO8fYFz2ON/cRsdiKcb0HMZQTALBgNVHQ8EBAMC\nB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwIAYDVR0RBBkwF4IVcGVybWl0dGVkLmV4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDLl3GAXi0L5/ptJ96VFOp9ujCV\nbRlJzy+9U88zLlQdkwIhAPJzvJHxNLP+KKd40pwR1ffYA57jzBhUOKHH8hRzHWoL\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICCjCCAbGgAwIBAgIUcB+z4TAcibknTPCdqxvIQ9FHzUMwCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvMzA4Njg3NDU4NzU0MDMyODk5ODgxMTYyMzkwMzk1MTQ2OTE2\nNTU0MzkyNzg1MDUxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEU\nMBIGA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASZ\nbsTpEvIC+H6e37/bNddOpZd3/uDxBEcuyMYAfifEBYb5S2ix+bhVQv2oqilXyZHS\n/7ZGMV1gE0Z3LJgDXSvpo4GHMIGEMB0GA1UdDgQWBBR5J7BGz/pXiRlOLJOA6Wdp\nn1QkkzAfBgNVHSMEGDAWgBTrVl0RYflKbwjKohZTe92QsZiVpTALBgNVHQ8EBAMC\nB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwIAYDVR0RBBkwF4IVcGVybWl0dGVkLmV4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCICccJTwZEVmHzOqz32aKYmAFcHK5\neYuhlB2cVVSi6M8PAiAe0Fpig05QSEP3fdQJTx3RievTXsQ1hvwn8XK8ibwDhQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1266,13 +1266,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA1 -> ICA2 -> EE\n | | |\n | | |\n NC SAN1 SAN2\n```\n\nThe root contains a NameConstraints extension that forbids\nSAN1 (forbidden.example.com) and permits SAN2 (permitted.example.com),\nwhich should be rejected under RFC 5280:\n\n> The name constraints extension, which MUST be used only in a CA\n> certificate, indicates a name space within which all subject names in\n> subsequent certificates in a certification path MUST be located.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIB1TCCAXugAwIBAgIUKi2bdgP6xj8ak8v9Kp0iN/+1LdowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASCVCdyHOGRRYTa3gad7A885JAz6JsBNE816Tmi\nekYVIWhqDnO9Q8QJ9bFUYXH3LQrq7aDtKsE8AfJJKVeOiOHPo4GcMIGZMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBSt4tpo1IGLR6+bJZqGN2J3+n1qXTBCBgNVHR4BAf8EODA2oBkw\nF4IVcGVybWl0dGVkLmV4YW1wbGUuY29toRkwF4IVZm9yYmlkZGVuLmV4YW1wbGUu\nY29tMAoGCCqGSM49BAMCA0gAMEUCIDlPz08pqe5AXv4VK1Ig3/T6cZgl+iEh131U\nUGNq1KFnAiEA38Iw8I2nDDjjDBRYhkaVMhD1vTfP7xQ918Qhwa/1p9s=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB1DCCAXugAwIBAgIUB3Y4J+FQxYQjUdA0IWsvJKP254MwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATEsL3my3kJ0piXfpk+tLWZE44IXrkbXuB56NBv\nvA0RxYgkRtzMuwxA0FOdKSx7zmOBNzXxZnI8sFHDimoX5f7/o4GcMIGZMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMB0GA1UdDgQWBBRFMYY+yaIFR/2U5rxhjCKY37KC6jBCBgNVHR4BAf8EODA2oBkw\nF4IVcGVybWl0dGVkLmV4YW1wbGUuY29toRkwF4IVZm9yYmlkZGVuLmV4YW1wbGUu\nY29tMAoGCCqGSM49BAMCA0cAMEQCIECv9TPePb9CdL6gzu6O1GnNBdz5A3cIoq43\nxiw+UfalAiB7dbQkbVY0Uh+1+1CA/7cCEViX+edAl0Q3s2Yz11FL5A==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUHhXOEv/XhlDEZUKeziKrtyNcUicwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyNDA3OTQ2ODg0NzE0NjM2MzY2ODY4\nMTk1NjcxODg5ODM0Mjc1MTAzODU4NDc3NzAxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABOI/s1jmbUdDH7zFJuSu5ItVkd+Z+oi49BzXKktbYB/tHIAcYxE0WWoeZjhE\ngIFqQ8tk+4pHeQMEIBRg9W2t4WyjeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFK3i2mjU\ngYtHr5slmoY3Ynf6fWpdMB0GA1UdDgQWBBQRF+OTrgGxZYktl0Yp0kdkNCCp1jAK\nBggqhkjOPQQDAgNIADBFAiEA+p2IGYpyxkGed8FpVYAt77xtP7j95wRXbxfVJh6t\ntdACIGzf0HDEGpcT6KbJACDTJ7jh5qbr8zJKFkQz74ddIBup\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICXTCCAgKgAwIBAgIUEL5MvYJf4jpnlBuZdDW9LRE8Wz0wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjQwNzk0Njg4NDcxNDYzNjM2Njg2ODE5NTY3MTg4OTgzNDI3\nNTEwMzg1ODQ3NzcwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGox\nOTA3BgNVBAsMMDE3MTc1NTk5MDM2OTk0MTA4Mjk5MjMyODAxNzMxNTY4NTkyODMz\nODcxODQ3ODg4NzEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAER8nDuLc69e7K+r3H\ng5WOKbfFq1dF9MSd8ceS6w4OcIH3QISlhccLVClpRAUg684V47VDr+t07Ax1yE7a\n6H3OzqOBgzCBgDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDAgBgNVHREE\nGTAXghVmb3JiaWRkZW4uZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUERfjk64BsWWJ\nLZdGKdJHZDQgqdYwHQYDVR0OBBYEFMUHP7sJs4emnHfj73v7fjBMdtyNMAoGCCqG\nSM49BAMCA0kAMEYCIQDVsQ38QObun4XpOFbeGSx7bQ88LUmk3keYty+l6TH1BwIh\nAP4WJo4/34MJBexUuxHfg7FI9MN9/D5P5fxNKcue4m3D\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICADCCAaWgAwIBAgIUIRZTNO5qTlCQGGNP+1SHuTIuIl0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBpMTgwNgYDVQQLDC80MjU5OTMxNTE4NzcxMzY2NzU5NDc3\nNDYxODMzNTM0ODM3MTcxNzk3NzcyODg5OTEtMCsGA1UEAwwkeDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\nQgAEJHyAi7535/g3WUntrgxMNIcy9rcahaso2xKhSguF0j6CWFxpHge9Z0d/1hzP\nKxZJ9VhXZi53wKGA/BYIeCKoN6N4MHYwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAURTGGPsmi\nBUf9lOa8YYwimN+yguowHQYDVR0OBBYEFObfklBfvx6vID0Pg3KWIVgOvDL1MAoG\nCCqGSM49BAMCA0kAMEYCIQDqxdt2riEvQN/dczTlczKMe04k8nyrbOhOE40siUNm\nmAIhAKWKSD6Sa7y8iqCzTUJ9VISGmh6pxnfjRM1I/AGYli+V\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICXDCCAgGgAwIBAgIUOhFPJxKOpqEo+jYxGmBV7zD0kUIwCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvNDI1OTkzMTUxODc3MTM2Njc1OTQ3NzQ2MTgzMzUzNDgzNzE3\nMTc5Nzc3Mjg4OTkxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowajE5\nMDcGA1UECwwwMTg4ODk0NTYwMTYyODc4MDI4ODcyNjkxMzgzNzIzMjY5NTgzMDkw\nODMwMTU2MzgxMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRo\nbGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASUtNODiW6ZTtzEtrz/\n9BfSiNerIeFaIwqkPONOcgCBr/dAMOlBjptTdJ6IPWHV6AxEzNh6zl1NCi+3nkmB\nICb1o4GDMIGAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMCAGA1UdEQQZ\nMBeCFWZvcmJpZGRlbi5leGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTm35JQX78eryA9\nD4NyliFYDrwy9TAdBgNVHQ4EFgQU+avQrFEocTzyunaKj0OI++WhN5YwCgYIKoZI\nzj0EAwIDSQAwRgIhAKQAyOpaIGUPFq8UEiPjVGbSmqv1NVesrjnLZdMflewbAiEA\n1e9yRg25QjeUS/DcB7XNyZgZomsCJy3uTOgUeJvmxBQ=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICCzCCAbKgAwIBAgIUQr3+1WAxV6hqAoZFNQ5QF9PcV6kwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTcxNzU1OTkwMzY5OTQxMDgyOTkyMzI4MDE3MzE1Njg1OTI4\nMzM4NzE4NDc4ODg3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n2JVz2bCHFtie6YhX8PkoaBCUWOZQB7KkxzSeCJhZJS+Mx7uHileznoNdkHR+vvhb\ntFoDT+aoX7Imds+LSh7mv6OBhzCBhDAdBgNVHQ4EFgQUruJ6/XVstknWjstZRfnB\nUq2at4YwHwYDVR0jBBgwFoAUxQc/uwmzh6acd+Pve/t+MEx23I0wCwYDVR0PBAQD\nAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCAGA1UdEQQZMBeCFXBlcm1pdHRlZC5l\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBWpxzMSEEYG5jYhRAFQsw6H3TP\ntVXyplEFSNF0kZQ9KgIgBkaQBElMFEvn3UVWpqBAy10aMG2M+XwTzJnz1q2CcII=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICDDCCAbKgAwIBAgIUP/PjFbogiUV+j/lXQDUhpllGi10wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTg4ODk0NTYwMTYyODc4MDI4ODcyNjkxMzgzNzIzMjY5NTgz\nMDkwODMwMTU2MzgxMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nV/ZjS18Cq29CUzA9jKHF2nfTxQ/maJtJS91EDTQBkB7l5HmI6oyL8NKovpFybS7d\nC8ibi981G2OrIBoaNAZ1s6OBhzCBhDAdBgNVHQ4EFgQU6h4VJMe8bjDJBN+jqtWF\nlD0mXlYwHwYDVR0jBBgwFoAU+avQrFEocTzyunaKj0OI++WhN5YwCwYDVR0PBAQD\nAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCAGA1UdEQQZMBeCFXBlcm1pdHRlZC5l\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiBkW863DAy1XAgsbcEsgfxP2zWR\nvK1C95mCaxxDvFk4jgIhAM3l3I4zf5A4sG0G3G+e4tS7oBn+CTLyYB+QTc/KIxYR\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1292,13 +1292,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA1 -> ICA2 -> EE\n | | |\n permits: permits: SAN: foo.example.com\n foo.example.com bar.example.com\n bar.example.com\n```\n\nICA1 contains a NameConstraints extension permitting `foo.example.com`\nand `bar.example.com`, while ICA2 contains a NameConstraints extension\npermitting only `bar.example.com`. The EE then contains a SAN for\n`foo.example.com`, which should be rejected under RFC 5280:\n\n> a name space within which all subject names in\n> subsequent certificates in a certification path MUST be located.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUA6kAgOwi9hKKsiEHLLBI2JPFhj8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATQCT7fEp3o8oMs16orul7lEDY2NFk02bhXgwhX\ncAdvewQEqaE/jQ2Pi1emNfEQSRlLk+W5prQIPLvPkszmlNj3o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUCygiMPkCi/9vACnRpTotd0MvpAMwCgYIKoZIzj0EAwIDSAAwRQIh\nAL8SdA1H/IRuau1L1OgXh8BgHwE5cAhw5dOWjCEu80WVAiAYuKI71Ga+REg1cf5Q\nv+VfGadw35gCcPvqPAbNkepIig==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUc9r9ieqKxDQCsYNoV0dN4F9urN4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASjuba5dFbiCDwFXO+M+r6az5WBz+yXsI7I1RTm\nOZk8d6kJWGCKMa/2kWqzGbzmnl1S+UObjWNN1hK70cYGyuEho1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUbIpFYhS+cy2XbExcuIiC886tqaIwCgYIKoZIzj0EAwIDSAAwRQIh\nAIBX9Ne/QZFS4Q6wH8wiPmEtIaCzSChyZQqEZsoKh/eRAiAX64pubKdJvilj8dRA\nKWqPkJ+ishk2FVfiyKlGY1Gi3w==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICNjCCAd2gAwIBAgIUavjrhPE95mnUa4tKcq/TNhAJKI8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBpMTgwNgYDVQQLDC8yMDg5NTg0MjEyMTA0NTQ5NTgwMzk2\nNjMyMTE2NzQ1MDQ1NzMyNjM3MjYxOTgzOTEtMCsGA1UEAwwkeDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\nQgAE59987ZCFM3L2iO19H32OWg/7JXV49vptaRC9T92+zB/JOdujv1wqkkEBiCfQ\nJEvt37pJ2FOr8qWEwoC9R/SwfKOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud\nDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQLKCIw\n+QKL/28AKdGlOi13Qy+kAzAdBgNVHQ4EFgQUe070GW0ga6jsSnsS2QZZBisr7xUw\nNAYDVR0eAQH/BCowKKAmMBGCD2Zvby5leGFtcGxlLmNvbTARgg9iYXIuZXhhbXBs\nZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgMnIb809bCHpY/uZhBAw32HJW96Rg3w5d\nI3m90cNKbCUCIEeGXBLw+3vlVxK6H7U30AGzSVCJHuXAcCuoMYpouoqY\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICdDCCAhqgAwIBAgIUe7X1G7u0Mi8Nqci6ifI99PGK4OEwCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvMjA4OTU4NDIxMjEwNDU0OTU4MDM5NjYzMjExNjc0NTA0NTcz\nMjYzNzI2MTk4MzkxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowajE5\nMDcGA1UECwwwNjEwNzA0MTIzMTQxNjk0MzMxNzYxMDk1MzMxNjI0MjMyOTgwOTM5\nMjY2NDAyNDQ3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1wYXRo\nbGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ7o3MM74RZSq6Kbak0\n4vGdwbi+R9Tfkwb425zebaGdZYMV1rxNFPSouN7V1mg5Gm4xIgCs0JwIfQSH38+R\nhcOqo4GcMIGZMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQP\nMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFHtO9BltIGuo7Ep7EtkGWQYrK+8V\nMB0GA1UdDgQWBBS8IdhYP21jrgzQdFSEWsBDcbuWSzAhBgNVHR4BAf8EFzAVoBMw\nEYIPYmFyLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQCXabV5hTVbqsce\nnbhwYq0jLxKH1e/soXxGKG0FhJSCbQIgZDM9D5GzrvzGnqJ64+WVDT/InGWHsQE+\nrDeRs1uvgsg=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICNzCCAd6gAwIBAgIUYcy2uu1ZmM9WY9tsXgFACmQo4r8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA2NjE0MTc1ODc0MzY4MDYwOTIwOTU3\nNjU4ODAyNDQ5NTEzNzM3MDYxMDY0MTYzNTAxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABFUxs2PSP7+5h43Q51JUw8W3rvPqD6oyWxnT6GNymAH7t+T5jAVrcM+G3rGP\nDNLUiOGvkl/M6o20d4XpDmfiG4yjga8wgawwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUbIpF\nYhS+cy2XbExcuIiC886tqaIwHQYDVR0OBBYEFN3YJRmRc2ag7VUzvCq0IqwLUYkS\nMDQGA1UdHgEB/wQqMCigJjARgg9mb28uZXhhbXBsZS5jb20wEYIPYmFyLmV4YW1w\nbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIHYOVPUm8/iQmEggI3AEeIGADN1J5WXC\nzj8YFjkf1kx6AiAXiPqDsUGg/ecQbvXHrGHMQjMBA5WwcFbPsMoMkKxhnw==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICdTCCAhugAwIBAgIUaduWg20CsktV5WGTTZMhsDze0BQwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjYxNDE3NTg3NDM2ODA2MDkyMDk1NzY1ODgwMjQ0OTUxMzcz\nNzA2MTA2NDE2MzUwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGox\nOTA3BgNVBAsMMDU1ODMzNzM3NDgzNDQ2NDc1NzQwNTU5MjYyMDE1MzIzNDAyOTU2\nMjEzMzI3NTMyNzEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELtqvtxotA2qSqWgq\nIVqZyQMLqTPOlBdA9K84vFEikHPqS3gRckFTtDzewKA7imctLMPh8twW0LEPDPiw\nIm1xGKOBnDCBmTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBTd2CUZkXNmoO1VM7wqtCKsC1GJ\nEjAdBgNVHQ4EFgQU+alOqOFN38kKW4iNprMDzUIKnnkwIQYDVR0eAQH/BBcwFaAT\nMBGCD2Jhci5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiBtav6S7cGzZI0c\noTUoiuzsPSPtb6/wrU9gSKU1eRFl+QIhAORhlQydadAqp098felWholGXCnR+43g\nQ1Swz4csMUdY\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICBTCCAaugAwIBAgIUaICdC3OZBpTzJmVbtY8YGk4fRyUwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjEwNzA0MTIzMTQxNjk0MzMxNzYxMDk1MzMxNjI0MjMyOTgw\nOTM5MjY2NDAyNDQ3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n8B0B2KyNx2GhnAQzCmktP66hJfeZOhWaqospuDuhkfTGgztiQB60jR9YZJB+26F0\nvoYLeZOlXVodJ7fxM8uPdaOBgDB+MB0GA1UdDgQWBBQg10TOTwRsHtnyC3OvB915\nbknmZjAfBgNVHSMEGDAWgBS8IdhYP21jrgzQdFSEWsBDcbuWSzALBgNVHQ8EBAMC\nB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGgYDVR0RBBMwEYIPZm9vLmV4YW1wbGUu\nY29tMAoGCCqGSM49BAMCA0gAMEUCIGCXpOsGKiE1Nu12Kjw/03gbiVATjrGvK9ev\n5/2pXsbzAiEAj5dzS6RQbFKAuyAosveeN2ToX6HyG3BJYBIDLidgYaw=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICBTCCAaugAwIBAgIUAlAZ6PHL8mUwYtN/o2VSJ7Ln2xkwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNTU4MzM3Mzc0ODM0NDY0NzU3NDA1NTkyNjIwMTUzMjM0MDI5\nNTYyMTMzMjc1MzI3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nnZR37h/lbP1jPM4v7vOOUTYlTUXk9tmco3xl//QrNgQmNM6ES602XL14852IUbhK\nlZeSe2y8j9IVyC40u4PhdaOBgDB+MB0GA1UdDgQWBBRNhc4ytyO9OuiAA42ijwo8\ngvyC8DAfBgNVHSMEGDAWgBT5qU6o4U3fyQpbiI2mswPNQgqeeTALBgNVHQ8EBAMC\nB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGgYDVR0RBBMwEYIPZm9vLmV4YW1wbGUu\nY29tMAoGCCqGSM49BAMCA0gAMEUCIQCzfMPsKkY6+RAxAa8Uv7KYceMwFzJEk6sw\nV8+kYMsqlgIgQ27ltz6BhpHW163ovjUdOW91Ymj3b3dTCPx9z3LfNJs=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1318,13 +1318,13 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA1 -> ICA2 -> EE\n | | |\n permits: permits: SAN: foo.example.com\n bar.example.com foo.example.com\n bar.example.com\n```\n\nICA1 contains a NameConstraints extension permitting only `bar.example.com`,\nwhile ICA2 contains a NameConstraints extension permitting `foo.example.com`\nand `bar.example.com`. The EE then contains a SAN for `foo.example.com`,\nwhich should be rejected under RFC 5280:\n\n> a name space within which all subject names in\n> subsequent certificates in a certification path MUST be located.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUMdoagyhu3n6iWUdD36ZM95dA+kMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARLnuocptpW1Nhw9PHgB37hbWrwxt2D7T1EpaVE\nCQg7rxox3i2iyyxrNXegOOqZhozmXxx1ckjrfePUqR+t0OCBo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMzYgrx1jH0X2SUoK50mN0mXVvPMwCgYIKoZIzj0EAwIDSAAwRQIg\nBpy/fWRw09lCSCI3JpPr0IYXpqPI0GOa7l107BNBbJ4CIQDCsD83dHYzYQo8awwJ\ndvOa1zZsKZN2Q0EfX4IAbM/6Cg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUPPvXloiGtmfUkfo3kHtbb6vr4UgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATxfZg9IvOiQpjowCDWs5P0t3d6F5Wt206XsGVL\n7WgsLuNDdvNi5VSoldLDtWZExCMk6cJzra4TyJj6KmGq3OV7o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUgAwG3D3UnUqCbupem9BvWCRSdGcwCgYIKoZIzj0EAwIDSAAwRQIg\nCml9lSfjgzZvYcNpBkLR36giFvzVEOvF/oCaXOL42IsCIQDSyrieANHCs6MM2FXj\nPsQ/AsEPwuPGm1Km2y9b7n2SZw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICJTCCAcugAwIBAgIUAOryAAlySjGoirZkfVsa57nlmjowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyODQ2MDQ0MTk3NzM4MTY4OTAxNTUz\nOTA4MTg0NzE1MDE3MTE3OTAxMDgxMTM0NzUxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABLCEaNkyNhE0JILfANlPFOELPOhWqfyoso7re/Ft48KJmf4d7U41r/eTjhxj\ngNG3kHX2bX7md9m8WlMr/Sr7Gb6jgZwwgZkwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUMzYg\nrx1jH0X2SUoK50mN0mXVvPMwHQYDVR0OBBYEFKL5QF6xMeHcHLPiwDEpcy3Ewj+t\nMCEGA1UdHgEB/wQXMBWgEzARgg9iYXIuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nSAAwRQIhAJYRl99pz+2tIS6mnA7UcFiqOOPB5/ZZIDoxMELMu3jpAiAjCI6TP7uK\nd8+/m8D/odEGOo49EUOQMIbCBWo2EL+nlw==\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIChzCCAiygAwIBAgIUFYGM/YrGnol1NUZGdn0lDlVdfO4wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjg0NjA0NDE5NzczODE2ODkwMTU1MzkwODE4NDcxNTAxNzEx\nNzkwMTA4MTEzNDc1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGgx\nNzA1BgNVBAsMLjUyMzk0NTU1NjIyMDgxMzA0MzEzOTY4NjI0MjUzMjk5MDY4Nzkz\nNzU0NDg2MzQxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBhdGhs\nZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEuabK9UOnnYWJ9EMnf/\n9Q8KxeYONFF3sNM2sL2hieTzlntD3nxbsZnYfaI3ClYYl6AtCqoFc6ts8EOW62bd\nIpujga8wgawwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUovlAXrEx4dwcs+LAMSlzLcTCP60w\nHQYDVR0OBBYEFPEdiyMTtbJtHgMhAcQ5lUE8RhdfMDQGA1UdHgEB/wQqMCigJjAR\ngg9mb28uZXhhbXBsZS5jb20wEYIPYmFyLmV4YW1wbGUuY29tMAoGCCqGSM49BAMC\nA0kAMEYCIQD6kFnaF/0LHWc9yrl3GXkve6U3hd/4r8N9x/TifwfyAgIhAI2XKX8K\naXmxgFZl6KVAkP/q4IO3ulGWTTbdc9QHxzPi\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICJDCCAcugAwIBAgIUX/ANvNqgW2ELhaudAp6roUSA/JswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAzNDgxNTU3MTM2NTk1NjYzOTkyODY5\nNDA3Njg3MzE4NTQ0NDA3NjI1NDk0NjEzMjAxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABKnQwOJFFVfev/xtvwfDL4H2OkA3t/Xq/95+itKaH5jKxvG6G5mkEj+svxc9\nOoS06pPBG4TE9zAXH0eArsULsm6jgZwwgZkwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUgAwG\n3D3UnUqCbupem9BvWCRSdGcwHQYDVR0OBBYEFBpMb5tzOUmb4f+D2E5EqJlv8jks\nMCEGA1UdHgEB/wQXMBWgEzARgg9iYXIuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID\nRwAwRAIgfDF2mOjDfPyIthdZnzfcFl934JW9x6vl1LeZrqJePwcCIDMTK4COpYv+\nFJ02zGjnGuLSGvaiRmyi0NGVTiNUEwds\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICiDCCAi6gAwIBAgIUPQmKQGP8ia2s15xz6KdfDwuQQ/YwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMzQ4MTU1NzEzNjU5NTY2Mzk5Mjg2OTQwNzY4NzMxODU0NDQw\nNzYyNTQ5NDYxMzIwMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMGox\nOTA3BgNVBAsMMDU0NzcwNzQ5ODc5OTMxODUyMjM0MjIwMzYzOTU2MzY0NzM0MTY3\nMjc5NDIyNTgxOTEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJJILYtX7F2ocAm70\nKpAb83/hQ7qD8A9l2uyCqjln8t0RI+0HBFPOwYocsHa0ibflRm0E3RVG+vCYQAeA\n0f/XQ6OBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQaTG+bczlJm+H/g9hORKiZb/I5\nLDAdBgNVHQ4EFgQUXKncU6aEnkUvMBfPFCumv91Vg/cwNAYDVR0eAQH/BCowKKAm\nMBGCD2Zvby5leGFtcGxlLmNvbTARgg9iYXIuZXhhbXBsZS5jb20wCgYIKoZIzj0E\nAwIDSAAwRQIgQ4OkXTinzKktHzuzsBiIbB7KmVGj8vwA0ZNSDmUKe04CIQDMNg53\nygk9aPtZSx8v8eC6HS5DpsQkOfDlHIHTp4UBjw==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICAjCCAamgAwIBAgIUFyU+D/4/mkztWe7+WZ7vfMSPPjIwCgYIKoZIzj0EAwIw\naDE3MDUGA1UECwwuNTIzOTQ1NTU2MjIwODEzMDQzMTM5Njg2MjQyNTMyOTkwNjg3\nOTM3NTQ0ODYzNDEtMCsGA1UEAwwkeDUwOS1saW1iby1pbnRlcm1lZGlhdGUtcGF0\naGxlbi1Ob25lMCAXDTcwMDEwMTAwMDAwMVoYDzI5NjkwNTAzMDAwMDAxWjAWMRQw\nEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABG0Y\nRftfut1LhVBi/njzERIFvcNTs7nK1zC/oXk6L8gVF95W8ikw4L8U4N0B+d6zIacb\nJEjwmIQtIEAWwtpNxoCjgYAwfjAdBgNVHQ4EFgQUdTLIATMjUXAmO04eqTtocPuc\nYbowHwYDVR0jBBgwFoAU8R2LIxO1sm0eAyEBxDmVQTxGF18wCwYDVR0PBAQDAgeA\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQTMBGCD2Zvby5leGFtcGxlLmNv\nbTAKBggqhkjOPQQDAgNHADBEAiBkq/EUgLcXu2fiBwngwOVATWGSK0EYeoBEPNUf\nPDSxYQIgK+V4VbZ/CpfqHlaDRlWazhiAFIOig97SyZFkp2vdxL4=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICBTCCAaugAwIBAgIUVtLOIerZSNJiWp2vKAUWEM7qViMwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNTQ3NzA3NDk4Nzk5MzE4NTIyMzQyMjAzNjM5NTYzNjQ3MzQx\nNjcyNzk0MjI1ODE5MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nFxGIxgy2w7dSF4RsObIb7Tc1J8+Ut05fZsogbtBpEgVMobskpt6FqEi7gtaxRAom\nzsJNBfJRoAuOd9I9R5vCBaOBgDB+MB0GA1UdDgQWBBSrtMeJk+ZfYuOkvuty1CUb\nDte58DAfBgNVHSMEGDAWgBRcqdxTpoSeRS8wF88UK6a/3VWD9zALBgNVHQ8EBAMC\nB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGgYDVR0RBBMwEYIPZm9vLmV4YW1wbGUu\nY29tMAoGCCqGSM49BAMCA0gAMEUCIGsnfuhkg/Wo5Q0CXchxEDVOehp9aWUq9QUu\nzlv3KlbsAiEAwvBBQWM6NhoZfX+acY9io1rKcMdipGrEH1rvV1ciPSE=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1344,12 +1344,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA (NC: example.com) -> EE (SAN: .example.com)\n```\n\nThe ICA contains a NC that allows `example.com` and all subdomains,\nbut the EE's SAN contains a malformed DNS name (`.example.com`). This should\nfail per RFC 5280, since all names MUST be located within the\npermitted namespace.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUWCCx49VxhJQiM/golbzbaq6R8j4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ5+PU2SiHoTefr3cH8RFwOxqI2i0/vPsZEmndU\n5iUTQ69V29Z+nJG4tEfnWlVWkP3FMh+6BkxyShhWehFhqCG+o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUGm0DSxEvn5mnbmPMgZV4e4omR1UwCgYIKoZIzj0EAwIDSQAwRgIh\nAIMqgqVimfzWKF4Dlu2ry5NHcpeJJ5dbVKu8YAbPZUJHAiEA6OSrx1Db5bzFBXc9\nH4WTw8zSYAULQ9W9XXFUM9i3jtM=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUGDPLz9vNZKyyCEhYC+7f3iHyUqkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS693WR+S6iDTojtp5dzZJhK3zDVkHXUD9z0kSp\nl3NwMQ9WOqYZ6VuiKxT6E+sb2zyAXRaExDJhjMnsF+MDc9G4o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUKwE9XIhQ+Kafu3FOx1TxnF1erhswCgYIKoZIzj0EAwIDSQAwRgIh\nAP8WhHXx4KQgv2TTSu70YviS3icEMw1Uf+ZTy04dO7iqAiEA7EaqX58SO/zcJ4Td\nPW0Xf/2QEAU4Y/SEUFJDcZqzbkc=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICITCCAcegAwIBAgIUCJ4NH2a4TzDkHGmYUjE5ZdloP0QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA1MDMxMjAzMDgwODEyNzMwNTIzNTEz\nNTYwMzA4NzU2MjA5Nzg3Nzc1NTE2NjM2NzgxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABKlhw0KdLDK3MPFU0jrFf04S2nC0lKh0AWzzc8Xjn0CPITcdrjcT45h04uwZ\nzl7jQgYvMADRRQsQC2PYjj22nA+jgZgwgZUwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUGm0D\nSxEvn5mnbmPMgZV4e4omR1UwHQYDVR0OBBYEFGE+DrsddE/vF5S97CIXcNRiruHg\nMB0GA1UdHgEB/wQTMBGgDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBF\nAiEA1ZIDahSemmBj8gBnFD9Yw2WI8s7ypendXcTuiADxVKwCIFwBwqrToPrUAxa7\nf7CEQMP930PpHy9ao0WNPqRMSlph\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICITCCAcegAwIBAgIUIA/BR22vB58rEOyXIzWdmxSg35owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAxMzgxNzA4NzEwMjk1NTg3MDQxODIz\nNDM4NTQ1MDg4MDY3NjU4OTA4NzkyNDcwMTcxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABC3wwECzivBYMMqZ/V1CPZknM/NJnh79kgrCBTNvjgylErzkux5fjrGRNusS\nZTuj+f5+gW4ZYwYgPkB9bnt/CMCjgZgwgZUwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUKwE9\nXIhQ+Kafu3FOx1TxnF1erhswHQYDVR0OBBYEFLKVAJS8nxK5LNd+zkHWHkmc2zmC\nMB0GA1UdHgEB/wQTMBGgDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBF\nAiAEM0oRqTMs35qc0fZ7cNGDgOck55r8cLnuzdp6LgQhsAIhAN8qkXp5MMkSBjMc\nklGNEcdQFTvNuBx7v9VDza4klvQQ\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICEzCCAbqgAwIBAgIUWHP7FOUyhtAAha7P//AyB9RFaZ0wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNTAzMTIwMzA4MDgxMjczMDUyMzUxMzU2MDMwODc1NjIwOTc4\nNzc3NTUxNjYzNjc4MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nAZ898JzxG6uBAQbxlRn29wWN81C0rDFRDGYspB/VCnQ7ENHUu+JL3RkCJwsvXJxS\nBWj1yNqUGTSaTey7Q+51KKOBjzCBjDAdBgNVHQ4EFgQUftpdfvIqp9f2Lt/z+0TA\n698ypAAwHwYDVR0jBBgwFoAUYT4Oux10T+8XlL3sIhdw1GKu4eAwCwYDVR0PBAQD\nAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCgGA1UdEQQhMB+CDC5leGFtcGxlLmNv\nbYIPZm9vLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIFbvO5IP1u2puzUC\nxXGPh3MTXxdZvnMIs7yEhoMPqy0mAiASEnNeLo8orktBVrdD8Lci/zgxatfRrvhs\nEY4VPXLV3w==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICFDCCAbqgAwIBAgIUf8jbxuxLM0TxA1MMGWk41+notnkwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTM4MTcwODcxMDI5NTU4NzA0MTgyMzQzODU0NTA4ODA2NzY1\nODkwODc5MjQ3MDE3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nYkvLReTbcIAPnhFf9/5LmTgxIqZ+rHbdyD52UdfG8waChl8WSJRbggOoBYPDR0zi\nQbjc9BwO7g3Jerfwbf53z6OBjzCBjDAdBgNVHQ4EFgQUI/QxiJK/gDoEY4xzaUpW\nzGF6ox4wHwYDVR0jBBgwFoAUspUAlLyfErks137OQdYeSZzbOYIwCwYDVR0PBAQD\nAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCgGA1UdEQQhMB+CDC5leGFtcGxlLmNv\nbYIPZm9vLmV4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQDWDPwtih0UTnOk\nSW9GvVb/oyc3lzQ/5YdZHO+KqmkXsQIgB+q/lhGfce+Fn3jMc3egemlWZWdUbqxg\niumHQffxTqI=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1369,12 +1369,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA (NC: 192.0.2.0/24) -> EE (SAN: 192.0.2.0/24)\n```\n\nThe ICA contains a NC that permits 192.0.2.0/24, but the EE's SAN\nis malformed (containing a CIDR range instead of an IP address). This should\nfail per RFC 5280, since all names MUST be located within the\npermitted namespace.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUMci4LTQBOIUs73OdTXmqJcjyDrYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASOwHjQBhHHR+SuVnb29vM/MA99+EgDkw10yleX\nE2oe70SXCKxABvpCKRiguu1JreBxmqbSHsaOrpIBdEzWSla8o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUilp/yZqnKN1DRQWa157nJwEzi1owCgYIKoZIzj0EAwIDSAAwRQIg\ndjk2aFbWFYv6On1ygtxpcYpJbq+xvFM1jrvkOnt8U3kCIQCzNkhNk4mZK9ExN0jc\njMdi5U8On/oXl5zhlq2Ruff3rQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUNjPQneJ9NGzJCJslwh8iUHoe/ZwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQVwhhAzDoRa/NV0nluwu2OEmOmA1atQOd2QchJ\nUG9YobhO9rdzm1Ha4GEyX1b2djso1URMLjr5hiNf4/nQO3zQo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUc9Nds9Kfx5UmIUhn3aiIroBv62UwCgYIKoZIzj0EAwIDSAAwRQIh\nAJ5BR4j3Z+HS+CN0hkFqXIj0d5h0eJsRSmWdZiT3mzT9AiAtyK7BpmQBPAIh6n88\nn4SObgopuArI27QFN4qVitnPPQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICHTCCAcSgAwIBAgIUZdWrUaJ0IJKSOxpMyjfz5ZiFYkwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAyODQyMTY3NDA4NTI1MTg0MTEwODcy\nMDk0MjcxMDIyMTc3NjczNjA1NDk0OTAzNTgxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABEB4Ie5iczRg+fOh9I1j9CSbkxZuINEQS6PiCQrS5e6DY7RIwuhBYyWNdc9v\nyQWIF11fxhj1z0P2bVXtlrm6dFejgZUwgZIwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUilp/\nyZqnKN1DRQWa157nJwEzi1owHQYDVR0OBBYEFHsatWzmeCQP5qIQKCQxek5FjXQD\nMBoGA1UdHgEB/wQQMA6gDDAKhwjAAAIA////ADAKBggqhkjOPQQDAgNHADBEAiA8\nDvqljiZHeAVHTscv4y+is35wtQemNXu3AGtBRYECPwIgECBVEnTAsHQdrNTJkcZB\nsCpa5Nl2V4JJLmzdFgeD+dE=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICHjCCAcSgAwIBAgIUKh5tRTI27Qg86N6TCTJW+8GGLqQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAzMDk0NDEwMTI3MTA0NzM0MzYyNjYz\nMTUwMjU3NTUxMTI3MTA1NjcxNTI3Nzg2NTIxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABIrgRRKcswCuLnlXg4qSxMga+Lqbnt5o5ncRsE7hEG85iC77jUdfLK9VzWPT\njcdCZmMnCkLwnQyhFNPL8Hvi4VCjgZUwgZIwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUc9Nd\ns9Kfx5UmIUhn3aiIroBv62UwHQYDVR0OBBYEFG5BgMD3tllvveAnKaxfgjmOt4Be\nMBoGA1UdHgEB/wQQMA6gDDAKhwjAAAIA////ADAKBggqhkjOPQQDAgNIADBFAiEA\nuRSZW35Pn3irTx68WLssC3AFNnqXAdIw8huOii/KpNgCIDzoKdZ/tDfX/y//IkBj\n394PeWSmuyn3dZ/2IEmZpx55\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICAjCCAamgAwIBAgIUAZkxONkBbTSvIPtrnIvJUqXvHyowCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMjg0MjE2NzQwODUyNTE4NDExMDg3MjA5NDI3MTAyMjE3NzY3\nMzYwNTQ5NDkwMzU4MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\ntPyM3ZZD+qMrVVwa3u9Y4Y4fsEOssAkLpspPCGN3cIUT/d2WhLbfAnptHxBnQQlQ\nKegw15KJKSMIYbsq4IqaSaN/MH0wHQYDVR0OBBYEFFQh6mEL9JLRsEK0AbWmTDDX\nZw6CMB8GA1UdIwQYMBaAFHsatWzmeCQP5qIQKCQxek5FjXQDMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAZBgNVHREEEjAQhwjAAAIA////AIcEwAAC\nATAKBggqhkjOPQQDAgNHADBEAiAeEJVX0/CdDKqXrKlWzz7VvG9nPdK2Owr24kow\nfpRVtAIgSXKMF4K4nWM6FUdybKEJ7y3u8i19kRPwK3/A3o86yLs=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICBDCCAamgAwIBAgIUH0c9l3CoHVQqAabZKYGkmHbwefgwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMzA5NDQxMDEyNzEwNDczNDM2MjY2MzE1MDI1NzU1MTEyNzEw\nNTY3MTUyNzc4NjUyMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\ne9DbTt2pfWiDdAZWp90vYlzOoVaPzQwKP/XdYls9wWXk0yVClSagNVbP3l2WgnDC\nk8CPbXct96BybohawLXz8qN/MH0wHQYDVR0OBBYEFNZdVUSN7OGZAveLzoPfGKme\nLBiIMB8GA1UdIwQYMBaAFG5BgMD3tllvveAnKaxfgjmOt4BeMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAZBgNVHREEEjAQhwjAAAIA////AIcEwAAC\nATAKBggqhkjOPQQDAgNJADBGAiEAsIetZyzJ/UOA9tOkzRJCb4Aly4hLCz7DeYxW\nhOhyHTUCIQDvCYnIxbjdRVG5FyEX44A+gSWama9EjAGKf++yU6xzIA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1394,14 +1394,14 @@ "description": "Produces the following **valid** graph:\n\n```\nEE (SAN:X) +-> ICA_B' (SAN:Y) -> No root to chain to\n |-> ICA_B'' (no SAN) -> ICA_A (NC forbids SAN:Y) -> Root\n```\n\n`ICA_B'` and `ICA_B''` are certificates for the same logical intermediate,\nbut issued by different logical root CAs.\n\nThis graph allows validation through `EE -> ICA_B'' -> Root`.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBdzCCAR2gAwIBAgIUC6UTECne+/vvV4F78EH2w0g9SowwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT+s5LhRSrdcPTVxpNvrrbSzmD/TXlzdoITlEOF\nFOf02yTO4e3mgZa48KXzhJwtQAqxCGK34IM+SSfmpNSBCIpyoz8wPTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHQ4EFgQUGYiJq/Nl+keJADcCpSLm\n/wGLCDkwCgYIKoZIzj0EAwIDSAAwRQIgeNlONqi2SjW+4FiQszsfMpr1KeD8zahy\nTyZIqPlpklACIQDC+PC1q/Mv+ExFFTwLOSFq+p1W4ePtWlvfnMo3b4Jtqg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBdzCCAR2gAwIBAgIUSCGdrIe3w0eETj2MZCVxD5CHLtYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT0xosUtdIjlLmxH32um/k5MD94nZm+m5f0eRFX\nxCh7d4l6Y5PBm+rH7tH/n/lmZsrbJenHu+ux6bP9yFRuyKL+oz8wPTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHQ4EFgQU7lvuMNoicC05VVrenH9e\nICzvJSQwCgYIKoZIzj0EAwIDSAAwRQIhAOncCt06O2jmIVagn/DXusIq189AlcOS\nKV0GtU9zsI/QAiAorT/deEMgnIe+B8tLoYRBvQkoQjRyRdSEDOuLElSfDQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICLTCCAdOgAwIBAgIUIJq6SFkjCfInaJKT9JqG1EELFWUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBpMTgwNgYDVQQLDC82NjQ4MDE4MjA3MDQyNjUxMDMzOTU0\nNzk3Mjk3NjIxMDE4NDI0OTQ5NDI5MzEzMjEtMCsGA1UEAwwkeDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi1Ob25lMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\nQgAEp8l7zaspOLuvWcAu++UTClPaC100hHEfVFLhi45XS5k7rzqRwNR8DHFa993a\n3SGlqErvzDtQHc4pDF++xzKvXqOBpTCBojAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud\nDwQEAwICBDAfBgNVHSMEGDAWgBQZiImr82X6R4kANwKlIub/AYsIOTAdBgNVHQ4E\nFgQUuLAW37fdQvtNCGkS8tvI1aBUm+wwQgYDVR0eAQH/BDgwNqAZMBeCFXBlcm1p\ndHRlZC5leGFtcGxlLmNvbaEZMBeCFWZvcmJpZGRlbi5leGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiEAyZ+DDxC/t9DrpnxZTO6BlVcGNt7UgNsevxhx6FbGNmcC\nIEqzTO8kJak7c3F4T1PSjqp+jw7FuECtYjKK2QxUuMC7\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBuzCCAWKgAwIBAgIULAgdCU8C3iKCISifzKYxBF5iZNkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9hbi1pbnRlcm1lZGlhdGUwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASsASWTSvZBgMHLIEmmkPcNC0yVPR6pKJF39Vt5\nnF8mVfEe/6nqXZlM0jg+T82EokVg6QfhCnUX7yinG2CVDHvWo4GDMIGAMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMCAGA1UdEQQZMBeCFWZvcmJpZGRlbi5l\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBSYzSTWzN+7Cchm37qzAnWObiavxjAdBgNV\nHQ4EFgQUyJHRIQfVhgMd20mJw+lF9oZCvNgwCgYIKoZIzj0EAwIDRwAwRAIgdn9a\nwUfZSeS6iJd6PGIltR0i4TcIfagcgLUEHqavB8UCIA4mooK9V0LKz2kJ2oD2PI6R\niH3wViupzdoaDJ6GuaNE\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIB6DCCAY2gAwIBAgIUUXg/Sy0k3+fH/PdPJnG5RkZ2tSwwCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvNjY0ODAxODIwNzA0MjY1MTAzMzk1NDc5NzI5NzYyMTAxODQy\nNDk0OTQyOTMxMzIxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowGjEY\nMBYGA1UEAwwPYW4taW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\nQgAErAElk0r2QYDByyBJppD3DQtMlT0eqSiRd/VbeZxfJlXxHv+p6l2ZTNI4Pk/N\nhKJFYOkH4Qp1F+8opxtglQx71qNgMF4wDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8E\nBAMCAgQwHwYDVR0jBBgwFoAUuLAW37fdQvtNCGkS8tvI1aBUm+wwHQYDVR0OBBYE\nFMiR0SEH1YYDHdtJicPpRfaGQrzYMAoGCCqGSM49BAMCA0kAMEYCIQDOoaK+tcRv\nFkmRaiPd334K5ETF8XpVFoJAyAlMToK00QIhAOOPiFJ4kS0obDgRWNfgNbEZ1KRr\nOqrusQygd2/VQBAE\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICLjCCAdSgAwIBAgIUMoU5voaIlWuyuvq8AHC55gUnpd8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0MTE3OTY5OTU0Mjg3MjYyODM1NjA2\nOTA2NDg2MDgxMDU0NTc3MjYzMTgzOTA5OTgxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABN2l3W9Bqgw3OBXN3lvKGHXI7KiaYsVt9GeFFL/aQGRgym1ae0k05UdiWjmm\n32qLMpOAtSILDEFomEjXsfNxf1yjgaUwgaIwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwHwYDVR0jBBgwFoAU7lvuMNoicC05VVrenH9eICzvJSQwHQYDVR0O\nBBYEFDmtw0sQx3QeVjIFdR2QTG1+94+8MEIGA1UdHgEB/wQ4MDagGTAXghVwZXJt\naXR0ZWQuZXhhbXBsZS5jb22hGTAXghVmb3JiaWRkZW4uZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSAAwRQIgfCFVAIbRJetY75bXRPcZQLBFlqUKzZtIuCjRHcbu6MEC\nIQC/arHtbZoc50+n8xiSbrGGoH4Lfec1iNXiOZtdKJqwug==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBvDCCAWKgAwIBAgIUG9AsNw6dyM5i0l1yAKDYfkGm9KowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9hbi1pbnRlcm1lZGlhdGUwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQwCmYxxPWbWTSbN8JCSWtEtxn5ydsMHRg1aaWZ\nofujQTOzRREbX0QEyhLPkkyRlWaUXfvQL9kl7ijsbyTDlau7o4GDMIGAMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMCAGA1UdEQQZMBeCFWZvcmJpZGRlbi5l\neGFtcGxlLmNvbTAfBgNVHSMEGDAWgBRoM+0e15t1CpyF1qi0DSITPWfJDTAdBgNV\nHQ4EFgQUtaQKEu5yETpr4zkEx7XILygCCW4wCgYIKoZIzj0EAwIDSAAwRQIhAIN0\n223H/03uLMydmfqg/5VoTMSwKZnQEJ6vF3xL/Fv6AiBF31UQJ8dIFiyhF1Ko67Uz\n7y1/27sbci0MldEa/tbGpg==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIB6DCCAY6gAwIBAgIUJNtN3nkVPojByKt88PLkaj8+g6MwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDExNzk2OTk1NDI4NzI2MjgzNTYwNjkwNjQ4NjA4MTA1NDU3\nNzI2MzE4MzkwOTk4MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBox\nGDAWBgNVBAMMD2FuLWludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABDAKZjHE9ZtZNJs3wkJJa0S3GfnJ2wwdGDVppZmh+6NBM7NFERtfRATKEs+S\nTJGVZpRd+9Av2SXuKOxvJMOVq7ujYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMB8GA1UdIwQYMBaAFDmtw0sQx3QeVjIFdR2QTG1+94+8MB0GA1UdDgQW\nBBS1pAoS7nIROmvjOQTHtcgvKAIJbjAKBggqhkjOPQQDAgNIADBFAiEAkaSOdfez\nZN2H0DZfnHY0qwXad2rTzK4yioKD80GHam8CICTDi7yepQ0kIL2DqY0jxnliVQFL\nn6npWBXvLKzDKlxP\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBxjCCAWygAwIBAgIUV00iFUuL82VAbNwSGELO6N0BIiQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPYW4taW50ZXJtZWRpYXRlMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAgMR4wHAYDVQQDDBVwZXJtaXR0ZWQuZXhhbXBsZS5jb20w\nWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQBVADsZQCShCAwl3Zee/X3SwWjNUUw\nG6K+5CuXk4WEtXRJcR5yRSGjLURNpUfrW3cuxFHzAuO33AmpmicsMGDco4GHMIGE\nMB0GA1UdDgQWBBTK7GHdyPWPtDI0IzNdg2zE846FdTAfBgNVHSMEGDAWgBTIkdEh\nB9WGAx3bSYnD6UX2hkK82DALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwIAYDVR0RBBkwF4IVcGVybWl0dGVkLmV4YW1wbGUuY29tMAoGCCqGSM49BAMC\nA0gAMEUCIBqsjBV5WD/BHhu2vv+45BhsKQFB7Ff3X3NZj7o61NIjAiEA5zsAqqqO\nXexx16MCf0ptGxDPP7iG8xMSPA/B2slAv2M=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBxzCCAWygAwIBAgIUbyyqAzUoEfrN2rWYlx+WKszxO00wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPYW4taW50ZXJtZWRpYXRlMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAgMR4wHAYDVQQDDBVwZXJtaXR0ZWQuZXhhbXBsZS5jb20w\nWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASr14n/v5l4U2ue0WRsx6UjLBBvFc53\nDV4um4SMfJUKSU6OH9amwNm7OaidV2Uh3nNs+QCL4VZHhxacl4Os/yOTo4GHMIGE\nMB0GA1UdDgQWBBRw8UnLHTZ6OmC8hdtt9vHiczG+SjAfBgNVHSMEGDAWgBS1pAoS\n7nIROmvjOQTHtcgvKAIJbjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwIAYDVR0RBBkwF4IVcGVybWl0dGVkLmV4YW1wbGUuY29tMAoGCCqGSM49BAMC\nA0kAMEYCIQC7NACivPkFdzM9GwIc/6n+vF1CU4RMazP8NVw9Pz1pwAIhAMFg0eZe\nS9td6H52/8DzO9JxTJvDK0MpefaH8QryfzSs\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1418,18 +1418,18 @@ "id": "rfc5280::nc::nc-forbids-same-chain-ica", "conflicts_with": [], "features": [], - "description": "Produces the following **valid** graph:\n\n```\nEE (SAN:X) +-> ICA_B' (SAN:Y) -> -> ICA_A (forbid: SAN:Y) -> RCA_A\n |-> ICA_B'' (SAN:Z) -> RCA_B (no NC)\n```\n\n`ICA_B'` and `ICA_B''` are certificates for the same logical intermediate,\nbut chained to different logical root CAs. Both root CAs are trusted,\nbut `ICA_B'` is issued through `ICA_A`, which forbids `ICA_B'`'s SAN.\n\nThis graph allows validation through `EE -> ICA_B'' -> ICA_A -> -> RCA_B`", + "description": "Produces the following **valid** graph:\n\n```\nEE (SAN:X) +-> ICA_B' (SAN:Y) -> ICA_A (forbid: SAN:Y) -> RCA_A\n |-> ICA_B'' (SAN:Z) -> RCA_B (no NC)\n```\n\n`ICA_B'` and `ICA_B''` are certificates for the same logical intermediate,\nbut chained to different logical root CAs. Both root CAs are trusted,\nbut `ICA_B'` is issued through `ICA_A`, which forbids `ICA_B'`'s SAN.\n\nThis graph allows validation through `EE -> ICA_B'' -> RCA_B`", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBdjCCAR2gAwIBAgIUVn+XFA8OhX6VQKw4aRdbylSsddswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQVw2B+bMSkwOhgxEQvQDmqwLKKPVe4tEuOA41t\n4ia17Kyu0hdjDneX5VsXPl3IMSxU+8G4pCBO3CPaRSLnkE1loz8wPTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHQ4EFgQUoi+XbApL4jjMDaQtZ4Vw\nOoIxrfMwCgYIKoZIzj0EAwIDRwAwRAIgY7GW1yh61Xkt126z0B+6Sikxv5pbslq4\nBbCS+vV9C88CIBZ+O/Fjkrh9Dh2hkUTGo7zcIYpGSMdLzglSWhJa3zcb\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBdjCCAR2gAwIBAgIUObH+4q0WzCeZ+UDyMukzCBUmQuQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARddByfMu9wvo+7pISFaLzVBSeEkbQrPGW0xgue\naLv53zXMtbtSWsM4r1j1ZggVl4t6ELLSZ2b3sbUHwv2ElMyHoz8wPTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHQ4EFgQUBFGKMMl+6miQpjSLLgBN\nDD5b26cwCgYIKoZIzj0EAwIDRwAwRAIgUVZcc64Ap4uCPMfn/J2wyKQ6rzBXtg86\nWCh4z0OScncCICSr9NiYZlg5LiJBgAgb9cnfXvh3837cnAH5hMskgFMI\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBdzCCAR2gAwIBAgIUW+cntJKpY1IsaFavi58d3FrySrQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQDdfAzv4a0/HKflZ5HStQHznDwqmKhvpKsaLtC\nt+bjCDJCLQD/1YIrDh4vPfb3n7w4ng2i8KjdyPTS32BcCh0foz8wPTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHQ4EFgQUk62StxvjA+aCAMlegMhA\nygL+wtIwCgYIKoZIzj0EAwIDSAAwRQIhAKjzmw6FcJewU0L9rkPEw5Izcwlq5iEY\nWCX1zig+Aae6AiAlISXSfo8vJjGtAY8kH/xJX5dgmS1dCFsm7JLEajJmzw==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBdzCCAR2gAwIBAgIUfSFLsVqEdup002S4iCZUw9FeGLkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASzGfcHMnqVdsOYhzWD1i0lA5aXG9q7B1Gs0cEZ\ntuF7rkYKSaySDlKn6bjVD+3vLjXcnCcQEGsbHZPE+si3HQSZoz8wPTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHQ4EFgQU43RSO8qhmnoDExGJlp+j\ngEBjRSowCgYIKoZIzj0EAwIDSAAwRQIgDtE860+/ngvGABv6h6szPFsmWQIpK1fu\ng+pVqtC/uOkCIQDgQTcQmrOGv694d+uPjKEW6/KpscMfu6erjVmXlSqzFw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICEzCCAbmgAwIBAgIUUpZaeTy5bGzgtWlKGQfy1Xm8l9kwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0OTM4MTg1NjE3MTE5MDA0NDIxMjEy\nNDg3NTgzNDA4NjAyNDk5NTQ5Mzc3NjMyOTExLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABHEe/LGBriYj6y4aEK3uJ44Ti3yWEYwkd+MXgD9KOdn41Lsht9VUjA32ZEbI\nj8vwNEOgjdwr2Faubv0dLaP95+GjgYowgYcwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwHwYDVR0jBBgwFoAUoi+XbApL4jjMDaQtZ4VwOoIxrfMwHQYDVR0O\nBBYEFPiTXwaG9Bt+GJb7fD4L+/eXr6OgMCcGA1UdHgEB/wQdMBuhGTAXghVmb3Ji\naWRkZW4uZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAPyi5SHuf97xGGkR\n7HksWJ+2CZQ2+sCco148bCbZPl/LAiBRaAXhUK7QnOVKLG3xaxlIOVA0x6NKCRT3\nJyu6seriPw==\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICDDCCAbKgAwIBAgIUNNzy28FuEoiPIpT3UW7kzsZ5WCkwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDkzODE4NTYxNzExOTAwNDQyMTIxMjQ4NzU4MzQwODYwMjQ5\nOTU0OTM3NzYzMjkxMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBox\nGDAWBgNVBAMMD2FuLWludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABHmizF+HlUz6hhAOsM5PpCEsjVjIFlmiMPwIkbQ1pcZdXkxHYJn28uNgRrEP\nKcUOrOwjZMX79I0VJF4ANHYoYDijgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwIAYDVR0RBBkwF4IVZm9yYmlkZGVuLmV4YW1wbGUuY29tMB8GA1Ud\nIwQYMBaAFPiTXwaG9Bt+GJb7fD4L+/eXr6OgMB0GA1UdDgQWBBSIk7ksStoFDPmH\np0rqOHDd/DYNKjAKBggqhkjOPQQDAgNIADBFAiBiHsEDyVg+dJBC4xKbMIRV8+Ah\nLnOh1YLAOg9xVRPJKAIhAJpasiiUABQPzwb1wlUHBO4EbezSq9vM4jZl6uFPof98\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIIBwzCCAWqgAwIBAgIUY2QFS80jQqEkSzdMjdk4oOyGRzUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9hbi1pbnRlcm1lZGlhdGUwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR5osxfh5VM+oYQDrDOT6QhLI1YyBZZojD8CJG0\nNaXGXV5MR2CZ9vLjYEaxDynFDqzsI2TF+/SNFSReADR2KGA4o4GLMIGIMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMCgGA1UdEQQhMB+CHXVuY29uc3RyYWlu\nZWQtaWNhLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFARRijDJfupokKY0iy4ATQw+\nW9unMB0GA1UdDgQWBBSIk7ksStoFDPmHp0rqOHDd/DYNKjAKBggqhkjOPQQDAgNH\nADBEAiA1h6MMiyjwmE1v/KI6FkujVl8thsWDw60+nvTmXa9Z0QIgHDn0w8S0zaZ8\nOHe5m6x/4USxtBkFoSgsHFEFNEhRY0I=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICEjCCAbmgAwIBAgIUMz3vRunlnzCjTpiTQ+YrCFv3xHgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA1MjQ2NzMwOTExMTA3NTQxNTUwOTIx\nNDcxNTQ2MTc0NzA3MTI4NDM4OTY3NjkyMDQxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABI8QmYc/MYMDyzUOYFe4gfXD/nyfyDMfP5Gvqu4Hwrh6HX2QNfFKknYX6Fou\nROr8gOuVZ7YOmYye6AN2Dt3VJMejgYowgYcwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwHwYDVR0jBBgwFoAUk62StxvjA+aCAMlegMhAygL+wtIwHQYDVR0O\nBBYEFIJdZeeiyhM8codyzhJSFkqOPuUcMCcGA1UdHgEB/wQdMBuhGTAXghVmb3Ji\naWRkZW4uZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgerZRBrIF6JFUyT+i\nhitoyX2hf3ytLoQgWSG16SpBZtECIDX08bxSxJsvf6w8LJeO127/YfGbriX5sOfq\nv26Ws1p7\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICDTCCAbKgAwIBAgIUTRWiz3LyqDm44JDD8hQ+lqBOreQwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNTI0NjczMDkxMTEwNzU0MTU1MDkyMTQ3MTU0NjE3NDcwNzEy\nODQzODk2NzY5MjA0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBox\nGDAWBgNVBAMMD2FuLWludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABPsfS/0HmU5UwhTb334Qyc8iOydK5voRcGd9snTQpJ8+mNFzhgN/22bE8a9V\nwqdzKj+6V/7QcLgU1Ie61JDAFcKjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwIAYDVR0RBBkwF4IVZm9yYmlkZGVuLmV4YW1wbGUuY29tMB8GA1Ud\nIwQYMBaAFIJdZeeiyhM8codyzhJSFkqOPuUcMB0GA1UdDgQWBBS26GnJo68SrMh6\nAUrpDQjWeiVD3jAKBggqhkjOPQQDAgNJADBGAiEAyvL+a1T29GiAhIkwCepi1gZV\n3byr8VpkaCgekuKoGJACIQCZJWvEa/tisWzb+KiRfIGlF1e7oiyQVWlVj82Ip60M\nNQ==\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIIBxTCCAWqgAwIBAgIUbjtZ6sHsZkD1PLNd1MRy8mGuO/swCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA9hbi1pbnRlcm1lZGlhdGUwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT7H0v9B5lOVMIU299+EMnPIjsnSub6EXBnfbJ0\n0KSfPpjRc4YDf9tmxPGvVcKncyo/ulf+0HC4FNSHutSQwBXCo4GLMIGIMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMCgGA1UdEQQhMB+CHXVuY29uc3RyYWlu\nZWQtaWNhLmV4YW1wbGUuY29tMB8GA1UdIwQYMBaAFON0UjvKoZp6AxMRiZafo4BA\nY0UqMB0GA1UdDgQWBBS26GnJo68SrMh6AUrpDQjWeiVD3jAKBggqhkjOPQQDAgNJ\nADBGAiEAkCSm5qVp0b7HEqvS2phxg4+pT3H0mSaM0moOY7g9/T0CIQDOeYWiK4oq\noA6GIMltGENfGIBBDpLCSpQMgZo+XeKH4Q==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBzjCCAXSgAwIBAgIUao8vsrlXwD6tbn2uhY5GJGcuNpgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPYW4taW50ZXJtZWRpYXRlMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAkMSIwIAYDVQQDDBl1bmNvbnN0cmFpbmVkLmV4YW1wbGUu\nY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjX1BjaZ2VHU1e95XrZJJNNLR\n7YENP9XnpmjfkqFokC9KUcKcNVFbDtgqG4eFac/qvd+5YWuJQKBK1jtejyVeNqOB\nizCBiDAdBgNVHQ4EFgQUVYziY8eLDjxpxxwLTWCLvnR+TxMwHwYDVR0jBBgwFoAU\niJO5LEraBQz5h6dK6jhw3fw2DSowCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMCQGA1UdEQQdMBuCGXVuY29uc3RyYWluZWQuZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSAAwRQIgUWgkOT/aaIlJE+frphkIoLYsEni72enPT+TkVRIaOU0C\nIQCV5l45KKWEcNWo0xm6WGaONQJze/6P5hvj4a1ibAJ1Lw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBzzCCAXSgAwIBAgIUCEsQBaFJlDvJwlFPezywNkuk3XAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPYW4taW50ZXJtZWRpYXRlMCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAkMSIwIAYDVQQDDBl1bmNvbnN0cmFpbmVkLmV4YW1wbGUu\nY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFG+VXYTRYeQSoXh8L5uxxSP1\nk7f1NUSA6XZP6JTEQJA7S7CYeedO9/y6rp/UqUtEY0dcnpvCvFrOtXhfF22UT6OB\nizCBiDAdBgNVHQ4EFgQUC3hxlEvVcPjfaY2u6hvetMCyOe8wHwYDVR0jBBgwFoAU\ntuhpyaOvEqzIegFK6Q0I1nolQ94wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMCQGA1UdEQQdMBuCGXVuY29uc3RyYWluZWQuZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSQAwRgIhAPFHzr5pFKfQRv0OWT6BY/7/ZA8tZFw8TVLrcEyQgsI/\nAiEAlqjuTVt+PiTLgW0qbVYTXnZJmiqdruOGXoG/inhHHh0=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1449,10 +1449,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert has a SubjectAlternativeName with a value in ASCII bytes, rather\nthan in the expected DER encoding.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIULQWeT+cEMd0MsmviJGHcda8UVeMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASkpgrmIHiGazyMyjPIDV7y7RrpRSTI0KDuLCvl\nDPc7ohkNMeCI0kbwObyvzmYHgAnO2hh/TF41WGYHIgCS1xq6o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUiYkShG4Pkb4auA4X8aXvm0zynEEwCgYIKoZIzj0EAwIDRwAwRAIg\nH7RLb+jbtYy4OPtlQ+cbyde1fKBO+ACBRCvjG8L6RlsCICh/Y5GlHctCEUjD8GIy\n2w+YExeWDae6sV9knvpE0w3M\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUJq9sfJWMzrpynnNKV+59yo0o5DEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATT9DSEii+pL0T48cj1EW1T6/TemRsEOsJ7iuwQ\nG9bgAI4s6MIldtdMifNIGEmvvMg6yRQqew8AYZ9d6p9n40Vco1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUvpxtpLGYJglNVMzqV+ziblb8BzcwCgYIKoZIzj0EAwIDSAAwRQIh\nAKKS6xq4BaSKHLZo8S9OJEbz6S6dsJin83Zcc+MPBzbXAiBOkXESqPjVhYO+AIuq\n11XcEcPnExtDUtr3iFB+86E++A==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVKgAwIBAgIUQLX/xNTyOe9fB1KdwCc561vOI9UwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGZq1shrzO9H/sQJVs/IPDAE2NYiWuGVe+c5oPviC1c+\nZRKTmxr/GbZ4nS6lg1JvBPvjtCwlFhvi0BY40t0/aa6jeDB2MB0GA1UdDgQWBBSy\n1tkRWwtgz9Z8/gJDwscIVcHWLTAfBgNVHSMEGDAWgBSJiRKEbg+Rvhq4Dhfxpe+b\nTPKcQTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEgYDVR0RBAtl\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA/LAGJiLUJKScQ7PoGBKUrabf\nLvf8nAq0rLNVszuW90MCIQDbftrVpfHtzXUb1wEZr/WiJxKVqzMjAx02q+fPPqNB\nKg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVKgAwIBAgIUXX6FcfwHiUuWnXMIcQYDQY1sed4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOPWGG/QwiyWJVxGmHgrIerorqUHwhv6ZIH1l4Aw+Hcz\nuHDXpwY9krMFO1Gv3ybZcA4Mjzh9u5d4EFesdhzRLZGjeDB2MB0GA1UdDgQWBBRY\na8dynxOoeEZ/bEIQNLcVNv2iYzAfBgNVHSMEGDAWgBS+nG2ksZgmCU1UzOpX7OJu\nVvwHNzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEgYDVR0RBAtl\neGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiA3eo7gozIWzOQNxcTIjNoMJ7Hh\npcUd5y+RzYOOBSzb+gIgQ2LBlF1i05/ijvtyMClcKYVgi2WWdm2eY0S4Te73qsQ=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1472,10 +1472,10 @@ "description": "Produces an **invalid** chain due to an invalid EE cert.\n\nThe EE cert contains a non-critical Subject Alternative Name extension,\nwhich is disallowed when the cert's Subject is empty under\nRFC 5280:\n\n> If the subject field contains an empty sequence, then the issuing CA MUST\n> include a subjectAltName extension that is marked as critical.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUGkh0iHeQ8qn2MWA/yxFbjUkRx00wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR0K5QJ7wzRMhBY51nTG1mFT4ZbTA4lq58s7VRr\n9uEa1HKvD1ArX7DWHNHYQ8IhqTQjgzjerC9QXgyGLbzqIR2Ao1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUKRKhwUjTSMwSl8PYCNsWArU11FIwCgYIKoZIzj0EAwIDRwAwRAIg\nCU0BSj6XuZZQH82D9MrNwZIDbwV5wigzpzRQOt1oGN8CIAhvLu+TI6gErhAF/LNR\nqnuPtexCl1BZbqCrqV5+fTPB\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUOjdxx1j5gfYqKdw7Yq9psHY+wkkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQdyEsXfUpEply73nOrKxMdbwgDcm6qiKJsqVi1\nVpbWTam2Np0Pciza/EMXCakzLSJ2Wr4AhqG2r1JtI5MS+DSOo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUcWHF21eU+h7PZSZpMa0gNfYtWF8wCgYIKoZIzj0EAwIDSAAwRQIg\nZHi1eeLYaQW0c4wqYVVa95uMRnp47koc4pcn2gVJxfgCIQDFJVaMUWrmLJ6+BX3p\nMNZRp4ITf9QWpfZPZJlMvdhdmQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmjCCAUCgAwIBAgIUAccIL1wZTBhPqH5urPDD6E/Uzs0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9fGhAhNe\nMvRAZuBgaEBKaXIjC5ibpAAxIQRmes1CNJ20cZ/kcgOLGKqf+qjWa3bicmlytcN3\n/c5oAC6v5Q4AAaN8MHowHQYDVR0OBBYEFF+nPkKOENCDvXdlhEikTvSvUZzqMB8G\nA1UdIwQYMBaAFCkSocFI00jMEpfD2AjbFgK1NdRSMAsGA1UdDwQEAwIHgDATBgNV\nHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjO\nPQQDAgNIADBFAiEAwZmfimfsDf+VRv9XmCSDCGhq1KDnZSXz5qfhypG9MiQCIGvr\nk2OWakFnCsLVrwkkzHXk1PI4DpxzQa7a8UN49SK+\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmTCCAUCgAwIBAgIUCLIezNw/dgozqovBDHodW6fP5zQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpC0N1PMB\n/u0xkqyOIQ7CLnsxfhcSY/8lkr6zivZpghTIbFg82Hw3pL8Dn7B4eui2pIi/8XMm\nCTLfisMeDOaOpaN8MHowHQYDVR0OBBYEFCBX1ftEbqjVY+Naz8r3/jqXtl5hMB8G\nA1UdIwQYMBaAFHFhxdtXlPoez2UmaTGtIDX2LVhfMAsGA1UdDwQEAwIHgDATBgNV\nHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjO\nPQQDAgNHADBEAiA97AWQISt6z92H7SnLDkeAox1T6kJo7vtsL3+QlvQYhAIgKXB1\ndwu2QmAEKpBdHoqBnrpf8L5nutLVBHeSa1hmd9E=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1497,10 +1497,10 @@ "description": "Produces an **invalid** chain due to an invalid EE cert.\n\nThe EE cert contains a serial number longer than 20 octets, which is\ndisallowed under RFC 5280.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUf+U+JZDZIY6hhvK+LeNv/It6xucwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASnjUnUn9ZWFHX7gfbg2WT7uXoQ2wK2D+T2B3Xm\nnNPfVhdkTcB9zn2nJgq14rj7yRa5WkT+lKG2VO05NnW6budqo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMmOBmZCmpIkyAtBBpCyCAy6zSlgwCgYIKoZIzj0EAwIDSQAwRgIh\nAPPHgc1t733hPSc+sViWh+jfLt0St8cXguJoIVRKSkQyAiEAmNuOCNUnAT/C0vNh\nLDsV5wMtVVNYQJXC6QpB6DS6Nf4=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUaPQCCKiM6EC+9ofQazOhKFSm8BQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQS0+urUbVidQNrcepuEIjiPVQZfBZZ49nDBHOr\n8tk/hw2w/5E8M5IQw0sEXBcZIm29HmxLl348qQy948mziYHMo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUElpX+DYOSl65ZiE1VWB7RkvR5SgwCgYIKoZIzj0EAwIDSAAwRQIh\nAOqwQETKL0E0NM8a3w8lfrgxBdBnHBVhW3BWwgY4KhlbAiBy8TVRsvQH8SrIkS/g\nkQh307iTbInVNvYoqV9+hErJ6g==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBszCCAVigAwIBAgIWYPkOnSrDgHOzsBQnWkdnnbLWhqXz0TAKBggqhkjOPQQD\nAjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwIBcNNzAwMTAxMDAwMDAxWhgP\nMjk2OTA1MDMwMDAwMDFaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEoAcCUo8KA25P1qp5vBtdZcYtGpMcpTbWx3FSYVCE\ns+Oe4OqX7lQBA32Nlj71A+bF2+3RFChgHrvuGnQmds3uo6N8MHowHQYDVR0OBBYE\nFL7sNWyBojI/m74CaWVOtKu1+Et+MB8GA1UdIwQYMBaAFDJjgZmQpqSJMgLQQaQs\nggMus0pYMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA0IozRuwvMxAComHe\nh0F6ISiDDzZwt43Zsvr7qmknKU0CIQCwh5Z68lJDVssyPgKAfM5zgyxM8D+O0et6\n5fMAg1FfXg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBszCCAVigAwIBAgIWCbEm/hx17IOK1IvcPbac1BiCFK4qpjAKBggqhkjOPQQD\nAjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwIBcNNzAwMTAxMDAwMDAxWhgP\nMjk2OTA1MDMwMDAwMDFaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEpV4FqLfal7EFPTOpT5bHI3v6Q2rPMX+/8y++JGEK\nSTRmez8FhLDO5v1a9vtVdFv5SsYmir+B1urji7MFKNOsM6N8MHowHQYDVR0OBBYE\nFNhF4XgmNmiZ/w33Rj38MJHzq1SjMB8GA1UdIwQYMBaAFBJaV/g2DkpeuWYhNVVg\ne0ZL0eUoMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA2stOX/5PjCtvS5Xo\nGiKhHd51ze7iPjaKNkiGQfxYluICIQDFlQRDfcztpA5xGf0XLb026Ie6ufr7crDw\nlBvMTlSO3Q==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1522,10 +1522,10 @@ "description": "Produces an **invalid** chain due to an invalid EE cert.\n\nThe EE cert contains a serial number of zero, which is disallowed\nunder RFC 5280.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIURpiMFU25SeB5/fIax4XCSVVa3uswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARaLSQyRFdWzVXi6+Hv5s9kFJniLkeuSM74/z8Z\nAQMtfC7ecrXRKKSxp4ES7KNgqeqOHPZAZrTLLo9Ea30t7gMHo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU6yFQE8fuPd0mow844kgqbg9UOtYwCgYIKoZIzj0EAwIDSQAwRgIh\nALwLMp5mZYxzjvmYryavKV2tidvyj2j30FqEeiwHRSccAiEA1+me+SisvsEz6s71\nD/6Igcoq7DdSsuqZC0oLyyNYGkA=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUGRqor3z7i1iqGBWKSoSeReGVG6cwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR1FdzPobIBINON0a+P4G6pEo+aam6bsldki9ir\nF4gDetIvqcQrJF2vRJcmciKlm/0VzWSqnxHRGaY2ZSU/9WXwo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUP7FxGa3Tf/RwDiuG8c2E4zwaMlEwCgYIKoZIzj0EAwIDSQAwRgIh\nAOABQCNqsBV+oNz/hT4umV9GriZbcgNOpb1c3GEWCg9hAiEA7ObKtUNyJl5Ps1fU\njzxGG3PEuYAt3SYfBwJvpR9oWdU=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBnTCCAUOgAwIBAgIBADAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA94NTA5LWxp\nbWJvLXJvb3QwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy+A6\naWptlZLVjFPOgbxHdPBsy2FcxdMq4oiqaeFq5f5bkkNmWe1n2qlU5Ymk4KOOMRpH\nGLJ8a52Pi2o2+9LxiqN8MHowHQYDVR0OBBYEFI+OAL2yg0K/j8PT3nRJTWfc+Xg5\nMB8GA1UdIwQYMBaAFOshUBPH7j3dJqMPOOJIKm4PVDrWMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiAp2E8Ze4KD15ea+fWjDgeVg+Ycs9A89WPUoVelwxJbKAIh\nAJCAQnbHuTCe4KdL7fcSB+1p34mGQagcSctNzlTAxNpe\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBnTCCAUOgAwIBAgIBADAKBggqhkjOPQQDAjAaMRgwFgYDVQQDDA94NTA5LWxp\nbWJvLXJvb3QwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaABL\nybtKOdlhYd7iedzVziNVtYH2snEQN4uqnV/tsFPEGseJm7bhaEofc7l3fnu5ABLH\n8sF4w1wrEDrbXaoOu6N8MHowHQYDVR0OBBYEFCvj2nJYeT9TpdE+5q2WXMFmbV3A\nMB8GA1UdIwQYMBaAFD+xcRmt03/0cA4rhvHNhOM8GjJRMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiBKJewyqfzFLPeozjZ/UiBCu/f9YUPmD1/ybHjxVWWA+gIh\nAMftgk3t1eNbacQgBYccXXsa9V2GsdXMvd5PKcuQYSym\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1570,10 +1570,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert has an SKI extension marked as critical, which is disallowed\nunder RFC 5280 4.2.1.2.\n\n> Conforming CAs MUST mark this extension as non-critical.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkTCCATigAwIBAgIUPSn7PpYOAZoSiAua0rCQ5TcGB0AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARf4RZz8Kb9aJ3sxgeJESc8Rz+RoZwuP05iNCDV\n57JqUJM5AdwWNn5RM5ld2Z499jC3K/RM6YXG/JaRLZQqitcyo1owWDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAg\nBgNVHQ4BAf8EFgQU1A776SZ6pRpv4YXrdQlsyq6NWhAwCgYIKoZIzj0EAwIDRwAw\nRAIgYEP9OdO4Q34kxou36FqAxKxDZ6mzIe3k5WdPCpE2ZPkCIA/0yrACAzuEBwW/\nK9WX9WYI/AtXozeoG9SIQdfFJRVm\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkjCCATigAwIBAgIUJt/2KFI8jlwPjJUimFlyuAoChdcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQAXa2/I9v49sPG4HjGoNvFhvEW2lFgoaCAfQJS\nQUpC4yKh+m7tDEBXlK0AzB2LcltlIWGaSV2a6inVVogkI/Z0o1owWDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAg\nBgNVHQ4BAf8EFgQUIXRfk5ZBe06wBlKMX3bqtIaXFJUwCgYIKoZIzj0EAwIDSAAw\nRQIhAOS7jbVTkxPcjnP3OKLReIaYxeQsK8SVdnd8ekl7xbiEAiA9r+fQbNR4ggYT\nd6aOOy0H8BZLGYz8VZC+cVM+vBm+SQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUGcH/DjVs50H0ICr/pkPU+CF9y1owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBXKORcQw+JEqjVWKUoaXPu9isGN7CsMuBQ3n6uZleMK\nxpdbQ9agT2T2c7FJkC50QM93omdtEgMD+z+OK9LhCF+jfDB6MB0GA1UdDgQWBBRG\nP/WV+SfTLDBdZ6hcnUjwy5NqczAfBgNVHSMEGDAWgBQcQhMVEIUeoHyGwNwwpJFI\nC1IxhjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgU7s0n8TxoZHlHviWHWsS\nB9MRxC9HK4bZK4Efz+lF4ncCIE8M4Hos28geU0fgrNsYZEyZ3CMInjhVzt7Jfukz\n1PwX\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUDWHCLgMfdzNVTW259wMcAGQS5QwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGwO78Pw7shZA6XtP8wLrkbHLpUbOXM8+jagaZfDp7ny\nyLJyQeUfByq0KgDEEJiIEm5IuwdCWWf7OjJ0Hm04jG2jfDB6MB0GA1UdDgQWBBTB\nGeCtQRok2J8tvyQAjUcDTqneQzAfBgNVHSMEGDAWgBQO1YNE7emVSdpARcRaTS6M\novDJPjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAP0+C/SPu3d+b3XI2xBV\nf7gPTM+GPqYogHcLiOqgE5ysAiB3vIdbQz4J0q7MQvv8n8tLhf6MvjYZi4bd31Hg\nzliJyA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1593,10 +1593,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert is missing the SKI extension, which is disallowed under\nRFC 5280 4.2.1.2.\n\n> To facilitate certification path construction, this extension MUST\n> appear in all conforming CA certificates, that is, all certificates\n> including the basic constraints extension (Section 4.2.1.9) where the\n> value of cA is TRUE.\n\nNote: for roots, the SKI should be the same value as the AKI, therefore,\nthis extension isn't strictly necessary, although required by the RFC.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBbzCCARagAwIBAgIUG7S7gbxJ3g041W+1/OZTqyLMYhgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARWcYegncqFxFP/bLh3YsyuUrQZO6fbb7N+TrMX\nc7xugbRJU1rTq+fIf6A84ErPhnHCGiQfAa8i+tMFBnUqsbgSozgwNjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiAuQNck57uulRkvU3dlgOYZGQ1S/cmz23zkuK5VOzdD\nOgIgNq3CFF4V/XPKGLzna97qoXhUo7mv29X24QqP0invzwg=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBcDCCARagAwIBAgIUApm2G+lv6by2G6YzSSAHVUB8XacwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATv8vtsa+B3TDi+otnJt6p4H8Zzp5TWpnYce4Qx\neYxBJx+Spya/Qe0QpcucNP1il1S+Yd5wgruHzKPQwZsloYHcozgwNjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiBODdOVNVk3q/L7tNjbF9BkTWE/PW50FkxCS0w3pq8p\nCAIhAPnD518hxvk3a/j9Jd+2HrHenpdEPpTKjqbkGPxSi5Qr\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUbobYK62dnfGx6nlsutLun+vtRsQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBqq+Vz/9ABhu9lB/1wC+vzAu+pYKhtmgT4XzAe6Yk+c\nOcwi2uOqM4j9Xfe3zT2YMktys2SAWIjY0+LFRnpWkXOjfDB6MB0GA1UdDgQWBBSe\nUuyRsyYxfVJDqyam9DtlxI1ALDAfBgNVHSMEGDAWgBRHUWLAEPfJtP3/9DfKWkS5\nGMOAcTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAMP+CBfkrzAdo1pFVaGb\nTLGvi57mzCDtOhF28yQXL9tIAiEAoMLXI4k74dLWaUlV2qvtQOuV32RwoqsiBJua\n83B1jzg=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUQ5IlXnFhXaH3IBPt6HuuX7ZMJ5owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOQHhEt0P5tGFemmFv+BGDEEaZIzIIYlj2zkzGwLaXfP\n7RAs1aIrzZHxHgyQ8JgtwTd1C4c7H6Fzk1iom+7E89SjfDB6MB0GA1UdDgQWBBRR\n0YSTNC5/gd7kKsPxhAAhpJOmBzAfBgNVHSMEGDAWgBSekNz4zoVFw1G6k1lfziJZ\nsrD/7TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAIUo/Ucku8YzeyW1DKFv\ntFc0Nded9IsScqxh0vY8EEnGAiEAii8sRzHTypPRHG5HYXPOyIQ8hh2Mh3wPYySs\nMyHqV6o=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1616,12 +1616,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA -> EE\n```\n\nThe intermediate cert is missing the SKI extension, which is disallowed under\nRFC 5280 4.2.1.2.\n\n> To facilitate certification path construction, this extension MUST\n> appear in all conforming CA certificates, that is, all certificates\n> including the basic constraints extension (Section 4.2.1.9) where the\n> value of cA is TRUE.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUR4btApR5q5wktk6t7xbg6iSrO6EwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQX9ujpQ0kfk6J50AI32zmYs5PV4UiFoNoGfsin\nNjqIiymbT+vmnevmpDe9d9yU4ku/sDduudT9vux6OeexTGpno1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUTWKxejkZNgZObHABZwGCoU2wYBkwCgYIKoZIzj0EAwIDSQAwRgIh\nAIWWbx/lbezfnvjSwtzaRZq63yJN08efoBRwZDu/a43uAiEAqvO8mMiqaremOaUM\nxPs5F56pVsdXNsTphoiOm1l8hiI=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUf+NBQPuxaWXBz57xpWrXBGRlfW8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARZ6+264P47kOGj9Oq6U4Nsd4xEVrNPkE8Ls7YB\nVUMjL5/WD5lXR/hqyA1bl5Nk+0Yg4GDyvfh5xWkxhYUqdHZdo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUBajRGz4ZXiw83pBbrlV7PKMm8YIwCgYIKoZIzj0EAwIDSAAwRQIg\nG+Xnaif5uX0n7OtPRQxlD1ueuv1bLTfPf6BTaTBgjTYCIQD6lMGAgwE8GDp2ZMA2\nsapIgOQC7Esy0T0gFlrB+JG5fg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB4TCCAYegAwIBAgIUJ+l/9tGipRFCW+jtE6Wv6kwtNg0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0MDgzNDcyOTEwNzQ3ODM3NjI3MDA4\nOTg4NzQ3NjI2NTY0ODcxMTc4Nzg0MTAxNDUxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABLzQ28aDcKRUt5kKV4jfDkb1dAfUPgNkpE6m03SeP1t+9n7UmuJ9JSkVohqT\ntEqMacFKmf+SlaqCoqXBKBMaX52jWTBXMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFE1isXo5\nGTYGTmxwAWcBgqFNsGAZMAoGCCqGSM49BAMCA0gAMEUCID55Zq2Vqg88kRkg0jgx\nunfvP4BPnzNTuHbkdT8npCQrAiEA0S3F8jv/xI9sq2EvZUp6u5k8H8xuD3ZlsYA6\nYGCIF5E=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB4jCCAYegAwIBAgIUKWAPjY15dDuXOwBnA7qVAkyo3CMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA3MzAxMDk3ODE0NjU5MDg1MTk1ODc4\nNDA1MjM4MjQ1NDQzNDY0MzkxMDU3NDAxNDMxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABN1X6prc3J8hDD6JkA/8m9Gk7oJSu6MR8Qndf1wpJoZZCVIGcIGimoujzHFK\nIrhaRXxKDKVQk19lXdojymxYc+ujWTBXMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFAWo0Rs+\nGV4sPN6QW65VezyjJvGCMAoGCCqGSM49BAMCA0kAMEYCIQDp/g1H0fXLSQysj/Tk\nwJTvQj7Iu5WSpkXJb9aOms58vQIhAIgSaVohMDE2DTHH1xwcJPquKVgPmPuMDXXm\nCehLiC/a\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIULisc1L13QIl6l/I2h0S9+ATzdUowCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDA4MzQ3MjkxMDc0NzgzNzYyNzAwODk4ODc0NzYyNjU2NDg3\nMTE3ODc4NDEwMTQ1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n8MZC12d2YT5At7rV/MhVYdv7potCBZquPV55GUn9SA6i4Eq5LGW4CUE6bawZxKfP\n0+FeJedL4kz1TPkWdLgThKN8MHowHQYDVR0OBBYEFCezVEsaHxBLTYkv8C2vAW8t\ntoPuMB8GA1UdIwQYMBaAFOyDauUuw0/xnZSmyO/bafwY+cyCMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiEAidazO6rN5T7p1k+VMsJhenpxVjVWQVsUT57gNCws\nrjACIBL9EQvsCQncVElZu0aC/2aKD3m+gS28vPMJqZWPneyu\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUTCb5L2g+LUPBTLn5WGBKEz5a2hswCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNzMwMTA5NzgxNDY1OTA4NTE5NTg3ODQwNTIzODI0NTQ0MzQ2\nNDM5MTA1NzQwMTQzMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nC4fbn0FXDRg7hBQh1+mv2THdKKvt0zI6Ib6B9pxSy8RpcqVUOPGbT1J3VNzcMY4a\nx8ZiAoseKno0l0EvrSgT7KN8MHowHQYDVR0OBBYEFMgxDU+firkrpiOgiu/0B7UO\nssm/MB8GA1UdIwQYMBaAFKnNqEfjxrDrR1s7WHbonOgeP+ekMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEAms0+1JhrY4E1qkGrXqNeq9yw6MH33VWFlkIq2jJa\nkL8CIQCcU4tUH164gDUMLSxQso7YEdCiQitKmWSjORo8gt5x4w==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1641,12 +1641,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> EE\n```\n\nAll three certificates are well-formed, but the root\n(and only the root) is expired at the validation time.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjDCCATOgAwIBAgIUHpbCz7qyXEyP6PLEC9xEt5CyqNgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTIw\nMDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEKwhuFAOu1ObiTIE9/BD6fEzFG+jvfKmIAF8WDyUj\nSK4Y4r/6sR7hM+pDvSRXfNXEKW/m3GoPCwKRcBD/JKe/wKNXMFUwDwYDVR0TAQH/\nBAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYD\nVR0OBBYEFDfzgy1k+CMBlU0Y0OdB9EACgCJmMAoGCCqGSM49BAMCA0cAMEQCIBkp\nP8hcyerv+rV+6H/TsdlEAnTvy+tdN7Md/0att7rCAiBsG16fGhgBhTq3X+rtnqLv\nfJjE9Mj5LUfto5orpjHTaQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjTCCATOgAwIBAgIUNgbnRxT70eQEhoytFFuJP5RzkbAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTIw\nMDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEv4P9R57WTuxvmvlXIouceETXhIFN06yvuiHrVMLa\nbyFwrfqxhtduBhfieokiLaYKUErnoSdif1OZCIRz2aKY2KNXMFUwDwYDVR0TAQH/\nBAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYD\nVR0OBBYEFEwxvw+uzQNkkcS2Uu0vG+TjBgJDMAoGCCqGSM49BAMCA0gAMEUCIQDm\nR36FrfYeXmt9+PmrzCC0etUXv0u5gm4p4oLoygvNYwIgJP5jC+hHtwapZ7YoB6nt\n2vYuzWyE6AN33aDViu+uHsc=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaSgAwIBAgIUCy+AurWLer5WSh65aHVYg1fMP2AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowajE5MDcGA1UECwwwMTc0NjMxODA1Mzc0NTc4MDAxNDI0NzEx\nNDY4MzY5MzQ3MzY3NDAxMzg0MjI0OTg0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWlu\ndGVybWVkaWF0ZS1wYXRobGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAATRGyI1Kzs0tRkz+1CT/PEJ/XejN8iurxvXiXVT0kjvVH6u4NaRJrA5ObzAP6yd\n9Isp++0D9nM5LH1DK1VB6B+jo3gwdjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE\nAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQ384MtZPgj\nAZVNGNDnQfRAAoAiZjAdBgNVHQ4EFgQUPh7ysfeUVUjTCWITTVDgSkezf58wCgYI\nKoZIzj0EAwIDSAAwRQIgCSMkA3mVRO3+BdgJ7eaC5UVHvpxb/fe//C9GHuUTnjIC\nIQDBR9apezsxLY+x7F8m/yj0JA2LKPg1sXyfZKFl46l1Qg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaSgAwIBAgIUaCRgQkAF65+mRnrX5mM7JeIazhkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowajE5MDcGA1UECwwwMzA4NDM5NDUzMjIxNjY4ODg5NTY3MjY0\nNjM1Nzk4NTA4OTA4NTEyMTgzMjkyMzM2MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWlu\ndGVybWVkaWF0ZS1wYXRobGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAAQkqyscS1Awfovfbk25dQ54a+m3qHarRYMtN8mW9CAp1vCpfBzXHP5trqXp4ApO\nGTwO9V67H64mA9NPtX0w1YlXo3gwdjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE\nAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBRMMb8Prs0D\nZJHEtlLtLxvk4wYCQzAdBgNVHQ4EFgQUy+arrDqTBYjiAOuqurkihspuANgwCgYI\nKoZIzj0EAwIDSAAwRQIhAJTffXRcLuTsAF7vFMGKWO6yBjEtMnchrm7Ewkd3L7Mc\nAiAHvLO5MFn9nZcl3eBtm1jJXSiyMSvd9w/xrQToPw8m/A==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaSgAwIBAgIUVi78h8OaGp3WqRJ+vylcuP3c6dYwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTc0NjMxODA1Mzc0NTc4MDAxNDI0NzExNDY4MzY5MzQ3MzY3\nNDAxMzg0MjI0OTg0MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwHhcNMTgwMTAxMDAwMDAwWhcNMjMwMTAxMDAwMDAwWjAWMRQw\nEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLD8\njOyk15t8D8d+RevkeOhqeVA2AbObBkBjoXeZuJU21qrUojRy6mAqrqPaRquHcYUX\nE9CaJna+eR6NagsCP2OjfDB6MB0GA1UdDgQWBBRcRBWBYeCthsdkqjaVpwBVa41C\npDAfBgNVHSMEGDAWgBQ+HvKx95RVSNMJYhNNUOBKR7N/nzALBgNVHQ8EBAMCB4Aw\nEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSQAwRgIhAIE0atBcRJFfJJ3/v8qk/fQXCN23Bh1JrsuPdffwaXiZ\nAiEAq/aFOvKgWyXdP3EjZSO3fTo2vhKUUMkdM3jkYvXs5OU=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaSgAwIBAgIUSbyLc7r+Qg9iCRlzDtDJKP1wylEwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMzA4NDM5NDUzMjIxNjY4ODg5NTY3MjY0NjM1Nzk4NTA4OTA4\nNTEyMTgzMjkyMzM2MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwHhcNMTgwMTAxMDAwMDAwWhcNMjMwMTAxMDAwMDAwWjAWMRQw\nEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABP28\nlpoItRvpCGGzWXqvGlYEfu/wRYIRYnOU2tEbtXpBVu1zILkwkVRg1M3rZZJSjbB+\naacheAPJtiOHmFweYsKjfDB6MB0GA1UdDgQWBBSGBU5/0vqNH28g7W/igR72mgF/\nhTAfBgNVHSMEGDAWgBTL5qusOpMFiOIA66q6uSKGym4A2DALBgNVHQ8EBAMCB4Aw\nEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSQAwRgIhANdTOAEXwAldJK0hP+6zJwCesQw86QjAp6XiW7NP6gz3\nAiEAvNxeKhTBen+41tzq1zQWZL9gmDkJHL9pmb/AZUIyS0I=\n-----END CERTIFICATE-----\n", "validation_time": "2022-01-01T00:00:00+00:00", "signature_algorithms": [], "key_usage": [], @@ -1666,12 +1666,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> EE\n```\n\nAll three certificates are well-formed, but the intermediate\n(and only the intermediate) is expired at the validation time.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjTCCATOgAwIBAgIUFPtiq/E6cv14cbsfIGDCv3BZD+YwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAE/w348qX4VOlx7jxyorD2+1ZZ7edlBmhixx7RxC6Q\nDelSrq3xB1xe0qsMz1HleLkDv2lw0djCNmjOG9BdDENgkaNXMFUwDwYDVR0TAQH/\nBAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYD\nVR0OBBYEFG+BLUUr1gHX9LsSOXu6QncsZ8/wMAoGCCqGSM49BAMCA0gAMEUCIQCM\ncHk+0t/OUbypw4isVeTZ1oiAh5lnV8ApBZ35mmprXwIgfoJc3kaU9u1MCK66Vwma\nJJw+HEMMoznuc76xqOn1Nts=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjTCCATOgAwIBAgIUDvDuC87FLhOwD6eT6yJ+shGLGHQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAEkk3HOQ+XBRBQX+wDsqB7/dXmpAcWwH/o2J6HrUW1\nIxzTTQOFG7EmdSngx54UoVd4cdOSbJx8+9OImwfR6Zofk6NXMFUwDwYDVR0TAQH/\nBAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYD\nVR0OBBYEFLixfw7cy2yycWxWW1Cj/4IRPJz0MAoGCCqGSM49BAMCA0gAMEUCIQCN\nhvUIiDpAYlOQjEyNAxoX4rDeYSON4q0FUGxWOYjU5AIgfX0cnrDog/vmBMW1+D1N\nuTN4md+zwsuEpoqz6jVgiK4=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaSgAwIBAgIUGwaPSi6vEPPfcgGar7RxGXzwtsQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTIw\nMDEwMTAwMDAwMFowajE5MDcGA1UECwwwMTE5Nzg1ODk3OTc0MjYxNDY1MzU2NDky\nMzM1NDQ2MDczNzgzMTM2NjIxNzYwNDg2MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWlu\ndGVybWVkaWF0ZS1wYXRobGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAATr/Y+o/X5OOq/yuBeRBf3kAqaUmCpL176LJeY9r2d9cz9A67KhjKwSKj/eL6PP\ngytRowzYyGSQ5P6YBhFFMs/ro3gwdjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE\nAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBRvgS1FK9YB\n1/S7Ejl7ukJ3LGfP8DAdBgNVHQ4EFgQU30a5/sGpjf/GA1Ar9De37L3cpBUwCgYI\nKoZIzj0EAwIDRwAwRAIgNKNP3mUhjMAm5wRUze4ppynU+6SpiqxRgtG9RAx3zbYC\nIDgOMdbAW+nerMWoMa9qjLicPhpqnEH8Yb/zEvKWL+cl\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUMlerKfHJHcKM52ENJaHuDYwAMVwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTIw\nMDEwMTAwMDAwMFowaTE4MDYGA1UECwwvODUyOTg3ODYzODExODM2ODIxMjU3NDY3\nNTQ4NDgzNDQ1MTA2MTgwMzAyNTAxMDAxLTArBgNVBAMMJHg1MDktbGltYm8taW50\nZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBN+84cOv4sD7Kyo8whJ8yKhfFW74quq+qyRPlKWeTXEuW7H+NzV38fdPZnrrREwd\nx8lFK/JlyzMcfMckPnqiy76jeDB2MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQD\nAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFLixfw7cy2yy\ncWxWW1Cj/4IRPJz0MB0GA1UdDgQWBBRe0/cfSVh+wSbo5gX6giUxieFmDzAKBggq\nhkjOPQQDAgNIADBFAiB8/TUS4BQ6GOgs3sNU0pzyuTc55TmHM8ihRaomWZzpnAIh\nAMI5H0DtEb2vc1hx3EIpijxr+ofy2nIgwGzetBNvEBAs\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaSgAwIBAgIUd0DAM/Xd6MAwe7Ihu0CDLGk7TWYwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTE5Nzg1ODk3OTc0MjYxNDY1MzU2NDkyMzM1NDQ2MDczNzgz\nMTM2NjIxNzYwNDg2MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwHhcNMTgwMTAxMDAwMDAwWhcNMjMwMTAxMDAwMDAwWjAWMRQw\nEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIDr\n0pOrhF2lHSuJPvtObNaMY9O9SpKArqSpQXlEthOt8naWXUHPB4uRGN4RfRz5noQm\n7KZ/xH9HJsynJeZNNKejfDB6MB0GA1UdDgQWBBSZ0nH0oE/nUAM3/9uAgpjBASn9\nJzAfBgNVHSMEGDAWgBTfRrn+wamN/8YDUCv0N7fsvdykFTALBgNVHQ8EBAMCB4Aw\nEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSQAwRgIhAOP4BPLWNRlmQRRpH6ZcA9lT/FwsMlsiebXDk/lZ9pIv\nAiEAqV8eH6WbVer++ewW/87PPtgvZ8rTbdJXqSq4mir4wss=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUHA3I2sMjaN2RyJjjxv9iHv5ClcQwCgYIKoZIzj0EAwIw\naTE4MDYGA1UECwwvODUyOTg3ODYzODExODM2ODIxMjU3NDY3NTQ4NDgzNDQ1MTA2\nMTgwMzAyNTAxMDAxLTArBgNVBAMMJHg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tTm9uZTAeFw0xODAxMDEwMDAwMDBaFw0yMzAxMDEwMDAwMDBaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWy7P\nzwBHsZMvo7E0vyboa5+GzKj/VbQJtbjVNAfSW06xL4/yxucRaToHZmlJVsJ6gyak\n4tCpPMV5H1Lzai0gYqN8MHowHQYDVR0OBBYEFOQs3bxF33LoBfcXcAoyaBeclE6R\nMB8GA1UdIwQYMBaAFF7T9x9JWH7BJujmBfqCJTGJ4WYPMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiEAkQDBjtIfEai9JLLP5Q0C6nARPFnvVOknDLmWS9Ekx3oC\nIG178qCxYobofFJlNy7q/MoO3HuZgDmdK89L7oaM6gRz\n-----END CERTIFICATE-----\n", "validation_time": "2022-01-01T00:00:00+00:00", "signature_algorithms": [], "key_usage": [], @@ -1691,12 +1691,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> EE\n```\n\nAll three certificates are well-formed, but the leaf\n(and only the leaf) is expired at the validation time.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjDCCATOgAwIBAgIUQpbOCgPUxiPM8QNxb3XsM0OL/SEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAERLLCJzLridVkwGiigwLZCeltue0JgO5lcRIhtG7c\npID9zzm0nYb9Q7GHmoiuX9fBs9P5LXvIBn8qFz+v2hbqo6NXMFUwDwYDVR0TAQH/\nBAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYD\nVR0OBBYEFFL8lNGhzKOfDMYahMXDThoVqKnFMAoGCCqGSM49BAMCA0cAMEQCIEIQ\nak9SSh/jXfaUzseckzBFFQZATSDzjt5maNfRBA4iAiBx/gYIy6r/qmyc1Eb5GxoP\n6M4KCZoAbLB7yPZHnlLxaw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjTCCATOgAwIBAgIUepUSyHIltk9vff28K9BuSqfcmi0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MFkwEwYHKoZI\nzj0CAQYIKoZIzj0DAQcDQgAERQN/PssC+UOcQf2HN4OEZpwI0GmUaCekBTP4k7IE\nG7R8USrdrgfoq3fWod3qWYXie8jE0CUeElEd557I39FFuKNXMFUwDwYDVR0TAQH/\nBAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYD\nVR0OBBYEFBf53jyy6DNMs05F7g2SrY4iO2hAMAoGCCqGSM49BAMCA0gAMEUCIQDS\nI0t3hg2qQ7+11K63qYFvD85yOty9BADjhZwjCwtFOwIgOLF4pu2o1e1nErVKs0iv\nDwbhmh1hn4+S8WB1tkSqlsw=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaSgAwIBAgIUGRJaA01H0SmoLiFwVdVIjeK/Mt8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowajE5MDcGA1UECwwwMzgwMTU2NDUxMTkyOTcxMDgzNTY1Njg5\nMzQ0MzI0MjU3ODQzODEzOTMyNTk2NTEzMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWlu\ndGVybWVkaWF0ZS1wYXRobGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAASbhFXSCpn9IxFQN5Ppx3Xsi96532+950sIJWjwp0yzgr14hzz6oGLnR7alL+38\n0mYy/WzQmlVzBfJYfGye1RCko3gwdjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE\nAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBRS/JTRocyj\nnwzGGoTFw04aFaipxTAdBgNVHQ4EFgQU+Q4N2njYaF60BbNkhyitA2FqvacwCgYI\nKoZIzj0EAwIDSQAwRgIhAL6z69YfttXdrLA5ygE64nOYikmY1Xg8Iusd/SkqSOac\nAiEA3cZxusdSlWxD+WM2cgPmmN4ULaCvHSk4UT3AWX17UEk=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaSgAwIBAgIUf3lZBJWQ3D0yZN16nRM4pf3sHEgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MB4XDTE2MDEwMTAwMDAwMFoXDTI2\nMDEwMTAwMDAwMFowajE5MDcGA1UECwwwNjk5ODIxMzIxMzA0NDM3NDQ0ODcxOTg4\nNzU4NDMwNzY2NTUzNjQ1MjEyMDE1MTQ5MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWlu\ndGVybWVkaWF0ZS1wYXRobGVuLU5vbmUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC\nAAQWtUVEFfFsLaKZvizlDVNdmnxYDb1psWk1+ToaQkijaH4Jvs9/lJBgzfbByGi8\nDO+dyLZQtcntZLu8kH/aBp2Oo3gwdjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQE\nAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBQX+d48sugz\nTLNORe4Nkq2OIjtoQDAdBgNVHQ4EFgQUKEff7Ip/GssUYwCUaRQJZ5uSb0IwCgYI\nKoZIzj0EAwIDSAAwRQIgAhvAYWgee0IIzhW/1rzZpT3UQTIkzke1fIOr5h4UrUsC\nIQDkmBjGOgwfgMyXYPYN+SdNT1MG2eQJxwxN5KznJkpl0A==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaSgAwIBAgIUZ+KNsBqrTBfQzwrZXWIwYqI8tU4wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMzgwMTU2NDUxMTkyOTcxMDgzNTY1Njg5MzQ0MzI0MjU3ODQz\nODEzOTMyNTk2NTEzMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwHhcNMTgwMTAxMDAwMDAwWhcNMjEwMTAxMDAwMDAwWjAWMRQw\nEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABP8U\ndW7c3CUk2GJIwFiyTWRinr37GltQYBNHGGh5R3nBxI/2FPG25lwcFI2C6jZfaJHd\ncCajZr7CBB0ntpUKOrGjfDB6MB0GA1UdDgQWBBSMS5Loa/MLBICx+xE0q5EvH1U4\nNzAfBgNVHSMEGDAWgBT5Dg3aeNhoXrQFs2SHKK0DYWq9pzALBgNVHQ8EBAMCB4Aw\nEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDSAAwRQIgSIW1AxCGvLjtXC2XxRKt3zNu8vKH+fCDdjUhcvjYtbUC\nIQC0hJG/ppk7q/5+8E/3s8RTnTOWhbJPOK3lOFNfmrCa5A==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaSgAwIBAgIUFyXL5ZOIAP3uX8lQmuhCWn/wXm4wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjk5ODIxMzIxMzA0NDM3NDQ0ODcxOTg4NzU4NDMwNzY2NTUz\nNjQ1MjEyMDE1MTQ5MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwHhcNMTgwMTAxMDAwMDAwWhcNMjEwMTAxMDAwMDAwWjAWMRQw\nEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE1R\n+V0jvF64fvpM4t9DnNF+heUbVWAwEF598DHNLPMGyGmoRm34b3+d5sk2Ku0m+se6\n6ObfNy3UjNhleyd3VBmjfDB6MB0GA1UdDgQWBBQxf04W/3AV2PzQvwZwaa8TVNfM\nFTAfBgNVHSMEGDAWgBQoR9/sin8ayxRjAJRpFAlnm5JvQjALBgNVHQ8EBAMCB4Aw\nEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYI\nKoZIzj0EAwIDRwAwRAIgaKLQTc7jiXLky0J3g7ryUZjO7riXWVbEku2tt1oKNokC\nIEv6ImKqKUL2PabEwmhjfCMcDnxvm34CUS+8E8dTDbdF\n-----END CERTIFICATE-----\n", "validation_time": "2022-01-01T00:00:00+00:00", "signature_algorithms": [], "key_usage": [], @@ -1716,10 +1716,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is invalid solely because of the EE cert's construction:\nit has an empty issuer name, which isn't allowed under the RFC 5280 profile.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBcTCCARigAwIBAgIUFaUIlp4yzS51FkWILUn+eaG2+ogwCgYIKoZIzj0EAwIw\nADAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFzEVMBMGA1UEAwwM\nZW1wdHktaXNzdWVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETPQaUxebbG+j\ns/vpTtTwNuEcFj3dMaAwLLU8MCwlk+U+L+Gy2ywoBKvxObn1UrMF7J+7XDK+zMmP\nLkSEu9zfBKNXMFUwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0R\nBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFPogqJ75TFaW2jLDAbsnBi3QWoMU\nMAoGCCqGSM49BAMCA0cAMEQCICh5k5Xcp72dcAm6Fs446OdMpf9Tp9A1TH6kCmYY\nboKSAiBj7D2kbiT+c/52B+teq4bNI75mFLan3cu8mBTXVz3ZCQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBcjCCARigAwIBAgIUJrVVuvBxSA1edCkQVGRlB8lHUekwCgYIKoZIzj0EAwIw\nADAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFzEVMBMGA1UEAwwM\nZW1wdHktaXNzdWVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfNn2+LuL0Flk\nSaiGPRHbSYVI8hcEyRBq2l5eACLewKEkoluX1mg5T2V2+xSAGPEnmbLRLXq3wv2O\nquHLXn9SpKNXMFUwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYDVR0R\nBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFI5Jm0ANAmeZ6BCOORVeOUaP4/kK\nMAoGCCqGSM49BAMCA0gAMEUCIQDVAwTI8njetSUpWsA1olf1jc4tZdtMt+NmtORO\nbYgAqAIgG8zSpJ9JhE3NS047dm4c4wt9nf1zAzjQ9x1S312+x20=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrTCCAVOgAwIBAgIUc2E41/fytqLXglc7xnjkO6/PUsQwCgYIKoZIzj0EAwIw\nFzEVMBMGA1UEAwwMZW1wdHktaXNzdWVyMCAXDTcwMDEwMTAwMDAwMVoYDzI5Njkw\nNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEG\nCCqGSM49AwEHA0IABLSJSs3oFPSfVw6sa47g66uQ4n6FG1fdAsPOtvp4KIk16VhH\n+UHD/h4QRs8WM8pqXMxj3LoX9oXtrNadBzVQN6ejfDB6MB0GA1UdDgQWBBTULRyU\nP8qDIKgHBDT7rfkKrTb7QDAfBgNVHSMEGDAWgBT6IKie+UxWltoywwG7JwYt0FqD\nFDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgPM7+HclqO/jTyk03zRya1xtv\nrrWMEObUdLNq/QL77EICIQCot+XVuzAK+Q+aHHcjlo4L1b7Lf4dBnF/6z8OMjJdg\nfA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVOgAwIBAgIUUy85cbRQ1RHSOobOaAZPFePXGZ0wCgYIKoZIzj0EAwIw\nFzEVMBMGA1UEAwwMZW1wdHktaXNzdWVyMCAXDTcwMDEwMTAwMDAwMVoYDzI5Njkw\nNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEG\nCCqGSM49AwEHA0IABHHxEMhEEscG5YmKG/hOy5UoLmQ4uCv5C522SgpoE9zjqNMq\n6sFHgQbOtYG8GMLL1hNMA34av81DiDmw6XxU1gyjfDB6MB0GA1UdDgQWBBRIfIWa\nMkqbhtey6y3VPSN8rnOfiTAfBgNVHSMEGDAWgBSOSZtADQJnmegQjjkVXjlGj+P5\nCjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8wDYIL\nZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgXijKdFRO0DQ/wiYPANRmXIZw\ni2R6w8WFjXm/Op+9uMICIB/VCRy0yfcqxhhC4ajiaNergWsXfn0+6HVMMKCLA6Qk\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1739,10 +1739,10 @@ "description": "Produces an **invalid** chain due to an invalid CA cert.\n\nThe CA cert contains an empty Subject `SEQUENCE`, which is disallowed\nunder RFC 5280:\n\n> If the subject is a CA [...], then the subject field MUST be populated\n> with a non-empty distinguished name", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBdTCCARugAwIBAgIUJaxx9TYzUBb3AlAq0ARpz/psTtMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjnUKJcwt\nOIqAAIgh+ttQvBn0/6qeVwbm5gssCeEtl+soM8OWXpmhd1e20hoJtb1p8JlVjJW2\n1zVvGal32oOtmaNXMFUwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYD\nVR0RBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFFVE5ftxw2ar5MsK6iWsdY5m\nNBnDMAoGCCqGSM49BAMCA0gAMEUCIDLaT7o+P9p9CserkqmbJNaVh39ThB+ZCvV6\nhpnH7x7QAiEAsVxsv7K1UfSocqcTdrL7GsxWRBrlQiJqE9SADlPsMzw=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBdDCCARugAwIBAgIUW6fFFK4gtT87Scb+8mf8gjNGdnwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEHmDaMQM\nh5GP4rhWbQ3B+OPI3ojsvJ8+lsrGoMmPgLhywESQrr5/PWqrxlwiYUFoXETAHqT6\nbH+s0Ax5jm6i6KNXMFUwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAgQwFgYD\nVR0RBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFP9h9F6NEXuEbzEestxIOqFr\n2/sbMAoGCCqGSM49BAMCA0cAMEQCIHeQ5hKJRY7YUwLSn99UEGABODY8LvJrrD4g\nrvjwwoPAAiAZiPNkV3ObnGfXsK/IsRzwrreX1b+Qt7NLatXL29oaPw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBljCCATygAwIBAgIUQ3hm81Q1V+toWG33XH151/hkI0YwCgYIKoZIzj0EAwIw\nADAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwL\nZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9lGQuY1+jkX4r\nP2c8sprrb73SGIjsaTWHJvRgso7Shqu/Ex/akkKi39iuh4lIsbiPSGduoyyJX5DK\n6wAWu7uJo3wwejAdBgNVHQ4EFgQUwSxOlvMabsMx3phRXBFqIFyhY60wHwYDVR0j\nBBgwFoAUVUTl+3HDZqvkywrqJax1jmY0GcMwCwYDVR0PBAQDAgeAMBMGA1UdJQQM\nMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMC\nA0gAMEUCIQD1RNZ1P186gPrA9ZnPutEmNDlCvIUUAPXI5WrMESkMUgIgJhzAZgJS\nUGNQ4f3TNhp0bG3rPmEsIHeCDF/jLLt8/fw=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBlzCCATygAwIBAgIUH6jeqpMEUwv94+Jmd/OnqaBvjxUwCgYIKoZIzj0EAwIw\nADAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwL\nZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARl3n1DeTPfqHxv\nR9UV18+8wsuaKcokjiJa+n0vNyX2wUf1oz19hwP4Npg3ePZmrbJTMiCN/EbeFdRs\nklP1rY9Ro3wwejAdBgNVHQ4EFgQUk5fyHJl4y3XP09nFHNxUWFXSbfIwHwYDVR0j\nBBgwFoAU/2H0Xo0Re4RvMR6y3Eg6oWvb+xswCwYDVR0PBAQDAgeAMBMGA1UdJQQM\nMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMC\nA0kAMEYCIQC3ZNn6XbbPSh8bya/4HH0hcpCHNCYZ5/CQ2DApPtoT6gIhAN7uYIyv\nyGR6fo2upSPfmBQA24Fp39osoMSGMVCn12Jq\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1762,10 +1762,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert has an extension, 1.3.6.1.4.1.55738.666.1, that no implementation\nshould recognize. As this unrecognized extension is marked as critical, a\nchain should not be built with this EE.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUCg2YRJkViIAvT7Yd092GufWeSlIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARKr5I/1S4twbsaDw/MtPT3VtRT8SN8PPig/h5E\nQ0g+QG83dnLQy1fZF00/LevsQh36shuEo8jS8Zs8fFiwdTHUo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUVErEQ6K4KiWH2umuKqCC9pJS440wCgYIKoZIzj0EAwIDSAAwRQIg\nDlm7+T06fSPKEb4jjeNRkL84V0EnWaXP9zIc4m/ILGICIQCcyolp3Fila5XUmOyU\nsD8eBi6GSNdZyErSDeskWJfz3A==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUIxrMaV+Jk8tUkOp5PQzHfsd1TYgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASMiAbj0WrbEAXUVg2x15DxBNnWWj7JC6LhPtWP\nsfLBlo5jAjoXW/jS3v0dK3nYMFDQtit9xZDFDYFL92fbFNH6o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUZfOUfZGWE6cHejykTvzqhZBomS8wCgYIKoZIzj0EAwIDRwAwRAIg\nRFrmildD/o3sbg39m4wWvGCZiOp2T1KHFejO22mG7UcCIEeOyfd3fyh2JYA2/jOq\nIvEqBtfF4kvPpxJtmPQORIH2\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBxjCCAWygAwIBAgIURwPCIgBy0ptZ+JhE37GV7CgTGOQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGVq+s36dTKktSyI44OkWhD2lAitBr+2ILqFJPllpctx\nQnJ81RnpLuB9YimRUjCT8GLIz+ZJy+kk9aZDo4izFEijgZEwgY4wHQYDVR0OBBYE\nFPLOK9HRGwKvadRK80I6XZCjG6XkMB8GA1UdIwQYMBaAFFRKxEOiuColh9rpriqg\ngvaSUuONMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTASBgsrBgEEAYOzOoUaAQEB/wQAMAoGCCqGSM49BAMC\nA0gAMEUCIQDT2sdHW0n0l5AYHpj3vy/dcaaGJ9lu0Iarj2+4bA3HiwIgDH9cWygJ\nPPLdrm+VRZfY6X3Yu0ZOsrEjRgxRJ3jWZGg=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBxzCCAWygAwIBAgIURNmF0TH27lsTON15PdZoo2Ctw2swCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGsyAOoriCSlT+0mptv10++1ep3jazfCJMZYviv8cxc1\niQ1BQ7trduFCuuDbG61ejf4p8+gRvM8QEvlxfBztnrmjgZEwgY4wHQYDVR0OBBYE\nFAQKDzK5GtCcwOmz8lcolhAH9yKHMB8GA1UdIwQYMBaAFGXzlH2RlhOnB3o8pE78\n6oWQaJkvMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTASBgsrBgEEAYOzOoUaAQEB/wQAMAoGCCqGSM49BAMC\nA0kAMEYCIQCTWWCEJE9zN/8LX7E/kIY1/WfELWFtgqZ9JhsQFlA5dgIhAOejxIxi\nhZdSQNvpLWB+qz+gvD2RlExP/T0HleQrqvYy\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1785,10 +1785,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root has an extension, 1.3.6.1.4.1.55738.666.1, that no implementation\nshould recognize. As this unrecognized extension is marked as critical, a\nchain should not be built with this root.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUFi/wKNJ29yEf5PPYMspXoSBdsPcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQu77TB7U/gK6p3aTE/nmXdAvGnLR2FtUsqTB1c\n4Wn9d/0VQO2H0GXV1w8sFc2/J+CAjKnaWS1KPFQW/d7wUix4o2swaTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUjxTwDoj04HVdagR1xgUimiLy6nwwEgYLKwYBBAGDszqFGgEBAf8E\nADAKBggqhkjOPQQDAgNIADBFAiEA4b50Bx+o2fjqybLQyxxv/Oeer9/hccP3D00f\nMXrZxWACIGxffKhLgnnzfChzY6HM7R1CEusZUl3MfPKcsHVN4EzL\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBojCCAUmgAwIBAgIUY5c/Faa/NuekphO5cd3Lz8TnawQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQCrl78cepUCsNzQhc4KYu0zS57ofR1MDVCL4NT\nooT596pAD0bhg5Q+WjFD9d4DHKmlVTcAZRk2U6UpLwCDzyO2o2swaTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUYnxc/V2VaKVR5rb7TBHYzJxs0/cwEgYLKwYBBAGDszqFGgEBAf8E\nADAKBggqhkjOPQQDAgNHADBEAiA+0mwfk5Pmgrow84mGWfGD9Sd9oZG7p9mxhUUu\ntxMEnAIgRAsIehxq1FNgwsQsYIEZBfRV+0dBpJ7EjkfCBQN0hl4=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUQ/I2bv9AF6HM9cdp5xTdQDWjAtUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOgcRNMo3qH8mjpJAtLRq+0EbL3+zpal4kSkzv829hZE\nUc5ZgoMwQ745s431v5XxBTfQ73xK3Y1W0CA74DKnvKijfDB6MB0GA1UdDgQWBBTS\np4qF2XL9fFVXJaVGZAuCNQTQ4jAfBgNVHSMEGDAWgBSPFPAOiPTgdV1qBHXGBSKa\nIvLqfDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAImSevlH8UrxM/dbJJ7B\n4BI/d5UR80ZeuQirPiyuXRBmAiAYVsuGGkF25/REmbloAndUPqdtgSkgnjO4h2Hs\nD4KIUQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUBlD0nDwG9yDnOQj/UbZAHx3vB2UwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDWSrVKvOPldJsorbCZgVRsUtZqDxUCWY4ZsY3+wMInb\n0yLD4Yx15kmGTSeymEWQKaERrSUwgwgDIkh83ZWCONWjfDB6MB0GA1UdDgQWBBQv\n4DegsYIIEJgklwO0Sco+04DVKDAfBgNVHSMEGDAWgBRifFz9XZVopVHmtvtMEdjM\nnGzT9zALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgMHqZzwXxeLU0iAqs4h6T\nW7uhdau3qOdnTzvk09QqOBACIC1znZM79iEAW45ZecTQEd/mFkiWfSNNddQwHgBG\nzuPf\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1808,12 +1808,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate (pathlen:0) -> EE\n```\n\nThe intermediate has an extension, 1.3.6.1.4.1.55738.666.1, that no implementation\nshould recognize. As this unrecognized extension is marked as critical, a\nchain should not be built with this intermediate.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUERKfFeVbGV506v7AdAXMvhveUdkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT3KtMFvcsuMqLxLCHnH1IdEdBy0UCN8Ql19EsP\n3jSamHNvdBx2uKwv/u95R9a1f8wnPIPdMwkZzhp+ROu1xL90o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUrZewkSI/n6FCg11hjDBmO+zcMo0wCgYIKoZIzj0EAwIDSAAwRQIh\nAJphLMmbn8vBalXPM3U2nSPhVu2d9G2vxcXUvVcni5t+AiAe5cUs7UMYGpibFXt4\nZK8lw3J/mM7I4qtPS2H8NO60Rg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUTzgVWGLM47ZwrPXIyt6GD2DG7G0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR8IJUUMRZ3f92m9Rxzy+szYssWELBPtJzl91dD\nYfxMq02fhZwVN0liOhZv3x1yWFwKn6j0WM9aWvYMHmJwMecao1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUzkDdn5LiX6p874LeGgQ3rNzKGW4wCgYIKoZIzj0EAwIDSAAwRQIg\nRXBGg3KxYeX+z8GYNvjDJ82KMnNCvQBQrrrRWRzt/qQCIQCIx0KJz6X1caylt+fK\nLOnnBnSTPoCTBhASGgL7OpkC/A==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICFDCCAbugAwIBAgIUEWfQ65NGLtT478K38MzsxDIyWYcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBmMTgwNgYDVQQLDC85NzQ2ODExNDgyMTgzNzkwMjk0MDE3\nOTc1OTQzNjQyNTA5ODYyNzM1ODAyMDA1NzEqMCgGA1UEAwwheDUwOS1saW1iby1p\nbnRlcm1lZGlhdGUtcGF0aGxlbi0wMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\ns7M22Iz0TX3fSk4iNK6btgtKte804PtxTp9TLQONFUsgQ0pXD4KIE/1+dEw7Yl2u\njWgJRKVetPEQutWkfsF6kaOBkDCBjTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1Ud\nDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAfBgNVHSMEGDAWgBStl7CR\nIj+foUKDXWGMMGY77NwyjTAdBgNVHQ4EFgQU17z3flNCG1uqPhPnRVK9KAnZpR0w\nEgYLKwYBBAGDszqFGgEBAf8EADAKBggqhkjOPQQDAgNHADBEAiBm+laV3DFPjrS4\npsFUqMOFqblQ85NOuoZqHVwC0o8hvAIgZpCIwq2rQBu340DseQa6xpi+sOZCNEPl\nRIYy2i6ZpAA=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICFTCCAbygAwIBAgIUVghOxSVMbL0DCHLuJawG7XHZAgkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA0NTIyNjA5NzIwNjAzODIwODQwMjU1\nNDg2MTQzNzg5NzI1MjAyOTM3NzU4OTU2NjExKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBItb8lla9axAnIKjpPZcE10LM1VysEmgT34kUQHJ4YAloQkVkE1n1FJvypiFnYvP\n2DGRUxakLjuBCBLyZ53P86SjgZAwgY0wEgYDVR0TAQH/BAgwBgEB/wIBADALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUzkDd\nn5LiX6p874LeGgQ3rNzKGW4wHQYDVR0OBBYEFN5XGdBvdzX40pWHuv2yOxYeD1wH\nMBIGCysGAQQBg7M6hRoBAQH/BAAwCgYIKoZIzj0EAwIDRwAwRAIgDEsSWGl6Op5u\nN2r1dxxBku6hL/xeh/H7zOm0cPBnlQ8CID2efV5WqMVjY9FzMaFR6LFV02opGdE/\nTuVKhyEP6Be3\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaKgAwIBAgIUeGquwLtohla8t+3lyUM9oxhnP5owCgYIKoZIzj0EAwIw\nZjE4MDYGA1UECwwvOTc0NjgxMTQ4MjE4Mzc5MDI5NDAxNzk3NTk0MzY0MjUwOTg2\nMjczNTgwMjAwNTcxKjAoBgNVBAMMIXg1MDktbGltYm8taW50ZXJtZWRpYXRlLXBh\ndGhsZW4tMDAgFw03MDAxMDEwMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowFjEUMBIG\nA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGv8E/\nitqPZvwoaCl0/V7LhU6B8WyMOhsSjrG3FjsIg1Ul3sK56EWjH0iD9V8aR2nWhRrv\nNclEnDtfDIcKVrwko3wwejAdBgNVHQ4EFgQUp3nr4CMBmXpb14MtRsZxr3xXo0Iw\nHwYDVR0jBBgwFoAU17z3flNCG1uqPhPnRVK9KAnZpR0wCwYDVR0PBAQDAgeAMBMG\nA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqG\nSM49BAMCA0gAMEUCIFPPhUR6wYzAEcSduAoMzV2h0sUKaREMu5OqQaffNeVfAiEA\nnOTlcB6sN8pMPptvd2i6T+zecpbLAOn5T3pevNl5TOQ=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/jCCAaOgAwIBAgIUcz7S/aMFFA2sWuBLDKKgoAGB3Z4wCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDUyMjYwOTcyMDYwMzgyMDg0MDI1NTQ4NjE0Mzc4OTcyNTIw\nMjkzNzc1ODk1NjYxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWRQ5\nSU31U+q10AlYmX3iYLCcNQTHiaiOB+J40FltmeaFSMVlMQRDOYjyQzyjXAyoXuaN\n1kAqnb/gnophMDgOsKN8MHowHQYDVR0OBBYEFPbiRGH24aSYOia88fVCTB1sq5xm\nMB8GA1UdIwQYMBaAFN5XGdBvdzX40pWHuv2yOxYeD1wHMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNJADBGAiEA+H+T2GGHgwz5/l5SsHtlCmr+E/8E7/o+602EWmKy+RQC\nIQD4HIJhMLlttVhtXU0byekdI7hccn0ypd1OP4De19uwZw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1833,13 +1833,13 @@ "description": "Produces the following chain:\n\n```\nroot (untrusted) -> intermediate -> EE\n```\n\nThe root is not in the trusted set, thus no chain should be built.\nVerification can't be achieved without trusted certificates so we add an\nunrelated root CA to create a more realistic scenario.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUcecB8htOdab3yu9EIpWgP17/xt8wCgYIKoZIzj0EAwIw\nJDEiMCAGA1UEAwwZeDUwOS1saW1iby11bnJlbGF0ZWQtcm9vdDAgFw03MDAxMDEw\nMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowJDEiMCAGA1UEAwwZeDUwOS1saW1iby11\nbnJlbGF0ZWQtcm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB3nPpStgmBY\nc/WRAn6xUo4ihWEY44kwiv/Bc9xS368TlWjV3D9pvXNEcxF/Nb831AzMFpRUIcFk\nTEVC5gR3H1+jVzBVMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1Ud\nEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBT1FkNrmkeevTfqVEZ2FlMjnrLi\nTjAKBggqhkjOPQQDAgNIADBFAiEAztTsVauu2fTGS1GTwMlNfbrEvN+0V51sslsG\n8a2ZijoCIEFF4KXrJbKcsQb3Noiqc3kfDO/bS1f8VehtwaYHYIMt\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUEBcQlQ1V/1NHTSfkyUaOpxkAyVYwCgYIKoZIzj0EAwIw\nJDEiMCAGA1UEAwwZeDUwOS1saW1iby11bnJlbGF0ZWQtcm9vdDAgFw03MDAxMDEw\nMDAwMDFaGA8yOTY5MDUwMzAwMDAwMVowJDEiMCAGA1UEAwwZeDUwOS1saW1iby11\nbnJlbGF0ZWQtcm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDLNUbTiI/Hv\ns5Q+uqunvVDmOPfGmUkkZ9JnVXdBIqtAXS/KBn5bC5bF5ZcVmq9G//ccBI0tsO+p\ngvKpvzFr4SijVzBVMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1Ud\nEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBRXsDWfcXQdKLz8qGWgPqynEp3g\nUzAKBggqhkjOPQQDAgNIADBFAiBNwTjFxfSNwfz6dM8hq/vPizwLq7LB04oNC7Jr\nblr05AIhANPI9A897lmi3qaMbYo8/V72MCEwFNTJ1bDaMym6tb25\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUKZV481DZFlXcP0qFcHdRXoIArDMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASVeCKXVmXaeQu0U//kWJklXwoc97adTtdeVbd8\nxRsDEkMBqN9bku3jPpDWwaVNKFbd1cPS1MjTpJ1hAWIPlj3Oo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUJ7YxiV1R+SsJulwLzCZt/RvJpYYwCgYIKoZIzj0EAwIDSQAwRgIh\nAJQO6lA5qxr/iZ+5qaArX9YJc9vJDZGzL3kXFPaiS6VAAiEA117ikQUTSeHs2Jox\n4eynw76dvIBHV3YqXtyuxic2JYI=\n-----END CERTIFICATE-----\n", - "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUX7TC3VFAFEagwtl7JAYHPf/eFuUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDAyMzc0MDE5Njg5MDg3NTA4Nzc0NTU5\nNTU1NzUzNjExOTc3ODkzMjIzMjYwOTI4NTExKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBC+FNsaS/wvaG7gdByxDHTrfdFac7vxSNZpOGJy4qGh6zjlxdzle+uWAww28qHI2\nhJ6Gbk47/ie6wVB6EaBnNwOjezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFCe2MYld\nUfkrCbpcC8wmbf0byaWGMB0GA1UdDgQWBBQzWcZsDgWVvUJCKe841sruVVRcazAK\nBggqhkjOPQQDAgNIADBFAiBW8XEVU3fnnaylP3CsAY/taDngNslPOtxMUENyNEvP\nwgIhAPcGUfe4wYzbbo3TrhxEZoV+D8Qsk6nbgKQF0SXEGUlJ\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUePLdeDxWdhdvFS80mGJ360lHcGIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAReYmqcwDR2jbpHPDIQJdBh9ZusAnfjTr9DqKvL\nl7xq8+d8qL60kWNb6CU3PeQJC53vJGyXdgxRfsRFjAgXk38xo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUbJLEVvbBDYfR3CmXAEFJJWEHb2EwCgYIKoZIzj0EAwIDRwAwRAIg\nPWjmL/4gzfkiyvC/V6S75rYFh7WfFtchtjZ1A74NLYoCIEeuS4kkqcPWhGlIAfMa\nE7RL2IaOQ97Z4H+kGHwG6llS\n-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUd6baPM2XPqb0BN01P7AmFPLnEaowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBnMTkwNwYDVQQLDDA2OTA0OTQ5NjU1NjYxODI3MTU2OTMy\nNDE3OTEzNzM3NzA0MjQ0NDgyMzI5NDM3MTQxKjAoBgNVBAMMIXg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBKkrxnDHXxOcGdqXA6Ge5al2F2J8MWKRWkg1q5egcYtxmbwM4i1o9FzPs6s/QZO5\nmVVQfbvpb5Tk/kIT99lISd+jezB5MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFGySxFb2\nwQ2H0dwplwBBSSVhB29hMB0GA1UdDgQWBBRn9O1Mdu9K/yw4yZbrulSERIsM9TAK\nBggqhkjOPQQDAgNJADBGAiEAjuRNyrdhDeMgInQvGljhY+3DnVpxas/TDcVTF9E2\ng3ACIQDZBeel631IvX+xrn2Z2VUDQ7h7jyXsW6JZwGO+hDm2dw==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUc4vzhZZDI+vQqIg4fQj+AKhO9cAwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMjM3NDAxOTY4OTA4NzUwODc3NDU1OTU1NTc1MzYxMTk3Nzg5\nMzIyMzI2MDkyODUxMSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEt/Wf\nDHNtmrKHr907dNxj8eA4dz/nV9GlortEPYzLw25NwJkwiM8G9N0RkPhj0zprkelz\nBHpyyNSmlSAIcvA6/aN8MHowHQYDVR0OBBYEFOvNDyTwU7s/PzLutB0Lzj7Witq8\nMB8GA1UdIwQYMBaAFDNZxmwOBZW9QkIp7zjWyu5VVFxrMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiBXeQ1aCYZqgbJnPLdhiYhM/o8uP7/3DEe3rFVBVMioXQIh\nAK5G81wfwp84pKgG0T1evkEK64O6l2bY/YTmsgfW3hEB\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUQD3O95X7t0ZFR81SFAHGC+JYQ5AwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNjkwNDk0OTY1NTY2MTgyNzE1NjkzMjQxNzkxMzczNzcwNDI0\nNDQ4MjMyOTQzNzE0MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3K81\nE/e6vA5ThC5uzyWsarBPsmBN6ZU2zdVJE5U4RUbyQHoYjc2yn0FO/CEBvhw0i7gl\nKuSA1UAXufSuoJeXwaN8MHowHQYDVR0OBBYEFBOasv4w58BJU1esuYbKHjPpEKzH\nMB8GA1UdIwQYMBaAFGf07Ux270r/LDjJluu6VIREiwz1MAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiBfQ8U4q1r5cR8E1p8bzUV8hMRHXF3kkbFq6+VsXNAI1gIh\nAOdBtZvRbi9zNtoGsZjxhoyFsrMrf6eZ5iUTvqdYaxyM\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1859,12 +1859,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> EE\n```\n\nThe intermediate CA does not have the cA bit set in BasicConstraints, thus\nno valid chain to the leaf exists per RFC 5280 4.2.1.9:\n\n> If the basic constraints extension is not present in a version 3\n> certificate, or the extension is present but the cA boolean\n> is not asserted, then the certified public key MUST NOT be used to\n> verify certificate signatures.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUTN7kSI6K2Ffv6XylcfAWu0s9hEswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT7/AzoyCtRh8JeicM0Jq1a/fTWu14OjSv040uO\nIDX/bTVCFN++P/CRfyocQBdEhcCr2yBrKWkSdfBjFZodETPuo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUWHD+GitPbfhARkhE0HrJA6aXKgUwCgYIKoZIzj0EAwIDSAAwRQIh\nAI5Ek8gK5mEksGGIr7r7QhJDhqX1lVLOIne3NRnJMTTvAiB28cAoXxoJiq1rZaP5\nz64nGZ6KBvNbwhTpCtrSfyTu8Q==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUG+ihyq0Dltft39iEfGcAMQOHw6wwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQDBS/70ZwHRYAQqjewUKywUFtNClRPJZO31loR\n/iwyIhOF+jWh5gFhwuys7THT9qN3lAjNcUr3rJRODNoc0JVao1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU2PzmbJrQWb+iBypuDjp+NQMwAs0wCgYIKoZIzj0EAwIDSQAwRgIh\nAJg/b3WgY5Ve6HI0Cer51dTAWgpth7dcCLlONTMBXXoDAiEAnVp6Swps/vC0GJuY\ny1FZe7aEAW4Aph31Drn/umQB2e0=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIUCmidt7qlA2bsSSZpw5eb6yuAFNwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0Mzg4NTM5NTAzMDc2Nzk3NjIxNTg0\nNTQyMzcxMzY3NTc5Mzk2ODIxODgwMzUxNDcxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABNnEAfVjlC4Fc2EqCAhkgefdBpb3kTMToq2PcwQV+R/pDYWwiMYgkdiKM79k\nlAp1LIFvqdDW9qH2RT02pRKyunyjdTBzMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQD\nAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFFhw/horT234\nQEZIRNB6yQOmlyoFMB0GA1UdDgQWBBTw+7w0TxOXhQxHA/pb17VV2lyrVjAKBggq\nhkjOPQQDAgNIADBFAiAP7nsWHedek6MoQxGlru5RXI0TE65wEtLvOTHqESeWlgIh\nALUNSq+PzqkdJtQ+cesuCxTEsR+YutqAQKpWNdhprDbs\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIUWyrb1Lmp2lH3mGSVdFkNWm+ZqmcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAxNTkzMzA2MTc3NDMzNTA5ODI3ODI4\nOTA5OTY0NjI0NTgzODYxNTIyMTIxMjA0OTIxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABOgoxaB+Tuf95dpzHDtSLxc+QiJrznojd5a7vN8yPfiukcCo6QHKzV5709bT\nqzJKlkQ6bpMHN274ifgGXAEJL3mjdTBzMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQD\nAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB8GA1UdIwQYMBaAFNj85mya0Fm/\nogcqbg46fjUDMALNMB0GA1UdDgQWBBQCbKZySS5uLEjnXjc6fWwpuHDR5jAKBggq\nhkjOPQQDAgNHADBEAiAr4pEstYF0WGcDtbs1hdriHkSbpTSb/0903J+c4CK6EAIg\nXlRJ8VsxrdwSTDe8vRuIsAOBHmZByWULVpB8iBhSYZM=\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUMuXHIHxRVEztnRKaFanubhLges0wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDM4ODUzOTUwMzA3Njc5NzYyMTU4NDU0MjM3MTM2NzU3OTM5\nNjgyMTg4MDM1MTQ3MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nTEdlE+fl2xB25WhYnUDndgzn9ssA3zhqen1b/XcanKGZS0Wr1RJeQwXV2nx19c2Q\n9P4hJJROp74H0WGMnB7H2qN8MHowHQYDVR0OBBYEFInbnurN4nWnA1uHhQXQk8y8\n5vHfMB8GA1UdIwQYMBaAFPD7vDRPE5eFDEcD+lvXtVXaXKtWMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiA267rXk4fL0siwkWLShqJOLVQ0n1hZsfwEUqOQlNk2\nvgIhAMNzvSMdQqSBcrHdj71TZnQpeJX4/Bb5D+pGyoles2vt\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUYXulOc1AU11fkv1iCIQteSt+2N8wCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTU5MzMwNjE3NzQzMzUwOTgyNzgyODkwOTk2NDYyNDU4Mzg2\nMTUyMjEyMTIwNDkyMS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n4yu7ixc8i9OitTBfYXntxHOdHya9OW/s2d3l6GDtHl/0mwc/0tYLkkQhjrOMSYbT\nKfWpzB/MsZynkzgoCiHnNKN8MHowHQYDVR0OBBYEFDMh/Lx+Q/G7gwm6HOFqoeCn\nRZWgMB8GA1UdIwQYMBaAFAJspnJJLm4sSOdeNzp9bCm4cNHmMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiAnPR1AzrjGjb6vy3AkOpdOz+ht/szXqobMM44c6+T+\nwgIhAPO8Ebr3Ls+ILiVd/jNvFnzH6xfR/ec49S8pxll9mPaD\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1884,10 +1884,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA -> EE\n```\n\nThe intermediate CA is missing the BasicConstraints extension, which is disallowed\nunder RFC 5280 4.2.1.9:\n\n> Conforming CAs MUST include this extension in all CA certificates\n> that contain public keys used to validate digital signatures on\n> certificates and MUST mark the extension as critical in such\n> certificates.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUP36pr5mNSkasRerHi/Dgozcc12gwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQLPxLQ4HtXbF5rECO5UJixTZKQk/FXuFTAp0XO\nzNqs6Rul1ncpEjjO9u1B0gQzJy+sURwtA68PT1nnlGZUQNboo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUmbqby+CcgGMqqky7H8ThEoV2H2cwCgYIKoZIzj0EAwIDSAAwRQIg\nQHQOsrCfG6GllCidTlsJNKQHmeUBjDHwTOH2HaAtcwACIQDesubi23D7XRxkDX2a\nwRDnz/YEWqOvQ8QAv+A/53eyDQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUeu0ECkK+sBdlmOzTjSZJDB/9f9kwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASANTEKImz5ndDvrySbw/wdCpg65wt09oDgCIbp\nAvnjfr14S9iMi+RuCNLF4bsteD1PizFI5jLsno+bCXZJy4u6o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUgkJfo525mTNMTiTfOYzKLQ5l4VowCgYIKoZIzj0EAwIDSAAwRQIg\nWulCcOzV5s813dt8vTiV7udPEEK2Ah4PaQ2TtMjlrPcCIQCp039udDWXtTMQ4hCd\n4CZpa6PYDis2lp/N/yWjnbEm9A==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUGsE4rJ0IohVeLAyiGIcn8ZKCpiMwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMzYyNDkxMDk0MTg2NzU4OTMwODk4MTc5NDgyMDkwNzg2NjEw\nMzAzNzE2ODc0MDg4MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\niSUetEQ6vMg4hF6rRtEmNeNFpgGSPWVbYejCMJS4+t8tg/vDbb6luBjqfGDWhk7B\nvXcZX3ON69O7kc54eBQSrqN8MHowHQYDVR0OBBYEFDyn4R8JFDH9l5TFsjTD3XD5\n7xn/MB8GA1UdIwQYMBaAFLtfbgXFe4QwN4dFpnzcYlHwapfsMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiAP+pHb4jjshy8Un9Ai7ESZTEiDrHnUK/4huKp74L+L\nlQIhAKdFftmZInECWfMlceLp0eCtKqbHe8Z9X5peRV3vJtBX\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUKqFC1rpzsd9Q1h0JbIdRqJNsQnMwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNzAxNzgyNTAyNTkzMjQ2NzMxNTc0MDY1NjQ1OTMxOTIyOTQx\nODE4NDUyMTQ4MTg1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nedv5DgLIvvVZgLro1GBq2Sbf+daVt5VZMxql449Bj1LcZbTnyz+QTKVRp6HP89QL\nLYZOUF/vHQ/0hep22yM+1qN8MHowHQYDVR0OBBYEFAaeqWbbIJEtkD/mKlb/xuvD\nlc2SMB8GA1UdIwQYMBaAFNE3Y5k9YCn9+OuLLHGK6857pI08MAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiAfrnX5OBZAFza/MjxwnLDWRxvwhtC34HYHYFLgyjdQ\nqwIhALSbLJ76mDfnwU1P+eIBitPmHBVwpasg5xBhdL6norC1\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1907,10 +1907,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root CA is missing the BasicConstraints extension, which is disallowed\nunder RFC 5280 4.2.1.9:\n\n> Conforming CAs MUST include this extension in all CA certificates\n> that contain public keys used to validate digital signatures on\n> certificates and MUST mark the extension as critical in such\n> certificates.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBfzCCASSgAwIBAgIUI4X2MAHSEi9VPzlIlLoV/yiwQ20wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATs7gBE1tYII5mq0gVKe/z3491IiOwRHebq/7RB\nMovBF10j0WiGrKvntVehs7zc5sWozmtOoE/vsiw+HlMFgs3qo0YwRDALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFJw/1i/Q5vRN\neopuZMPRmWHHPKCfMAoGCCqGSM49BAMCA0kAMEYCIQC3ZeKd4HYUdzfwnPOJrSeX\nxc2kUgGdNYEOfoc9y4TTawIhANfolCsNohgWyrgCnEgkvYJAxp58k2lr0N0elJGO\n6ptV\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBfjCCASSgAwIBAgIUU2rvdMnRTGqe5IF/NJykROr3pAowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQv1VebsPRGQq6gl3oFjiipHkof9/BsIO0E5mZD\n7owzlt3GJOdGY0j2VrecvZP2/QcFG670PegXnf1rhYYCWSNdo0YwRDALBgNVHQ8E\nBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHQYDVR0OBBYEFClPRsxPB+s2\nv9MPLtGnE5fvvRgvMAoGCCqGSM49BAMCA0gAMEUCIBgPmOoJ6ZFNU7O+V/VGoGuW\nCbDODnokVCfOxAJlQJRPAiEAzqQcASx5UzArgKagkXXGmEqzpdxRgNTCrE4+NdRF\nJLU=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUdGLKryJ71bomly9B4wag4evAI4UwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMBAzXu7SbG6JqMYz8AwedTuwQuJt8wvxa7YiUhIfOZf\nJpaCVfbhl0eY2d2QvM+ut9XGkOnvwqETTLN6di+2drijfDB6MB0GA1UdDgQWBBRF\n92iRr1nT8ZuLDNaI4GXpbP/8vjAfBgNVHSMEGDAWgBScP9Yv0Ob0TXqKbmTD0Zlh\nxzygnzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhANCZ62J+dHLCQbK0mVxp\nxUaplNCtoz3YTAXmYtqTbzXkAiEA0LT7dhfQzi5tI0u4XvTZOKzgjekcPDq+IViN\n119IO70=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUd5vYv7H173Z9RH/TjZjdJNmSVz4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABKc0c/SLYqWgJMWYLLh4V10kO1ljfOBqlViSjvyFE/Px\n09MwbDHgkl7fYwXncUZkkVXIQvTfBo0mb6dspOuOtCGjfDB6MB0GA1UdDgQWBBRo\nin3EUk6CSIQkOMuboqv+ZVrM9zAfBgNVHSMEGDAWgBQpT0bMTwfrNr/TDy7RpxOX\n770YLzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgZVE9geIlqR3w52juTmjX\nS0DaOkRd4dxkSvMwDHueKXQCIGABp6m54g/N1GRvIW/je0DI9YoLoZnlFRxrmfLG\nJF/x\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1930,10 +1930,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root CA has a non-critical BasicConstraints extension, which is disallowed\nunder RFC 5280 4.2.1.9:\n\n> Conforming CAs MUST include this extension in all CA certificates\n> that contain public keys used to validate digital signatures on\n> certificates and MUST mark the extension as critical in such\n> certificates.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBizCCATKgAwIBAgIUI2w6ucDLmnV0E6MLom5gDs+Lu/4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ3rmHwZdiNITRzunWDTDPrImW27R3/tQ6h2BCm\n0f1ZrhgBpUyd1wReIq5H6p+ZU9Mi4ivtldDLBTFIjghPx1CDo1QwUjAMBgNVHRME\nBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAdBgNV\nHQ4EFgQUEkYS1wmFXmuzyUza2oZrXtDAe3MwCgYIKoZIzj0EAwIDRwAwRAIgTv9E\nRZujuOTWK944rlfu1vTcBeuoZBkZ60KvWW8BUQECIBmkHUb9mX3KsTEdL4OS8+Hq\no9tCBwok59W6c3DtAjyw\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBizCCATKgAwIBAgIUGG70Qflj0B43S3kgu8X0O4XnP+YwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASoluNu4i6EL/Vuc+TCzYb9tssukXrkDBvkgWKq\n2fv4ufvj+rYvC8rOkaNoeBcaZcJtp8B1CQJmJCBVkydo+aZLo1QwUjAMBgNVHRME\nBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAdBgNV\nHQ4EFgQUu8yarW7hzpb7mn1MJ9Hvpf8mpr8wCgYIKoZIzj0EAwIDRwAwRAIgNF7h\nym1kSEwC42Um12eH0zwVoBVGfGv7eEDkd+Qgp+ACIAnevW/7vumCIms4MCg8Kpdw\nEILdhIgTs01gOOLLNYPs\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUU3YRh7VTOVF3z+d0VoswisXpvUswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHJ+rSKYsshrpxUiHPcmimTposGhoSHL6tTKyle+sF3q\n3NGnkKCnOnkM1EednxaVf1fmlXcY7h2LfiW1BLIHdK2jfDB6MB0GA1UdDgQWBBSz\nOdzZRNSo1wu7GED2EF1kJmgjkTAfBgNVHSMEGDAWgBQSRhLXCYVea7PJTNrahmte\n0MB7czALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAJOqhkhHTmiwddSkkgYO\n/aYWPgQaKmIcqLVOFIdeyHnYAiA7sHhu1AddIjXG9E8e3ThyPCl1/4QbTvDlhiOE\nhiPwnQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUOmd1g4xYuzoD4i3yNXBmWtSLvKEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABAMMGX5vE+8d+7e2RvN6KMBPe9j8JGUo18OvLTkt3b0W\nqo9kw2rbIio39I2EogL63DW1g6CAe8gPedvucYU+OlmjfDB6MB0GA1UdDgQWBBTZ\nhTynYzxNScUUO4xejgO5R3yMCjAfBgNVHSMEGDAWgBS7zJqtbuHOlvuafUwn0e+l\n/yamvzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAOChMjXKNaNjnqqfhM2k\nr/oFhvud2h/9g0v+AyXQICJOAiEArH/bgtWZ/BXyXmICU78F75WpockeMmFGZf5Q\nMefED1U=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1953,10 +1953,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root CA has `BasicConstraints.cA=TRUE` and `KeyUsage.keyCertSign=FALSE`.\nAccording to RFC 5280, these two fields are related in the\nfollowing ways:\n\n> If the keyCertSign bit is asserted, then the cA bit in the basic\n> constraints extension MUST also be asserted. (Section 4.2.1.3)\n\nand\n\n> If the cA boolean is not asserted, then the keyCertSign bit in the\n> key usage extension MUST NOT be asserted. (Section 4.2.1.9)\n\nAlthough the profile does not directly state that keyCertSign must be asserted\nwhen cA is asserted, this configuration is inconsistent and clients should\nreject it.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATSgAwIBAgIUQKDzntSbku6h7sovG8J1qBVT7PIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASS85AnOyzxh1uxeFujgGpQzLjpw0htqvPh7AbV\n63F4SgoWdvbU0tQLCLWkkfeCEPfjXN9jBRwjZxDv0Ft6hCPJo1YwVDAPBgNVHRMB\nAf8EBTADAQH/MAoGA1UdDwQDAwEAMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0G\nA1UdDgQWBBS05++olfLoMGDtEiyX8l94ZVV57zAKBggqhkjOPQQDAgNIADBFAiBx\n9kgD2eAk4Lz4hI+GJv8gVrPFEaQtBnwoxJlzhckDPwIhAPvT2oZ2CJhQidvA5ri/\n4tf9MKgFi8+i7ulLfFiAy7BG\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATSgAwIBAgIUc7arT0gVZg+NKwTpOL0lfE+4udkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARSjXR4wxd7cwRZZVa0e3Rq1kFjocJkVyRCyt/R\nYNboYiaVjfCr2zGvg5a5RAPA1l237lu5YhQ5P4lye/H8p/hto1YwVDAPBgNVHRMB\nAf8EBTADAQH/MAoGA1UdDwQDAwEAMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0G\nA1UdDgQWBBS4itxKSeDJ+BX+jIoePfNzyPzrsDAKBggqhkjOPQQDAgNJADBGAiEA\n7/n92pJLf8mCgiOVXxJLJeGuGd5gCMyv0N0XJ4WTFB0CIQDxoSVscd//hYWycBm4\npT6joh8N7E6kqwVtmH+cChkvRA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUF0n8AJv9vBELcgtGcxY/CjrKmaYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABB6FU27yIemJDlZqMJ5r5YZBJ5W2KiJw4gJ1Le61kjED\nNLljXMCzBT9kHNc1mJ/h8jdgksRryn1z+tlZw+6Ehr6jfDB6MB0GA1UdDgQWBBRP\nCZkeJ/Y5ymXDGWYHwVh865ihdzAfBgNVHSMEGDAWgBS05++olfLoMGDtEiyX8l94\nZVV57zALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAMaLA+azRj+SdbJmcUmR\nOkR6M/aKcyngxkfmlZXh5YnCAiATexr9NmBsyfFt6pye1IkDlAqwBdZsYQ9+zJjA\n++uShQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUIolx7bFgWmTNr4r8E/WjSGIkAzowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJoZ3c3OSM4KtDMQZRhdhqZnuGK2flGD3mL4KTMyCs0x\nJnsarNNABdKzY7Ud5lzXO/op78c1uZqpA6nUG3jD23mjfDB6MB0GA1UdDgQWBBTo\np5j5+FhleknzJl0f9SCEAI2HPzAfBgNVHSMEGDAWgBS4itxKSeDJ+BX+jIoePfNz\nyPzrsDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgZJY1gqZfDIZXcIuz9bpf\nqRrhtfzhV0qcrCd100MRvewCIFOXrs/mCkma5fGqRQKPtZz+F30XZJHnhId0LZJf\nvW+q\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1976,10 +1976,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> ICA -> EE\n```\n\nThe intermediate CA includes BasicConstraints with pathLenConstraint=0 and\nKeyUsage.keyCertSign=FALSE, which is disallowed under RFC 5280 4.2.1.9:\n\n> CAs MUST NOT include the pathLenConstraint field unless the cA\n> boolean is asserted and the key usage extension asserts the\n> keyCertSign bit.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUKqAXSZvxFxLhxD8iAm2FglfocwwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARL2wTppjfDCx63GCAQgt7Ck9P9htrzwGEfeNm5\nt12GFAYx/4Mz8B5XXbLCW1q/P6CE9yBnGBhMAtroDQdYldefo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU8cSCJtNa6utijFmiQAQaWiNriaAwCgYIKoZIzj0EAwIDRwAwRAIg\nEYocHrKn8zwluqvELEGXQFpxCHekOjcWVdvdyrNIb2ECID+AnpvASRoTrrFMzzD+\nuyjkaYFWsD5brVb64iqgUuoh\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUUrCHl+yTT2v5PDFvOW/bSl3b3PUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ4IXYAPmCPrfN8eSLx5H29aOhHOM3avW+dL7k/\nbJ2mAUliqxXwq4nG0XW4jfb3QnoHrCBEZh6pE3A+6gCHYlpgo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUyrnz3u1vHKtKCiQb5U2hOY+935cwCgYIKoZIzj0EAwIDSAAwRQIg\nLJq6t6RZwvesU4KbJn28DgIcaN6NNFUTW942tHFCsfMCIQDLkDNSAbUeRSXAuT/3\nj2rl7Cw5ddWTvNEsCKYp0cVftw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/DCCAaOgAwIBAgIULY1KdBX67yakoV0rGrJUmflBVyYwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwMjQzMzQ3NzYwMjM2ODM3NTI2MzE1NTg2NTAwNzc3ODE3MzYy\nNzgzNDI4NzAyOTg4MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP63V\nPBUuVHdjgNROhh7P8ZFuBE892IpRm3SMG7w6rk857n2kIf9t91PI+K1fGSAL0RGb\nL1Le12mF7r2XrGNcG6N8MHowHQYDVR0OBBYEFH9pUWqtcO2N7CqgB3/7t4W7ICUL\nMB8GA1UdIwQYMBaAFF0wl6Wl+hPA9ByprMcfhk6MCYSSMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNHADBEAiAe57xT+UbJDB19dZs+hru4UCQ9dG8vqzAqxuHPXkatpwIg\nSxAMmZcot8ppUSgxCIUGHZWjw3JM1lRoCfmRb8KxkFU=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/TCCAaOgAwIBAgIURstkjPujsrCnGpJGth/pRFetHbAwCgYIKoZIzj0EAwIw\nZzE5MDcGA1UECwwwNDcyMDczOTg2MjE4MTk3MTA4ODYzMzg0NzQxMjA4NzM1OTY0\nMzQ1OTQ2MzMyNDA1MSowKAYDVQQDDCF4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLTAwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYxFDAS\nBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5Lnw\nI1TNJO9hfKHAn+k9ugLbDnUhetAJgNn1fcdxEQ0FKXzJDhzeT/IOcear6+VeD7xJ\naiatnkhNTzj51+iDN6N8MHowHQYDVR0OBBYEFIpJKNDsjS8TFQ+Pt7suzVWBiIQP\nMB8GA1UdIwQYMBaAFIMnvQDMkqReycPYoDinoYCdLpcDMAsGA1UdDwQEAwIHgDAT\nBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggq\nhkjOPQQDAgNIADBFAiEAwhIcJpAJlNwhC6BJcJT7s7oii4EJUCfpk51eVrUiqpEC\nIESXt3evqriisa19s5UYFo/31IwL9tp6sheVARHAesJ7\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -1999,10 +1999,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe leaf has a BasicConstraints extension with cA=FALSE and a KeyUsage\nextension with keyCertSign=TRUE. This is disallowed under\nRFC 5280 4.2.1.9:\n\n> The cA boolean indicates whether the certified public key may be used\n> to verify certificate signatures. If the cA boolean is not asserted,\n> then the keyCertSign bit in the key usage extension MUST NOT be\n> asserted.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUDSysyjyu3y7mvPrf3RuTaKvxWEkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQcwJk80VNv5LlOzkk7VnGdxyUL+GyAEDfEj75k\nEMH8uz49wC8Ae1a4dZ58HObkGmFtJhn4FL8Lr0688eLcE70Eo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUwTUmp+i2GsUKV15+z474ARwvNN0wCgYIKoZIzj0EAwIDSAAwRQIh\nAPYSjl3+UV5nyABdrXro7NBl657/BausaTmiS+/GWVQmAiBNBeEbFfLjvqNxhZnX\nr/rCqbO+p70z2ZtnNtduS7DvmA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUTguTOPGZehS1fq0UlLU3tTrjYuIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQLRApSgTPvZ2E7y+DHPmLxJhyU5BYW/k5BCmKx\n9++KLpRf8Jx/C0OK9bhr+LLgiCl3PfohKlFgbAnU3ygMo2t+o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUTXlxJFkWD63MbCJ1A9HuarN0qqUwCgYIKoZIzj0EAwIDSQAwRgIh\nAN+Ng7af3GQH5Xt7OMbBeo7YJZ5P3edlISN1GjcMy977AiEAiRWyMAbYFekeqbYx\n7h4837QYqaSIlgbgsorCxp4pZmE=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwDCCAWagAwIBAgIUNJk2FozORdl9F6MadQtzse6EBn0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABFpegQT6P1tbbuO+0ko1Hcgo4GQYAr+r4EUDjMsLkMmE\n4gWItfpidEyBdr1e5VmFqAwIApyHUV+53OwolwdFaEijgYswgYgwHQYDVR0OBBYE\nFFUP1AYEU5SVDvpvkn9dJxz4sm5rMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU\nwTUmp+i2GsUKV15+z474ARwvNN0wCwYDVR0PBAQDAgKEMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUC\nIBvRftGwwaCzqt6Ssru7yFpfkzOoGYjWs/tSCvvcsyClAiEA6odB9xOl5LT5IXIf\neJaVo0HUBFIyEqOYqEgFdokC0Qg=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwTCCAWagAwIBAgIUTcK/Bc8ZmTwrrhAbb19DMUf4jd0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABKCqVS1IHiRhZIX5Zde7HgA3MnZYGxuJCC60jOx1GL/q\neYlfauPJbnfOLp038arzy/06FETe6Tb9nmEbMxmtnIijgYswgYgwHQYDVR0OBBYE\nFD6VgFaKRehTnzdVf7a2aH/8xyesMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU\nTXlxJFkWD63MbCJ1A9HuarN0qqUwCwYDVR0PBAQDAgKEMBMGA1UdJQQMMAoGCCsG\nAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYC\nIQCHL3YoZ20TN4b4rWmXPIya0APF1f6703BRA7q33q1a3QIhAKswED5SSWa4c+1w\nOXOu2PEOfFWEEmBgodWZwvND2jZC\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2022,10 +2022,10 @@ "description": "Produces a **valid** chain with an EE cert.\n\nThis EE cert contains an Authority Information Access extension with a CA Issuer Access\nDescription.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUeaXGWCMUM4m//s3ffBk8QN0uPLowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQI21d4LFaOm7H30RMbZN2gu0r0ziZ3hXkTDV0c\n1wiZKGOfgocZ05jtR3CLuqmskN7IuaDLaFkml30XVr1HiX/0o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUPHwD8k4X0Yq9ANEZ8Us9RfGDC90wCgYIKoZIzj0EAwIDSQAwRgIh\nAJ84E3c3e8MhAOjsoiBJaMd6wFGrZHZ3mIEOoYNX9WWrAiEA6lh7F9lfSkSptddx\nQW40Ooc3TP6kcR3DVkImEhqnpoU=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUEtKHi9pDfEDlijN9hMznguAujx4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS9rWmnI6xUwjiLmQdb2/KtpRxI2FihvWqWQcdx\ny+Dl6de+CuA5Hd2OiftVC3ydWzyN5q5A4ao5Q2bE9qdbK/bKo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUlCq4nfYLo3WC/bDORpslB6gN6OQwCgYIKoZIzj0EAwIDRwAwRAIg\nXGpyvsS0LJr1SkrM2I/FQlRNr+eG6AYRJufnqxPywzcCIAc+6iqxFTUHyV+mRfIn\nXg0IpW4RlIKfxrPQ+x8sng3x\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB2jCCAYGgAwIBAgIUeIhOIee8xvGQOCJvIZp71INmY4kwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABPhlKa8rgYuLG+43bljyJCMvxYl9OMMCySCcq3Eda4+7\nEDxd5Kuxs9MEKNC1/BtwpG7cAed6AAMy/SXIJFtkjFqjgaYwgaMwHQYDVR0OBBYE\nFBxqIgviIkSNElLDS8FD3/JjDddhMB8GA1UdIwQYMBaAFDx8A/JOF9GKvQDRGfFL\nPUXxgwvdMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAnBggrBgEFBQcBAQQbMBkwFwYIKwYBBQUHMAKCC2V4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0cAMEQCIF9n0xniCp5YNbcPZq1xlw8eG4I5\nAfyRQ6M1cnvN+pR3AiAvymE9ZcyCb31gsH+LzfMdRGeqQaF6M58VVIarJ+dTQg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB2zCCAYGgAwIBAgIUcpF589g4BQC0grkMchvlwoNr7IwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJQACxt6btRedDb4yp1977WPQJPb8pl4lkWzKON58dfQ\naTjheXyydhpF6xkUnHjFK8Lx7ZY1aYs5HScNLwc5yfejgaYwgaMwHQYDVR0OBBYE\nFCRj6Tz8eMbwwHeBqPULpbVWNAscMB8GA1UdIwQYMBaAFJQquJ32C6N1gv2wzkab\nJQeoDejkMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAnBggrBgEFBQcBAQQbMBkwFwYIKwYBBQUHMAKCC2V4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIQCaQoyVzxjzt1jqxhZVJcuzVufm\nGoWVnYt+//Exr2QRWwIgSGsN2FpVu3gl1dFQAhACKmyrerohq4KVTUwH+3TPQF8=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2045,10 +2045,10 @@ "description": "Produces a **invalid** chain with an EE cert.\n\nThis EE cert contains an Authority Information Access extension with a CA Issuer Access\nDescription. The AIA extension is marked as critical, which is disallowed\nunder RFC 5280:\n\n> Conforming CAs MUST mark this extension as non-critical.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUSFrbTXza0psRNQT/Zkq5P0xUpLAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATyVaNLW88YndAhAeBpGK7MDtdDYPzXaT/oIQbu\n6uMLurgBUQmsnFm5fojI2j0EUDqe8f0T3mUbOjyKjy3XzZZNo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQULdh4iyksdvdmyhoWIYJmJkHAnOYwCgYIKoZIzj0EAwIDRwAwRAIg\nJyK2e3VAtmtH+1f0G6mKswKLtNvkkyupvbuPCUE1LsgCIGnTM/QDKbMlcslspPSm\noseR0UCFdSOPgzSDb/tVsOaB\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjTCCATWgAwIBAgIUTG026O+4nQclkMzYt6uKDuB3hv0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARnXpPlv3aK6Plqtk2uKugLbbPHixv0FV36jhFZ\nK75CtnZFbplbT1zQJY+MEd1rnJu60kNiEnn+sRF5i20dNXtTo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU8+lYjDcgE6rhiC5zj0b0usHUglswCgYIKoZIzj0EAwIDRgAwQwIf\nV6xlS7iqw8OieOzHz9V8KDkvs4O5d1QDn+7BXBkJvAIgVdZGUFwUaUT7Kq28FijV\nu4bUYR99pZEfDNtl/O1mNs0=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB3zCCAYSgAwIBAgIUK0CLBixyUUTLxtaIG0ACpGZjgicwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABCvWUIx5NtMoBW9c6g6eKWvpB7KUmnvoCt6Ab6BfJn8W\nk3vuOWkM42vXQU5lSgagaRXamUrZRZVXb0NQjpcUokyjgakwgaYwHQYDVR0OBBYE\nFJdf0n0v3pAjbkfwPsWPofKxzROEMB8GA1UdIwQYMBaAFC3YeIspLHb3ZsoaFiGC\nZiZBwJzmMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAqBggrBgEFBQcBAQEB/wQbMBkwFwYIKwYBBQUHMAKC\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQCGykd7bGY1XrQLTNDUX8/k\n3DzxmCIiHsp213KPQ7O3swIhAOB6QDB0i5PCmKZ7UAOb4MaNE8Lx1/7kjaeHhNDV\n7bnW\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB3jCCAYSgAwIBAgIUamHLappAyD5OuHQXDU1sLXaC5s8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNwJHox1oTX1cAkuKIpHqlBN6+St+HAAF4WCAgP0jFVc\nVPtcbLpGWAiS7/+B0Jm43g6Utj2jzHbE2SO+ujdGDVyjgakwgaYwHQYDVR0OBBYE\nFEdGAph1WTsar72RdvX5Umb9x9ccMB8GA1UdIwQYMBaAFPPpWIw3IBOq4Yguc49G\n9LrB1IJbMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAqBggrBgEFBQcBAQEB/wQbMBkwFwYIKwYBBQUHMAKC\nC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCIFjipSl8yMmMfP0ohDWBRaad\nGZ5edVXfj2cVuZ9QfyjSAiEAxQNNtL9vrcWITEcgBQa4Ri+OCdF1I2FR8+JG7CC6\nh8E=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2068,10 +2068,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is invalid solely because of the EE cert's construction:\nit contains multiple X.509v3 extensions with the same OID, which\nis prohibited under RFC 5280 4.2.\n\n> A certificate MUST NOT include more than one instance of a particular\n> extension.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUDsB+bDdTOUzh7rLXEj/J0OKGJq8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARzJYZgyK+heju8bmGl+jeBHmxYFCpwjiGvf9Za\nNcAh62LaguaducMy8QJoRo4ezBQfH9j5NX+tf7PuZPFTY1vbo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUbsOa/EiYYBeXbQ8crlSs332AxJ4wCgYIKoZIzj0EAwIDSQAwRgIh\nAPjFH/LvL96cBfkzPdwfsLC41mEpadcB39KpI+e8GPb9AiEA3EFk8mQs/J5zIO4l\nqamqz1sNWhtKrnmr3V8ncjIeQdY=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUL3WGuS+jyOrQPDfOASJabWnODfYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQgpQ5V5nmWcH//WXktZsMxS/n6PKcq11yhqlm4\nXgJC8V09K3XbsYY84iLRbopUBgAZA6JlxpVayLVQ9ZNiKcogo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUiArLJOXes4z8mxObPhPUSRsp/NcwCgYIKoZIzj0EAwIDSQAwRgIh\nALGWbIXyKFEWE3Ff5q057+MyymlA+52OY2BoIUWKw3w7AiEAmhxoQ8pkkdYcJk3a\nZKuvhti/JkG1AXViw/MEZUfoIiw=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIByTCCAXCgAwIBAgIUHE8IMuvQUVXO6xUwlUZazmnXRkIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOt8YdE6veVqaXtKXemz8ooAubF0AXZMih5JqGcDJ4/x\nlyzh9fgC7m3QCeb3vyZeZ8NHflPfNb3OJac4ZrzShR2jgZUwgZIwHQYDVR0OBBYE\nFEFkNLAzXb0jnn2Jp+1DihWw8ebZMB8GA1UdIwQYMBaAFG7DmvxImGAXl20PHK5U\nrN99gMSeMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjO\nPQQDAgNHADBEAiABYBCIVPPQ+lB48n1k9Pmj8ZWuw5D8tsIqzxn3A6LBrAIgY+IH\nnFX8HsvnnMAfgtc2tT90hmdKVxD0SqQup+U0z6A=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIByjCCAXCgAwIBAgIUC5bbNux4sVy2q0/OFsBEIok6aQEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBjpzuVh+4eYlSC+rAIniLHSRqe9efhJbxPkzljcEjPP\nBq51vppUvJBusFSMGq+lTmuAPLA/cMmbXIwLhLvxCmyjgZUwgZIwHQYDVR0OBBYE\nFAyyE34ux/yj8XTV8kkcVNit0fibMB8GA1UdIwQYMBaAFIgKyyTl3rOM/JsTmz4T\n1EkbKfzXMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjO\nPQQDAgNIADBFAiEA+YHQQp+9W8FrH74ranqaf1jNqV6kS6xGdf9VVzVAjdECIDab\nUe2BrPpdtRY5tkGkpL+VW7oGsrAjyK4B5nZZquV6\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2091,10 +2091,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> EE\n```\n\nThe EE lacks a Key Usage extension, which is not required for\nend-entity certificates under the RFC 5280 profile.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUFL+ilm9vAQS0qJAmHBfXn48FgA0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARrdNMsFChZQuShS1PQo6911vO1fqxaussVyQ3w\nGB+9rnuXJdR7fSpLRZtAfTNPHmRpyK3VpRGoF2v1GY8mYOkKo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUhfzuGRZtnK7oGbCQDlcl7Q3Zi0UwCgYIKoZIzj0EAwIDSAAwRQIh\nAOTFBHO6AIVANvRWsLmsupJFwKFUfoYhqbku7eAi1JmZAiBQPhDaRR42jxNeGCih\nl64n7BUanqNEMKjRt56j7pvlzA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUcSqYS25SmxaNpl/wdJMZVE/hQa4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQyx4ZMt/g+6NxhW7gFDRAo0ZBL2Yw5Xkl+rb/a\nou7d5DxPRzM//y7jg8A4PzdXoprc1XCMTkkZtec7gVb7vjZCo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUmJocpl2WhnvJbFw3nCmbl7PC2CwwCgYIKoZIzj0EAwIDSAAwRQIg\nL1m+xO41zTD4aAMRS3ZqZwhjUtZJbufE3XCU2na0xkgCIQCjZOe/6oznjRMt/Qh7\nTSXiE1l7ENiJGJJ/j0+0xD9GGQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBozCCAUmgAwIBAgIUarT2uLc3t+t4UwlaBBwVeUUZNK8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMSXjpxzC0uctB734C6BFGo3mOZ9GXHD0CSeV5Qvr9Ya\nW1O5lTQntdZSaugISXQetT40KrOMX95WUWBR5sg899OjbzBtMB0GA1UdDgQWBBRK\nPm86uhvIRMKm9Fb0Npl1vL6+GzAfBgNVHSMEGDAWgBSF/O4ZFm2crugZsJAOVyXt\nDdmLRTATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNv\nbTAKBggqhkjOPQQDAgNIADBFAiAVRY0vp3yczBkSGq91LzWCv7TFPHq68xy6iy1X\nKYU6GQIhAJ0hiuYqoKjfF7FvDdq3/4qth+VzmWEjPVqwo65KvVid\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBojCCAUmgAwIBAgIUTtE/ZTAuIwNFrzJzP9NxDmhMHJcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHGO2jvGWGIxOtL/MpLQPjRJPB2a4xUHAP9QnfzSuS6d\nzjLS7FaB4UqRmvIr1OgeVUa1gdiXQ2hQ155JytERXyejbzBtMB0GA1UdDgQWBBSa\nzOlWRIvEh05rVhZYdMhd6H4BSzAfBgNVHSMEGDAWgBSYmhymXZaGe8lsXDecKZuX\ns8LYLDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNv\nbTAKBggqhkjOPQQDAgNHADBEAiAfUTK7pi4lAOfFzImOmg6fyvQChgiiRex/+QtG\nGpoiDgIgRoLoY3F0oZi52T1s+Rhmxxe/ln1L9eIBIqbFGsxFzGY=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2114,10 +2114,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> EE\n```\n\nThe EE lacks a Basic Constraints extension, which is not required for\nend-entity certificates under the RFC 5280 profile.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUKypUj6WEaSUwn2nazxrA91eOigMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARMno6nnsOrRS0C4UVyTI3tik1H/+OFyVfB8n2W\n8KToNhoBTyZcsVsvOTVGTmoJUcPJSADC7P3AuaoXF/+wxzwqo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUDe+u44//KlC6wT0ssvmdCbiR+tkwCgYIKoZIzj0EAwIDRwAwRAIg\ndpHc8jaKkWIY6/fhLLU71zqSur8BFqMhYS7oB2Up0yoCIGi3Pb72Js1Q2vu2Cd/Z\n/FJuI60rgLS17uPPbzZ+9F6O\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUP/5B2WSuEfr1mbruYR08MsAJAoIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARIW1I2dZ64YDcyFtKaxSZy3GrxP8eH+rTU+b2f\nbyI/JkVir4wXPkj34kn0Ac+sV7NBzal5QiD8Cn8PSfku8Kq9o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU74K8SM+iXO9+DbNjL3/gFXG8RVwwCgYIKoZIzj0EAwIDSQAwRgIh\nANJ0eYcIOVw9CEmTNLxkBSc8K2xWBSUOhNtq+ivbpCHfAiEAnoe+tAk4nyaYS6Lw\nL4g1hSIddcpIhRybAnXohohmt94=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUbejQNYK9gfKSPTSWPBD0+/DVMLMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABN/JiVMJQ6rlLhuYT0yO237woV/ANgLbKCNsyrdhy406\n1+OZbLuk6V4rQatVuxnxsWZrciu3pWvX7aFjGu+5Vb6jfDB6MB0GA1UdDgQWBBSw\nqEvqCTj7AFefhkAO3EPzbe0DZTAfBgNVHSMEGDAWgBQN767jj/8qULrBPSyy+Z0J\nuJH62TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgPvSQG24E6b8tRKoWuW39\nvoXTwxYESZRrkwcQUZtcQGQCIQCmrXaRxu45ADElBXe93vIFX7X7lZvn8Z9eD34r\nOry93Q==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUeCJuejoIo0bCd9MkKg/TUEP/omUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABL+T3mBv4MkA64r1y6l/yoR0G23Vp3FZXbdJQz77tNVj\nd72TaW91h+oC1HKE+DEdl39F4LvK+gA4tfmaHIyRZYqjfDB6MB0GA1UdDgQWBBSY\nvw2eskMJ/emYSNpl8B6wcWqD3zAfBgNVHSMEGDAWgBTvgrxIz6Jc734Ns2Mvf+AV\ncbxFXDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgHiR+dWKFaEMr+mQQ+ire\nU/Z8UxzWa4FwNR/RoMZeAUACIQD25laAHs/+lHFQnCIw+zjtP65J1V3AlSKEeJeE\n9iV23w==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2162,10 +2162,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert incudes the authorityKeyIdentifier extension but without\nthe keyIdentifier field, which is required under CABF:\n\n> 7.1.2.1.3 Root CA Authority Key Identifier\n> Field Description\n> ...\n> keyIdentifier MUST be present. MUST be identical to the subjectKeyIdentifier field.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBmjCCAUCgAwIBAgIUcnRIZZTBvWbBSDOYqFp7lcBUeTcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQXobCtvJ86j1GT3wVqdOAXvMaMNjlJjj9xJpIQ\niKy3/CvgWAANFefV2C6H8kGncvszT7PAq2pnUMKPwfBQxm8qo2IwYDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAJ\nBgNVHSMEAjAAMB0GA1UdDgQWBBReFz/2/nNtoS+1L9ccrBw0Q1bwFzAKBggqhkjO\nPQQDAgNIADBFAiEAi+PW51mP/qS6t44wqiDS60KD7dXRvY+5P7M76Ss1tLwCIA4A\nTVsPks1ChI1BlxvDSu1ZDD1X87ywQq6VzYmyJjwA\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBmjCCAUCgAwIBAgIUG5DAJ0g40m26ye1CZ2OHjOsdsSswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASAUP4rBqnAaZWaUv5y4YGd/OrP6kiWlk0TFJpd\npC5WtnM9AiJgrfYPFnWoWkePQYiiE4kmVuqUPkdxxF4eiFEUo2IwYDAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAJ\nBgNVHSMEAjAAMB0GA1UdDgQWBBSNuFR+N+j14r6u/p1ZhFn8KodeQzAKBggqhkjO\nPQQDAgNIADBFAiBu39pRA++MVgj8Fe6uhUkyflmhKAqpRpmmSahdGw0gHQIhAIr+\nb745mcWVqdhqNhRgauv4GiQ8dbds51jkjjeGLEHF\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUSnvLLAT//pVErcuD5H3Qre2jP3YwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDmORYGjP8rbbDMQb9PL5FdGG2XbBpU02NMFvVVf5paa\ng7G5xU3xBaz6CMMYciobPuvU+gFJT/Mxv7hyYwrHpuijfDB6MB0GA1UdDgQWBBQc\nDV7lt9lbly1pK2M7QvWfnQvXDjAfBgNVHSMEGDAWgBReFz/2/nNtoS+1L9ccrBw0\nQ1bwFzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAOrzgiWtl0BOH+f2pD64\nYeAxV93gDduCrDXGkliPn1hXAiBkkgMmSDzJHIq5GlCx/1V7Fp5/41wflJeRfGfS\nJcQ8mA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUaUQFVOjEDlZ1Y0Pzgj2Sped7ZjAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABEm+tM6q9Ey4soNfAXu7AFZ2seJjau+OR1QW1MFeDpN3\nM1gphpXCOdwtEiO8NDQuy6GgnWt7fHcAF7v2C0IsBeGjfDB6MB0GA1UdDgQWBBT0\nrDTqQZrBb9f3pB65L5l4vrcHsjAfBgNVHSMEGDAWgBSNuFR+N+j14r6u/p1ZhFn8\nKodeQzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgCKK7wdaczWbdosdLnqjY\nW7tkh9l2YaoJtpDxmECu7uQCIHe8c6OKXD/xNa2xIqjNLbxnQ64tCV1QWFP4u2sG\n17LR\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2185,10 +2185,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert includes the authorityKeyIdentifier extension with the\nauthorityCertIssuer field, which is forbidden under CABF:\n\n> 7.1.2.1.3 Root CA Authority Key Identifier\n> Field Description\n> ...\n> authorityCertIssuer MUST NOT be present", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIByDCCAW2gAwIBAgIUJU0GGthkgx2nWD8AoabkqPc60xcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR1eA/jiLcTLJY/6n1S6pXRwxfNQ22KzyVxjHUP\n/JaFOXTjK2LnsGmJP7Xi/jkYvYNvIIyoUVTi0K4RdP/d3AcEo4GOMIGLMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMDQGA1UdIwQtMCuAFGbVU5KmBxYK/E6MCIyFg3YZ/eyGoROkETAPMQ0wCwYDVQQD\nDARteUNOMB0GA1UdDgQWBBRm1VOSpgcWCvxOjAiMhYN2Gf3shjAKBggqhkjOPQQD\nAgNJADBGAiEA6bnwPmrLdF2qUs6SFGVk493+4nuY/ktihtx6IHAaURQCIQCJtZ3M\nxfqJf29ftS3v7QHsXA9TKt/a3dwBaA9GZZk0Yw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBxzCCAW2gAwIBAgIUSAOtjIvQkrlMB3rBofwAZDc4vx4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQeCuCdrU9dju5feyDzibuQ83JMc7POthv3n6zW\nm0K+ybljiYePEEG1JMVLBFYXduT1U8WrlWmkx3ZS734v0crGo4GOMIGLMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMDQGA1UdIwQtMCuAFFaf0ztoHOpnIe0z1jtMK0f5I97loROkETAPMQ0wCwYDVQQD\nDARteUNOMB0GA1UdDgQWBBRWn9M7aBzqZyHtM9Y7TCtH+SPe5TAKBggqhkjOPQQD\nAgNIADBFAiAZulDx8AdvKpAUyqg7CdAqEFoEK+BDXQyBfPYmTUuGdgIhAN0ARWKe\nB5MfgWitFK40kctX3v80gjleIiDbNZwblcvb\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUf9JcA3msboxXTj4yYCWDRaY+KQgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDZ8MWFegVG2rZoci14TfEdSdrvLBv52/atocwa91bkG\ncvGeY8H5hT+S6PMbj1NR+/GEME8eTpFAN8X051FjmLejfDB6MB0GA1UdDgQWBBRT\nHCUu/QLKUce+dK/TyCzq0Hu43TAfBgNVHSMEGDAWgBRm1VOSpgcWCvxOjAiMhYN2\nGf3shjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhANRI7OUlgH+hBZDDSGKn\nNS2lzRmSvG/1JWFw3YPIuq8WAiEAhnU+CD3yhuAgIFRzH+z+EqI/vLuQQ4edf65/\nF9fWJ7k=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUHheQTWoc2o0Oa8ZYsq0iQ18VdawwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJgY9YsWhZnXC74jRlXhoc8i3U5HDFK9Ipx0n9oCjNjL\nqw4bg/AUYbJB3OsxTdT8Oqa8j7wmpHQvEjm+iiEYqj6jfDB6MB0GA1UdDgQWBBRR\nuv7DHzOCk5t1lSPIB8AziBAUxTAfBgNVHSMEGDAWgBRWn9M7aBzqZyHtM9Y7TCtH\n+SPe5TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgYUlyWij7j0z10mn3scy3\nakLfpT1c7mNAOU0L2eJ6g0sCIQCbnlO6sVbYY6Nyvo1e5Q3eLFSPNJXXwWp4iKzh\nByZTTA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2208,10 +2208,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert includes the authorityKeyIdentifier extension with the\nauthorityCertSerialNumber field, which is forbidden under the\n[CA/B BR profile]:\n\n> 7.1.2.1.3 Root CA Authority Key Identifier\n> Field Description\n> ...\n> authorityCertSerialNumber MUST NOT be present", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVqgAwIBAgIUY8zuYlHIZggM6wMgiHRC0gy+wx8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATjB6DDPLsGXr0ESrW2lHlM+Ml2qSmeGWM+NxQz\ncEw4ALebZ3FQW9O727GSYRrSsqk8ZWJJrTiN5KaBpuZ83c2yo3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAj\nBgNVHSMEHDAagBTRId8q/xWM0khdbXK8zE++FjbERoICBNIwHQYDVR0OBBYEFNEh\n3yr/FYzSSF1tcrzMT74WNsRGMAoGCCqGSM49BAMCA0kAMEYCIQC6Y5fjzChWubZo\noKUgchYC/za9p+ZzpPWuU1qJ8TQqMAIhAJF7LiadNUZPrhqD5WOTrj/Ioyko25fo\nR3OFCgZ7xHHg\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBszCCAVqgAwIBAgIUG9Yp1S/GhSgEsgKYPNLoJ8JLWegwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS88h8ZOfovx3wPVA/oQeEdsvZgTLfNx3x0JlG6\nnRSKjH4DOXivti9wM6iFyb0dtUlt/BCIGc01lOhOIIaSwdSGo3wwejAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAj\nBgNVHSMEHDAagBRHaukcd1X4qTFDTvSedpKmKt1GKIICBNIwHQYDVR0OBBYEFEdq\n6Rx3VfipMUNO9J52kqYq3UYoMAoGCCqGSM49BAMCA0cAMEQCIBfAtVSL0YVpI9GQ\njFDY0S8Z9Scx20VqoXKNDmAMvRH6AiAv09Tz34jPsEJ5d3UnmjKpKSp2Zf6cxN8A\n8X7FIlKIEg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUEDxAYYJoMgxPeslwzwrcmq5ma68wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABCUchbN6/LnAlJXyi0e/jlW/6boUUwKgdhFpaw7cKuzB\nX6RRFYikWfJv2WnGqMZ0WQVdy5+xGT7aXs9ili7pleCjfDB6MB0GA1UdDgQWBBSu\nHVDasTo4iOWGh7y2XioDMh3f6zAfBgNVHSMEGDAWgBTRId8q/xWM0khdbXK8zE++\nFjbERjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAOVL91D291Ipes6Mts5t\nTcbyeWsIY8/fJ02CWRcQru7lAiEA1+r5aYlF85TmQr8RL02f3AaYZp/hmSD3mlB0\nvWzhi80=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUeyW3CvSR1WDBXpIp7E1q8dw3XXwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDzSU+L77Wki9JDhgzxkwMbh3loUyhkbug2EVTBAnu1A\nyimcd77sskCcttkWWhBpZlqvi4HSo23RmS75d2ddOvijfDB6MB0GA1UdDgQWBBT3\ngrohTIph9QwpFAyMr0oM3bMSSjAfBgNVHSMEGDAWgBRHaukcd1X4qTFDTvSedpKm\nKt1GKDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgc1IlZI3AU/aKhXVoKLK7\nTj/jSyN5phyaOmMOQ3RIdvwCIHNZ3D8Sc/QCpW9PFpxqpjU2wxjpsLqWpx3qttow\nPC9q\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2231,10 +2231,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert includes the authorityKeyIdentifier extension with the\nauthorityCertIssuer and authorityCertSerialNumber fields, which is\nforbidden under CABF:\n\n> 7.1.2.1.3 Root CA Authority Key Identifier\n> Field Description\n> ...\n> authorityCertIssuer MUST NOT be present\n> authorityCertSerialNumber MUST NOT be present", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBzDCCAXGgAwIBAgIUFvw+1+z1/rR3NVD/Nf7fblrv1j0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQDywqEdAtErjtuPUXovXyoU3Wo9NmmZLzj4Wj1\n3A+faRcD8hfcKMYKBwx9K14gLHbXGAvMpdMXvK65HkVj3a1po4GSMIGPMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMDgGA1UdIwQxMC+AFFOGiAsq2JU5fW5YIcDdCZXyCkadoROkETAPMQ0wCwYDVQQD\nDARteUNOggIE0jAdBgNVHQ4EFgQUU4aICyrYlTl9blghwN0JlfIKRp0wCgYIKoZI\nzj0EAwIDSQAwRgIhAM05M/IPDAow+iKRM52WSCsk9kejKuEVpievvtL6YX9lAiEA\nutN0ffZw7RkB0Q4L1s02FmQO73jId4g7z7roQ9nD0Xw=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIByjCCAXGgAwIBAgIUDjun5QDl00+/vKv3zrndLxOS+YswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQqct5dBhIrF2j42hTGoguY8IEZkgTkxoj4wLgd\ncWXUTFKTYTkjPa3USNmEUnVIzKwme/tJ0zu8bn4y1gEPRt6Ko4GSMIGPMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29t\nMDgGA1UdIwQxMC+AFDhDE96NgHqHOQ5oc72heuP/r1BsoROkETAPMQ0wCwYDVQQD\nDARteUNOggIE0jAdBgNVHQ4EFgQUOEMT3o2Aeoc5DmhzvaF64/+vUGwwCgYIKoZI\nzj0EAwIDRwAwRAIgbxJ9MqFDb631gJrWElAbODvwzj5rXm9o3Sz/oyxIreoCIA/x\n89LJDNFw5w5f10NRzcINgQMnMz5TfJjLfYsV/GWh\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUD8rXiKhPH7vuI7idboGMrDnSyE0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABP0AfaEx/1pTImgZ8RlV4G6Qw3Th1hSR/FoPvEkqK1r7\ntY6DLB1Lk1gOtxNYtg0/Oz8bWTQEluDO9smsufOBd1ejfDB6MB0GA1UdDgQWBBQF\nOAldtWIh9p9GX32+0nfe9CkfLzAfBgNVHSMEGDAWgBRThogLKtiVOX1uWCHA3QmV\n8gpGnTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAMwcQyQagpCfloNiW8ah\nYaYS4lnnn7r+HPoEWdO7whOIAiA/HEFmazXQrWDbLqI27WcwqxIsBA+SZ+LhKyN5\nv4jfHw==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUGzo5GE6fSdQcspRoDjwwxLx8dQkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABIqBGZy3pnE8h6BGStMG5Ll7bIN7XomCF5+/Sa1EhHmf\nMQqBUL/XaFY0No92q0pu8XVYyW3Bo+wfzFzoGKO7eAijfDB6MB0GA1UdDgQWBBTz\nGJN4NTpwWOpobpDmtsmUhRimZzAfBgNVHSMEGDAWgBQ4QxPejYB6hzkOaHO9oXrj\n/69QbDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgddRO6f/guCV3Nay7H0KE\njbXZlwKzbEXJxbTkFpkT1KcCIBJkRv8Vz7bZXE6//RVI0pOZ68b5xO9ly23W2z0V\nRYI/\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2254,10 +2254,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert is self-signed contains an authorityKeyIdentifier, but\nthe keyIdentifier field doesn't match the subjectKeyIdentifier field\nas required under CABF.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUIXRhJmhBrOt2dTpw6tWlK0N06SwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATC/5tfOhngnMM+PoFX/KqhUF0CFSm3jJ1Lrv9y\ntpncHU2PkSS6XpRqDc6Gw6Jzc/njsYlIpkkgpuv503/Fa/rXo3gwdjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAf\nBgNVHSMEGDAWgBSd5tIJLOuHTf5JfQh9nVQbyo94+jAdBgNVHQ4EFgQUbLRgroFX\nThYrF+VjVlAYktjoNNwwCgYIKoZIzj0EAwIDSAAwRQIhALTU+q0oua0Ih2f1dKnM\ndWZI3WP8aSqxyRDcOj1tHbxmAiBa822vsBod7BliDSn9QoDhtv8AfQIQ5YThjXjy\nmXhX4g==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUQlxhOVUOpvScSGHhy+uks2haMK0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASEk+25mDWV2sQiweqGRKOCwwYg6jY8g4OJhdGG\n9CiPA3UuP/Ju+Cq9Xe5dprS0SnhkAOGciKl5BNhoxeew9UQAo3gwdjAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAf\nBgNVHSMEGDAWgBRruUsTWkWlfivbo4fm3Ved6osj8jAdBgNVHQ4EFgQUPC2YqtIG\nqkr5IkgQJWuMxqyTUo4wCgYIKoZIzj0EAwIDSQAwRgIhAOAEilpOB+Truviv3yoY\nHaVAjzKhmz4VLQNdVyBkLtLtAiEAzvPUsJQ0xg6xB+LjcuNGQNW1LM6/hprhmND5\nKTAN1IY=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUVcHCwVwOUALPwQGCuhOlCRlZJMYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBEstwlQvg7iw6tkLuVjBGkUmk4IUwejLiJI9xCM9FTc\nX01Ii+SuiP80OvyrYqYSjuoswn7p/OfpHABHHiIkJIujfDB6MB0GA1UdDgQWBBTq\nEA6vrzRXvziAYyM9A02v1FfN7zAfBgNVHSMEGDAWgBRstGCugVdOFisX5WNWUBiS\n2Og03DALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgIXbsMQybE1z3eeKbbRPh\nioIeVPIqIRiSZzxYSDgRQX0CIQCvHqeH0zvMDqcmY6GC+ELNuJ7AcvkLnvlveSP5\ngPGwCQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUA2yGWXS298vZ6iNF3nkS6Dn5HnEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABABcvbPt+VMrQKNf8WEYuu7V2RP08tW2vJHPcnTAkUCT\nkutmaZBbRJRb3ZAo/yFs+BoZFguPfXxIogcEq9KqYDujfDB6MB0GA1UdDgQWBBRO\neXMSYjqk3vPZxDXFN44Y2WOT1DAfBgNVHSMEGDAWgBQ8LZiq0gaqSvkiSBAla4zG\nrJNSjjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAPZ17NsTk8etDJbVG0hC\niLAKooqo2gUQ+wnMfIj5Zb1mAiBuLEhrONlmS97NM2pAU2Qjb+8IEXNTE1FlbEUk\nNB6NtQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2279,10 +2279,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is correctly constructed, but the EE cert contains an\nExtended Key Usage extension that contains `anyExtendedKeyUsage`,\nwhich is explicitly forbidden under CABF 7.1.2.7.10.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUPzPP1RYEYKIitXfCS9ledG5Vi2wwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT3G7+N3K75V/OsLRV2zAIxfH0YBDMCbJXK7SZK\nYlv9huw7HLGShOkIiDCJrBg8jWO78glrTjA1WhQ34h5XrJ1/o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUTbqwSrPyFfY0srHTeb1gWyxOphIwCgYIKoZIzj0EAwIDSAAwRQIg\nZl+qnsc/nl6Ly1CaXmaIYDLca5NsOXM5LkBvnbGWMJMCIQCfZkZQMyYNl97qJwbs\n/8Iqms101JZZfN+9Gvptu5MG6A==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUOCJyOYhRg3vShmHPk92NSQvXlYUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATyCvEix2Nz+3kzyZEWe44mM42Kd8VEpuZOeMyk\nRBaWoFKhSeKZ4OlWoZ1IF9fWGU9BA3chnTQaz3pPQxTy53D3o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUOeav/vZf5zhYumU8s8WzpIq+eV0wCgYIKoZIzj0EAwIDSAAwRQIh\nAMhHkcIP0DFdAKRfeggKKZ/W+Z5SNPxvQj4Ehwb654yfAiBnJzX10TaeJzUIlSRq\ng/kWw38/ntCOPZH4zi0rBDOiBA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIURAEqEc1p1TNVUBAzCk/BDfbSFhwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABCCkPb2CJ7g0XaauG8bLYJg4h9PeWA7kgW1ZyE9HJiyb\ntDpfaAZwixY2P28UYO2Sr+jTGfceYCzbfAx4PnPttrCjgYMwgYAwHQYDVR0OBBYE\nFCafk66YbRKetrf3XtulTcggiHexMB8GA1UdIwQYMBaAFE26sEqz8hX2NLKx03m9\nYFssTqYSMAsGA1UdDwQEAwIHgDAZBgNVHSUEEjAQBggrBgEFBQcDAQYEVR0lADAW\nBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEA+NQOed3Z\nYL8xwesOBJYdZt15fV6zAzVdzu4VrFSnZ34CIBeuv1WHHiMuHbyHoC2LSp0tCpEG\nYRAHjieyfa+OsYck\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtzCCAV6gAwIBAgIUOIouqXs2s39+iq8BpdCtUPlpWrIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBb4KEceiGhxGh9dl/Y9lpeddOx1a3vi/gAo0goHmUZk\nrzmVXb5LPA+hYTLDAHPeYdDMP6U60JAUrUSTMWG6g2SjgYMwgYAwHQYDVR0OBBYE\nFKq/cORjSFVHQlUN8ratNARM0Na7MB8GA1UdIwQYMBaAFDnmr/72X+c4WLplPLPF\ns6SKvnldMAsGA1UdDwQEAwIHgDAZBgNVHSUEEjAQBggrBgEFBQcDAQYEVR0lADAW\nBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiA3EEWO8wQk\nRLLnqur6gacOBoULrL1AIhiE9BR9MJnSkAIgDx80pIEAlNS2xAdF4s/+UprhjytL\n3j9TQlehHc0+IaU=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2306,10 +2306,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is correctly constructed, but the EE has an extKeyUsage extension\nmarked as critical, which is forbidden per CABF 7.1.2.7.6.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUeMTXKHIFhfgqwqKUOuZNp0IGxnowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATTOikf75CiQ3qG+oCQjsUwyRnMn28NQQSqDNw/\nW3PoUAV5fEwTmxCO6VL7SnRa1PwS0gDvFxB1v7uNBoYEytLno1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUky0Pv84UxWOQGCAP0JD/j7JLjzQwCgYIKoZIzj0EAwIDSAAwRQIg\nBoMSfHqBsUdzVFxWwp3Y1Zt8ecj6jQWGRb72ruUIQr8CIQCjc/GLhznKLpRGTGHq\njpoXvz3B702l5iJrM9lgfRQJ0Q==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUSi1RKTDTwlq4L1kt6bRx6Ip8XYEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQEnSy7KAVH3GyUDE6Nuo8kCloF8AoPtvzssV1H\n4vI1ThdU2uYtKIIQvs532C4dTJ7cBtrWTi7R+J8dhkp0awiPo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUKwf7Ou0c96lCNrbmHOLqJ9pkvSEwCgYIKoZIzj0EAwIDSAAwRQIh\nAMJEMqaUOC/9ZynH4Vy+ND+JceqaAYJQx3AHfBzs1xT1AiB2SLFYY29rntcqSM0h\nJCf+gHYDagPi2JQjdRzlX+aM5Q==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtDCCAVmgAwIBAgIUQRsR5sGaMh0MNEZrt9+LK6MmotswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNM4GZgXjlZMcvBgq6MWGWvthIcgx9eCw74ISZLgR2pq\nz7npcM0NPGTuPVTNR2SjCpD4XzSlrINq2T0g0oYNDTajfzB9MB0GA1UdDgQWBBR5\n1w3oYB6B4Ux+RFTwG0v6V9gGRzAfBgNVHSMEGDAWgBSTLQ+/zhTFY5AYIA/QkP+P\nskuPNDALBgNVHQ8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwFgYDVR0R\nBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhALvzL5AAVc6aekpC\nszqEjCmpI4MROZClKL5XULzc0cVcAiEAjGKEAvJpcHXUaHUrNPiFf1lwP8+wnT/5\nHxQTuvMl180=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBszCCAVmgAwIBAgIUQeAV3aAlj4ect29VP7FsN9km674wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNhuZcavmeBiixxUf59AkSAxKZcJo8FzIYktcuORWlBa\nZ+AqvZ/MY9mHRlAIixN1H805hx10xzyzCWQO5xZSKbmjfzB9MB0GA1UdDgQWBBSX\nOKw9PeLnvNiyxDHmiHu1fL+PUzAfBgNVHSMEGDAWgBQrB/s67Rz3qUI2tuYc4uon\n2mS9ITALBgNVHQ8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwFgYDVR0R\nBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgGOVLY9DG05NBeqe1\n3q1uJnXwVON6AMp5off0nk8c3b0CIQDSYu0QIdVeO9Do3d38wFyh3i/qA5oD+gNS\nCo9zWuYMfA==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2335,10 +2335,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is correctly constructed, but the EE does not have\nthe extKeyUsage extension, which is required per CABF 7.1.2.7.6.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIULED6/vrw1+lRjYJwPPYa7H2M3AUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS0pz6qX5Atje0/eWenHWOzrpAZMaKhfqFGqaMl\nlL6UN+57KemgoC8yh62PXxIDbvgUh1axh9uEwLD83+HQGHrko1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUa/IXX0zOOyPyZjeEK/D4e2+X1sowCgYIKoZIzj0EAwIDSQAwRgIh\nANuFtueFSimBhqqqLX3Ss2OIiMzoe1tHr4zOLz5porysAiEA6hcQwWaz0e0WYng2\nC6gIcU5HzRoUHp+LrLPIAdsBN6A=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUbsNdJgRKB8KKtZH1bpZca498qVUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR+AZLQwwgeTcNouS3pwZ00StpfS8givphA8LZo\n0UjI8J19M6U64qWibdeojsiN87tMdbpOqDz+2XATWcLhsFc+o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUNvL9nnlc1Zz5F/IWqMCJ/DRrYtEwCgYIKoZIzj0EAwIDSAAwRQIg\nFof2F8DDW/ruXdRKDCBvmr2dLb7mFdbeeav+oYB5Cr4CIQDR70UMDmjDj2ebJmxd\nAGnpB04IWVArbcj3koUP1fL/TQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBnDCCAUGgAwIBAgIUUw1EHkXGhpT26slTa9uyEcnBXLYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABENOscmisabvv/TLiP04oKMEp2qzqfVh4yA4Yih7lxY7\nhwHY3AjNkUiRoYrwavr+2g5BrpaclFK4WAtRO+WgXA2jZzBlMB0GA1UdDgQWBBQW\nNCk7jghcFgwAN+KT7rUTI1QZfzAfBgNVHSMEGDAWgBRr8hdfTM47I/JmN4Qr8Ph7\nb5fWyjALBgNVHQ8EBAMCB4AwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZI\nzj0EAwIDSQAwRgIhAJwWs351rURlqgaq0+qrtYGgi16+emXkqOpy1v5yr13bAiEA\nvJH13PWpOuBGM2vJLAMRQWFmn2ygjkbOTRQFdzp5Vd4=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmjCCAUCgAwIBAgITZK4vZ0rr3VK0gD/Q88WEtlXQtDAKBggqhkjOPQQDAjAa\nMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwIBcNNzAwMTAxMDAwMDAxWhgPMjk2\nOTA1MDMwMDAwMDFaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAE9BdFXTRmUPEqcQCK7BKiNRRzONJhE4B5O7m0Ek1RD/J3\n/zsmmh9Pj+I8ixN0MRK78aNXs2qrBXAH1fx+PjuxI6NnMGUwHQYDVR0OBBYEFPTg\n/Qmcm+mq1+0hSMYCeZoIvIf5MB8GA1UdIwQYMBaAFDby/Z55XNWc+RfyFqjAifw0\na2LRMAsGA1UdDwQEAwIHgDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAKBggqhkjO\nPQQDAgNIADBFAiEAuSegLnAAzkRtWX3yAtHNCGBaZQeBuBLfcCS3VxyJB1wCIALG\nmTKTXhhCWKD1SSyPzsmuWTYV7zPqSkomrUlb7Bq8\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2360,10 +2360,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert includes the extKeyUsage extension, which is forbidden\nunder CABF:\n\n> 7.1.2.1.2 Root CA Extensions\n> Extension Presence Critical\n> ...\n> extKeyUsage MUST NOT N", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBozCCAUqgAwIBAgIUPv45Q7X/lc4PniamVNZ3aa+xiZgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASYTyLwo99eQDuzaRMfc8Zvz6uLttFwO8D24GFj\nVLkl3X4KRrinDzszoZbpPpch0qmauB45F0aJ7pxiByH7B69Po2wwajAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUtaQikgHwhzu8AN8laAs0czLLgtEwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwCgYIKoZIzj0EAwIDRwAwRAIgZTFybqHAYMjQDypiDBELxxzPTELW8YtuI/Eo\nvTLoXG8CIBNRtuA1WCHqD66tLWrSQ4eEn1kZdLlK85HwY1tGeQdG\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBpDCCAUqgAwIBAgIUMyyflMgwpE0TEtlc2A30XdOZ2DswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASMBSFBAyis/rU/OAc6sridZMYCzsvQRXQeZLM1\n9kWn3cAmlKkWzX/GQrDASfTaT7eLEDkOy5VACn2+B7EZf5OFo2wwajAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUeP9BjMxwzRPjkrOMLGtjxfFm+jgwEwYDVR0lBAwwCgYIKwYBBQUH\nAwEwCgYIKoZIzj0EAwIDSAAwRQIhAPi+t6EkRP5VhUN/F6V4F3qOO3T3E+5OpqoA\nFv5SYO4UAiAN2fOtTRdi0yZCtfJWiFtSPGVjlTxFscQVlH1JXD3AhQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUC+ARfXjLLCAkPDNs+9hWYfKvdLUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABKYbNP0xHOYE0BzRoX+NCnPzOos1K5OY94uS3U1GCdD7\n8rrqXcgirW+Qy4WAGsZMNCk/jG3ycSf8jd7Pfk9Dou+jfDB6MB0GA1UdDgQWBBRf\nlFmXoQS7bfptNueTuhNrEZBZRDAfBgNVHSMEGDAWgBS1pCKSAfCHO7wA3yVoCzRz\nMsuC0TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgEkbS+8q4nHlxuY4OxZIO\n29aVT0ifrjhRS1hLPJbIx1ACIQCv7fM5rV7itqbYfC0TpphVMSHVqmHxO7KFCabD\nEJSkgQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUc+973t4c7CVGJravEvtsLmMrUAgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABH0wVxI86U6nAJW64vrX/BVKS6h80gOoO+0bjSfRhz80\ntfTIgqvC8rnr11mfdtKOL+XQmE7iGQ9sNQSnjkctcnKjfDB6MB0GA1UdDgQWBBRq\nigDZC3g5ONPgd0hmDm4mOi53LjAfBgNVHSMEGDAWgBR4/0GMzHDNE+OSs4wsa2PF\n8Wb6ODALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAN3BLAFAa5vlHuvSmbkL\nhGlq1LvP3ld9f5vTLcuxQwNAAiEA48cf8vFgK7IYj7qMJusDRN8RKg0thSi4Bbyt\nI6VZkaw=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2387,10 +2387,10 @@ "description": "Produces the following **valid** chain:\n\n```\nroot -> leaf\n```\n\nThe root contains a NameConstraints extension with a permitted dNSName of\n\"example.com\", matching the leaf's SubjectAlternativeName.\nThe NameConstraints extension is marked as non-critical, which would\nbe a violation of RFC 5280, but CABF explicitly permits this as an\nexception to RFC 5280:\n\n> As an explicit exception from RFC 5280, this extension SHOULD be marked\n> critical, but MAY be marked non-critical if compatibility with certain\n> legacy applications that do not support Name Constraints is necessary.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBqzCCAVGgAwIBAgIUGyHV8fEZhnjTHfLyUH+Z9ST9CcswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR5AbRMDAPPKCWsYI2fC2/W13JARSg1iKyUwqk/\niThbsKaLbg50CrXFCz4gI9kfLYdMhfmf5dVs+3BEZdvByt9Eo3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUdFx+9xMITp8EhMrtDTyFsXB7HAcwGgYDVR0eBBMwEaAPMA2CC2V4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0gAMEUCID1EnjKYmNKJFrbSLOdTGvyTI4D/\nFPHHSklb5zCFJa43AiEAy+Xtm1t1stMcm1Yrd0is5fC3nBA1LemS0CZapdBoY1c=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBrDCCAVGgAwIBAgIUXR7XTybo+Ip2mNVeocZJ6o0PrskwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARTmc1CjilCc1iAnaWxRTXO7ogi06SYUyRB2pkf\n5lhtm3rIpi+6Ds0rAEKTrLCbWOyVshYks3IjRBr52mZ2dHZ2o3MwcTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUqf9dUmvyPe4EgRReNFHlXod+O+YwGgYDVR0eBBMwEaAPMA2CC2V4\nYW1wbGUuY29tMAoGCCqGSM49BAMCA0kAMEYCIQDuXBpOc+/5S1dy6PI6t7q1Hq+/\n8k5x23SS9G1oFWPIOgIhAJrsD2lo3NMiYcja3KsTbn8sUny1wcFGPgQ7/QiaE3PC\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUO3ocSK2Omo8Ie/tkI9vKt8YyZoQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABL1aI5j41cbkoNRXYWULZaPXFC8LYygqCm00438TJrj8\nBMgKX8sS5pX8nIExIj2jaemyrSP6XPIX4ndMA40oZjOjfDB6MB0GA1UdDgQWBBQO\nx6x9L7sVZZJ47o4P8m6idkCV+zAfBgNVHSMEGDAWgBR0XH73EwhOnwSEyu0NPIWx\ncHscBzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgfHIM0Tfvzb3Ha2ZvZ8n9\ns5l382sLU0SnkexJYiIQXNkCIQDRqqHZ/YkpF/DRV3MbsQRHpDsVN9XpCoeGAyXp\na9b0yA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUTYDsYt9NUalnyQ4B0leHY/YdFkMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABDSzLasGo1I3aYpqqEx1sjk+9UngPfV54JzxFLSwGuwM\nnlNU/sj6NIbrrNr3bMwU1490yGlvT3b2aRUdEFVkcamjfDB6MB0GA1UdDgQWBBTL\nwoSXfTE7Ig87ERgKoHZK4FhxiTAfBgNVHSMEGDAWgBSp/11Sa/I97gSBFF40UeVe\nh3475jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgY/b2x2uQfckbRSvKzBko\n5hfqtQwypnuXLi9LpUqaEFwCIBbv5SDnl0E2mw31laMX//c9ZV0kGL2EI2scfPyU\n0S4N\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2410,12 +2410,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> leaf\n```\n\nThe intermediate contains a NameConstraints extension with `ASN.1 NULL` for\nboth permittedSubtrees and excludedSubtrees, which is forbidden under\nCABF 7.1.2.5.2.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUS7C1u28PvW9SRiPHpTlznmc+7skwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARO0Pl5AYcr5q5DTQGLZ+9ryFYTOvCnWWlVsz6q\nm+LsQKidU838ZuhR5t4JOQi/TMNcyy0Iq5IG2UbEky2rLTNao1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU/OmL6XuGAkJWx5xm7Y3AtExL/hMwCgYIKoZIzj0EAwIDRwAwRAIg\nXZPLk77mpzagsE/7uTsRk0Sb+WFyFkA+pIuKKJO1lhkCICoHaJ/9n7zGcdzlEcgO\nndhuKXXpsh7bwO+CKE2hs4qA\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUb2qhdI/h0/Yrwu3s7qPr5LHrzGkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATiNbR6esJWruQshWaI0YNA3DboxlzuoCEe97gm\nu6f+EFOwIbygfJoZZC5AcG190ylS5JxJ0W7Xoc4SCwvzNknho1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMEErnUqk+F203uMW5G6K/EWvh18wCgYIKoZIzj0EAwIDRwAwRAIg\nW0d5J/DAFVqcsG5E86RMvOqoACb6GqzxIkSnqwPmO7gCIGok6Cjs1MK3nXQPSF11\n9Mdn/q9x+/AWC4pTDu5tXNWx\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICEDCCAbagAwIBAgIUBrV6O3Oc7b0pidc+ZgwIqbN7e5IwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA0MzIxMTUwNzAwNzA5MTE2NTA5OTA3\nMzkxNjE5NjE4NTYzMDU3Mzk4NTU3NTI5MDUxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABC4rajmL9r5l38cAkMvclseJc1qesn1KBtrIT7jNcKyS4zC3dCpeZE5NrWIZ\nrAkfQgfsSGVl4I1U/Qyu/2OeFumjgYcwgYQwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU/OmL\n6XuGAkJWx5xm7Y3AtExL/hMwHQYDVR0OBBYEFJwHznIaCI3XdEJcW4JLfL7vfdZh\nMAwGA1UdHgEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgKaPmbeE2kqUXT0Yq+T4g\nSI+r+DbhqvU3//2Doq6X7BsCIQDbAltCn4INB90zSyvEK8uGhEzsoLm1mxDwYdjo\nMuXNMA==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICEDCCAbagAwIBAgIUM7f/YeQnYbQGFOP0wZgffJQDOjswCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA2MzYwNzU5MTkyOTQ1MzIxNzg3NTM5\nNjQ3OTA0Mjc3MDgxNzM1Nzk0MTU0NDA0ODkxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMT/L0Fv8ck7cyRZDfFyDismTtp+KiCM0QCwB2IyUgQFs1XDPXCKGrcw2byS\nUlJE+W55a15fm9BRd+UmU6eKp8GjgYcwgYQwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUMEEr\nnUqk+F203uMW5G6K/EWvh18wHQYDVR0OBBYEFIKsekMETMdL2nBg4kRl5gDwg9R/\nMAwGA1UdHgEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIgKc01cnUpbEc2MUJNLQqL\nRNVlwvL3Rrbz7gAPqWk7eY8CIQCAiNZ5/HGvtxZDM4pCivW5R3P8oVoPC+WHFpxk\nep+bSw==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUZ8L0DkUudOwpagVFXRB0X2g/t1wwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNDMyMTE1MDcwMDcwOTExNjUwOTkwNzM5MTYxOTYxODU2MzA1\nNzM5ODU1NzUyOTA1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n07nm1AIphZpUYfbTMwBqlszGuDiPQHPztKnwsnZpTAwskCDQb2joblmRMT5ilDxf\n2Pr6OEiurju6cGGra+H8xKN8MHowHQYDVR0OBBYEFBwPlS25Iptr1nqzc8jRG/rq\nB02BMB8GA1UdIwQYMBaAFJwHznIaCI3XdEJcW4JLfL7vfdZhMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEAnaSayFgi2kQkjVjQU/XBzhjWHmbHpMoSH4lQB13S\nqRsCIQCeb2T8sa9DBvWHWX/vmlQurduLLqyGJQdy3UB4P44YhA==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAaagAwIBAgIUHD02cDGUNUdcFuNMKl8/utDPbbAwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNjM2MDc1OTE5Mjk0NTMyMTc4NzUzOTY0NzkwNDI3NzA4MTcz\nNTc5NDE1NDQwNDg5MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nVQ1NxJB7G64pClB1D2MX5u86w1lxsJYWofZVs60BH+OI5EWsMx6D9zFwUv9uWFun\nYE79QFwp6jpTadjteasHwqN8MHowHQYDVR0OBBYEFMj07fIbS/6jrC9fTrupVjtv\nR9ifMB8GA1UdIwQYMBaAFIKsekMETMdL2nBg4kRl5gDwg9R/MAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNJADBGAiEAgOWzDyAA0XF3xytNzpfNyEl/62aBpZmbo/WOMzb7\n9w8CIQCHg50K5r+3MrUmujd1vDhrSm9HE0fKJQJIxvVicl980Q==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2435,12 +2435,12 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> intermediate -> leaf\n```\n\nThe intermediate contains a NameConstraints extension with empty sequences for\nboth permittedSubtrees and excludedSubtrees, which is forbidden under\nCABF 7.1.2.5.2.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUIVi2yC2akTaLRonv1j8diPwMuDEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQBeBvRr1YAPCSzGnN6K91F44sUsLXtDqsfsLTq\nP87naeHKwnxs2TbBbhR+kEEnrfIDQEQ3Am/2Gp+BCO/8SQ6po1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUzwhWOiMgW+N8hqD/vM9org93W24wCgYIKoZIzj0EAwIDSAAwRQIg\nCs8p4OL44nzmqaKMhq1IPF+5JpMb2CU9XHX10OYSdwQCIQDfeXOLlcQ62LE60bzz\n6B1rd6Gw7OMptwQz6jarQXdwyg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUWDZTiUVZRSy/Ksk2xWABskJPoiQwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR+ICj+gwQwjctqzkeZIhMhMDOf32dO+jNwrs82\nuQUtfAsiZ2aGmhGjmntKAqIJFdB2SUwuNyLy2T9qWE37tXTlo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUfjVe0xt7fYs/LG+Muqp82KBO3xIwCgYIKoZIzj0EAwIDSAAwRQIh\nAPnfNbuCK3EGjXykJUcPvHryo9z2uG4blXLp0UoxUuuhAiBdjgDYr6BESeUo0MKv\nkVXpoV2UT7/vJ+vnTxvkAsfxfg==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [ - "-----BEGIN CERTIFICATE-----\nMIICFDCCAbqgAwIBAgIUHyLcjthucOppDr+12aCdE5wFcSUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDAxOTAzNzUwODM1Njc3ODgxODI0ODYw\nODM4NDQ5NTg4NjYxNDM1MzgxMDYzODIzODUxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABF2M431FzcIaaahMjytRQDkM9NBFHuYsyRKkB6rTDRx89G5ANYznKeKo4VLk\nr1uMpL9Nqsh5WESZjcLkjYv7WJOjgYswgYgwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUzwhW\nOiMgW+N8hqD/vM9org93W24wHQYDVR0OBBYEFMGkaHZmwmPEwtJ6vQWAz1bVb+62\nMBAGA1UdHgEB/wQGMASgAKEAMAoGCCqGSM49BAMCA0gAMEUCIQC9jVRIGDnrDDRj\nWkQTtH9DAiWUZlu+ekCyRJ06BHqLsQIgU4jd3oqVYR/c32BZLbq2cuRK0Ewvl/1J\nDVzvE1VPdkI=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIICEzCCAbqgAwIBAgIUXyY9JYmYF9B1tVsw4TsOsNsrYr0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjBqMTkwNwYDVQQLDDA1MDM2MDI3MDUxMDM4MTUzODUyMTIy\nMzQ3MTM3NDc0Mjc1NjQ1MTkzMDc1ODQwMzYxLTArBgNVBAMMJHg1MDktbGltYm8t\naW50ZXJtZWRpYXRlLXBhdGhsZW4tTm9uZTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABCSMxOj8ZS6gd5dcw+je5Dd1zYgPRE4y4xqB1/bDYfKq50Nw+AcSi0GoQ4cH\nPj9HsMPjhwZZ+rvsrqtEqPZovDGjgYswgYgwDwYDVR0TAQH/BAUwAwEB/zALBgNV\nHQ8EBAMCAgQwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUfjVe\n0xt7fYs/LG+Muqp82KBO3xIwHQYDVR0OBBYEFPiThUOKpBl3YE5Znh7ZekG9Z0E3\nMBAGA1UdHgEB/wQGMASgAKEAMAoGCCqGSM49BAMCA0cAMEQCIFDerT5vfXivJ0A1\nue48NvnEmikAFX8PKxc+Vd7W0/dlAiBogOF7pwZMnjAqv9ujTMkyNMF74o6DZjb/\nIb0hL/Rz2Q==\n-----END CERTIFICATE-----\n" ], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIICADCCAaagAwIBAgIUBSeDRZv3NfST71o1BFW7v4OscMgwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwMTkwMzc1MDgzNTY3Nzg4MTgyNDg2MDgzODQ0OTU4ODY2MTQz\nNTM4MTA2MzgyMzg1MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n5U8xlxNY3qKEDmsYNZClVYf06v68Or22z+kLBMi+oTWEzZk6rA8DG/xaeLWidHVF\n9LDrih3gbF2oGeAuxYX276N8MHowHQYDVR0OBBYEFAZHxn7PVj09pwVZ3HS8Wzy+\ngRxjMB8GA1UdIwQYMBaAFMGkaHZmwmPEwtJ6vQWAz1bVb+62MAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiEAnETwwmYNyeFOk9btorDhOVjr0geQqsvvhrGroc+W\ntx8CIHEFIxySArBlVedlmRuzm3rA14znkVitPL9eFHyz4ukj\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIB/zCCAaagAwIBAgIUfZOIRszLvJK2cKq3Kl+ew5tjgmcwCgYIKoZIzj0EAwIw\najE5MDcGA1UECwwwNTAzNjAyNzA1MTAzODE1Mzg1MjEyMjM0NzEzNzQ3NDI3NTY0\nNTE5MzA3NTg0MDM2MS0wKwYDVQQDDCR4NTA5LWxpbWJvLWludGVybWVkaWF0ZS1w\nYXRobGVuLU5vbmUwIBcNNzAwMTAxMDAwMDAxWhgPMjk2OTA1MDMwMDAwMDFaMBYx\nFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n+Xar3I+J3/Ze4VAKTj8tf+D0hYhb5smIrt3LhSSCsSNUAEMPSd0C5AU1YwTZ1rKE\n+u3MkF1IvJEPX5jpgjcKJqN8MHowHQYDVR0OBBYEFKp46DKmJEa3ZDCDK8C+ev+u\n8svzMB8GA1UdIwQYMBaAFPiThUOKpBl3YE5Znh7ZekG9Z0E3MAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiAE+EW1UrvivBh6yegPWB3mbUc5ZOYh5JO2CWzEyx3Z\nEwIgdcCuZNBC/4A7gu15w+cU+dd4DdU0DgZSQr0r+I+wJEQ=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2460,10 +2460,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"example.com\".\nThis should verify successfully against the domain \"example.com\", per\nRFC 6125 6.4.1.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUTM+VnEF7yEPWU09UONM2jVy8v80wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT28UKg08gpWUX0SHAQbJiRGnukyLEywm7f9LUU\nkn/RvV/YvWVP6ECLmiJOOJJR2mT0dDEeHn4f+cd88HWb2U7Do1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUoNhH0vhEBFcdW2oBTleDhxOpzzowCgYIKoZIzj0EAwIDSAAwRQIh\nAJqj/cmSxT7yOuqpo5dEVe5XnuQQ/UJaFPSgR/Co1iYHAiBTiJDsmQTtqxmha1Se\ndzDmv5TKTdOO2cx2gP1by6MRYg==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUM+yjSaDd0RSfCZdoDCeuB0doRvwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATJGQzXkNoGajLjzOZhUAcC3GznaEYxFQTVdlvJ\nsG7wtsBcFlW1EZsRugPAppFdGKd9ha1fBQuoJP96vbULydmno1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUMY/kAzTGToT+c2cMNUfhSY2p8+EwCgYIKoZIzj0EAwIDSAAwRQIh\nAKcbR3DqxlG0w0ICgFusVZkNhQ+UVMoui+gNOTrRGsfqAiB2aEEnPLSQEjjK3CcE\nCQqyK/0m2baWxQq26W5t3KQO3A==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUa+TAy301GkNPRlA4PjMsOira2xgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABAjgexM2tBTCTWXfy+rbuzpKeezNXcOKEdTLHIjXbNqp\nWUaPdY9n+TjQ6R1NwJ6/tqblfHtG+y/oBPr18/4TEhejfDB6MB0GA1UdDgQWBBTT\nUNQEDBpxGDu6v86SJhRV7SA8LjAfBgNVHSMEGDAWgBSg2EfS+EQEVx1bagFOV4OH\nE6nPOjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhANJ9L/SXgQZ3IS+GCAmG\nHahEI3slrdwZctmGZcPL354eAiBUsxoimx2P5D/5jDoFkRkw5hwpSt2vaiNGkwfc\nu8XgBg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUI1Ok8+/Us1hLtSmzMI2QLUfhGWEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABAedWVo6M/7t26VfArTl+QPMEYqGayjrUlXY0lukhuFw\nta+LqEkJ9bFp2xU/+OZjg5q6nxk3oA4DrgAiVQ3W+iSjfDB6MB0GA1UdDgQWBBSF\nD0nMk7GzfxMUkxgzlyK05IwD2DAfBgNVHSMEGDAWgBQxj+QDNMZOhP5zZww1R+FJ\njanz4TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgHinPrPbNZ9QBa7Kqktlb\nj1JRYHLIGbP/CUSrM3Oi1cACIQCeM9O1RfIGraOSbdFz11bRPX8O5lRDtRvjhtP5\nnt88Kw==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2483,10 +2483,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"example.com\".\nThis should **fail to verify** against the domain \"example2.com\", per RFC 6125 6.4.1.\n\n> Each label MUST match in order for the names to be considered to match,\n> except as supplemented by the rule about checking of wildcard labels.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUJqSUrOs1reokqCgNgZf/gkOqxFYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATCY3QV6DUx20lEOkutLTKKmKuQMtLUwceDcn4m\nYxrDDG5GQduNEnW9dZTbWRonFmAIBMsRb3AK/oglrBIlljlIo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUTReT6d8RiBpzgK7F1AwDyw80Q14wCgYIKoZIzj0EAwIDRwAwRAIg\nYEoP7N2RWdO+xSkJWVOnn4ZGjCOVNNAys6isNcKRTK8CIEep7HnEsU+Gah49kbeX\nzzrTKRYFnCRryyH8UI+YG/iG\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUbDj3Ktm9uq5KFotBCvP4d9zlRLUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARvyItFPPtAmhGiXQJXBxhCtLjn+pLas0dAO39D\nkfWnwRedncamwFEVANyLRqjVc0EiVz3ujgWwOD2Q2TcEyFKso1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU3e9wXj9/cnYdc9UVCeoTPkHdJR8wCgYIKoZIzj0EAwIDSQAwRgIh\nALVT4sX/fxZHAklhwH+KGo6LLZVO/5R9bXEWVo8j7tMXAiEAhdgMX3Q2iE/8v6u8\n9qI2zyKOKFWYtu5iVXtnoVZER6o=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUV2w4TQizCwX3/CI3gLdYH4GGJ3AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNnlnPMr65hd0WvKHPA5W0kGzSz7vyKwbe2gDoS3sotj\nf5j/jiWxUtc5lHiqwE2Q6Q0QhGVUX0E9jIGxj+tV6GijfDB6MB0GA1UdDgQWBBRh\nNgzJwdevE49mgCRrfo1NLFz+nDAfBgNVHSMEGDAWgBRNF5Pp3xGIGnOArsXUDAPL\nDzRDXjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAM+ZU8AZrYQhUfHiGJzl\n/euEuUrlneTGitGmwZvR7DGGAiEA/v+lhL+McKAzmxHWG0bzNQThvDt5ml1lGvq0\nLXO5pZ0=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVagAwIBAgIUGF/M88Oh1wwdzvTxiyXtZmFHF3AwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABG4FQqUjks3jW3BSfCPuEZ4j6Iq/hzFF1QouiiXC90nr\n60lwm9YhzCWGj13Kpy0dIEinolqjGqejEd1sHWO+FqujfDB6MB0GA1UdDgQWBBTa\nNd3rpwYxCGsgCUvXhbKd05wZATAfBgNVHSMEGDAWgBTd73BeP39ydh1z1RUJ6hM+\nQd0lHzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAP4wQqZ2fwOwM3uCZH0c\nsDWYrRcmOENcNS5EBRifh/+nAiEAqeM4GAqWk26U99mWUei+8GRFsB+6grg+2y+d\nWTbKiS8=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2506,10 +2506,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"abc.example.com\".\nThis should **fail to verify** against the domain \"def.example.com\", per RFC 6125 6.4.1.\n\n> Each label MUST match in order for the names to be considered to match,\n> except as supplemented by the rule about checking of wildcard labels.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUfEsrv5xqVxIUxR4kiVA24TrX3/wwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQkpaLnmwF8Xd4MTM4P6p9LKia+TEZhCTc5bKKv\nD1I3D+gt4Y7KsgOjo9NHj8Hd2P7YvVCZQui9W01GDNnBLMwqo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUqOd+zgo108wDSJpHlKdGgeZvNjwwCgYIKoZIzj0EAwIDRwAwRAIg\na8tfkWONMfMFFPVlSYjponPbJLmVYhu2wyxZ9H4LJ/4CIHa6uBbqS+8Kxc/w+Ye4\nNVNACXmHs+QObtPGtjl8LLdS\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUbr4hz4alyGBoSAw5f32yfK7nMZEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATuG/rze2WK44XKdKxF05WR/6AKjFbw2Tl5J8b9\nMe/psMMXCWdxKu/G8PFXvE8TrzBm2sgwz2kC6I8nznXnS2xXo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUWdRvaOPf6RqGWf6uFV8CiMFCK9AwCgYIKoZIzj0EAwIDSAAwRQIh\nALzzSGQ3fEmuay+6BS1ogoktAbe/BdfMitVlMJQOEN2EAiAtPwXgBG29GRjbaJvp\nf/zyPrIG2iQyK2wB7ekFTEY1bA==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVugAwIBAgIUO6abixaV/hcxOTB4nhpBK21d0fEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMcvDmX3XVD7hL9aEtIx8r4zyIeI+oQAKlEycbfoTdkZ\nN5K4HARwee7DwCHqUWmRWduvUAdwDOYpNT5dXKICqZmjgYAwfjAdBgNVHQ4EFgQU\ngLVmKJbB4wseNhylK9qKTqltT0MwHwYDVR0jBBgwFoAUqOd+zgo108wDSJpHlKdG\ngeZvNjwwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2FiYy5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEAjIFAAULu5TPF\nJBV3gZXBTrSluMM1Gu2OIL3vHypiWuQCIEWAfDt4U/NQCeq9zSJFXts3Lq40zNPy\nfmjn0ddmOLIR\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVugAwIBAgIUW29ltV9O80fLCQlLDrkq2ZG5kdYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABFIP/s6cNf4jQf5faUQSaNrSjZLkIobHVM7bb2Kf5sQZ\nuOfBslbtCUJCcWt/IL2rt1z6FqdZvFds4PBAnI3qJdajgYAwfjAdBgNVHQ4EFgQU\nanMH7vJ7IggaN+wAZoIRGi2BbvQwHwYDVR0jBBgwFoAUWdRvaOPf6RqGWf6uFV8C\niMFCK9AwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2FiYy5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEAqVRsRJilW152\nQ3C3LyQkWYVYz2sAN65bCAobFmB5zRkCICXAcHpqFxfy+ndONz8pu+XrxaFDd7RN\n9sBj1LIdeuQE\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2529,10 +2529,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"example.com\".\nThis should **fail to verify** against the domain \"abc.example.com\", per RFC 6125 6.4.1.\n\n> Each label MUST match in order for the names to be considered to match,\n> except as supplemented by the rule about checking of wildcard labels.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUX041oaNDgekSDLfhOlJaSCjqVJcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARncaKKCezUn88ixfki8kH+u8f+T3OV4CLZePCb\nXYyktwVseINBQfL9NJiCI4D7mDprheyNdxM/3i7wDlDzxMa8o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUf1nqRO14JddNocLi+NQJ5B0pFYowCgYIKoZIzj0EAwIDSAAwRQIg\nRwLsHK+6/VkclctcZtqZCT8y8T2D6Kr1zTb8gbO+KmECIQDqO0BkKOR0DJmppWQJ\ng+2bS5Q2KET5CenNhVykarxZ0w==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUGtfhsm9qXo+jEIniRO1ROP2nFVEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASf0oK/HCFqcdAQl+ojXE35rZrGOb6MpAZSxarH\n3kIUN5cT29VzDsuSoFFLUIaR+XCHZFh8oywbF5kMeyGeVA3Qo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU9FPBg1w0sObh+xdHIrxle8i1dYowCgYIKoZIzj0EAwIDSQAwRgIh\nAMWb63PEP2aq7EFXg6WAtWKvul49LCDYtRoQyaJbdNMHAiEAybYxiNi9kgG9H3a+\nW6LFfstmF+OPHkuXZXJMn0uy7tU=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBrzCCAVagAwIBAgIUHI+ofM3O0uOg1mfrIep/MaVW55QwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABB0qPzFp9014t7OFHbUrJJhLfiYVWGYs+Jbe5xocRIyE\nkoG6e5T+YX78zTSG61PcKx3SQZL9Tk9+LDfskG3+s4OjfDB6MB0GA1UdDgQWBBRz\nPvPRFbsJx916Iv+R9tRafuwcQjAfBgNVHSMEGDAWgBR/WepE7Xgl102hwuL41Ank\nHSkVijALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgWXcV/vK1qoWYwmNFJIIz\nkJW+PuDA9e5MA+0RyqDdNlkCIDvVkxyKv2JqthnEUFvvcE8JsZjsQKoOboIS4vDV\n8x9F\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsDCCAVagAwIBAgIUI4OyWBspREiyMobQB7yyn827YaMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMRA0Vk6sda/NSFE9k0Z96Pf8JG3NXuUPGV+bcR4jjep\nxIBvj8htKIweOdd9H9Os3XhBgo7bo+DX55e+4uZ1aK+jfDB6MB0GA1UdDgQWBBQM\n7VsufYIFvOwUXjCBFmKcblxDyzAfBgNVHSMEGDAWgBT0U8GDXDSw5uH7F0civGV7\nyLV1ijALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwFgYDVR0RBA8w\nDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIhAPLYJutF5m/R66Tc8L6l\njD9FnL+gPJ8LPZyWQitoZpr1AiB8LehCJl2uFjd8jcz5NPmipNYmTZvRPjZekUUY\nCzl2dQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2552,10 +2552,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"abc.example.com\".\nThis should **fail to verify** against the domain \"example.com\", per RFC 6125 6.4.1.\n\n> Each label MUST match in order for the names to be considered to match,\n> except as supplemented by the rule about checking of wildcard labels.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUIKfVcm+fCNzKHCon388GMxwypMUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAT0r2tIDrm6gudwTsCjNUUejUwU+DhYXgjOQzSg\nbUFOdbsKsP9cKg8pRSVlQPIQv0wLUst3W0Co+Oq7yGQdBdtNo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUtErpuWBz5oOHiPfBkjxcHxjVO58wCgYIKoZIzj0EAwIDSAAwRQIh\nAIldd2/yXkKaczEH2riLWmrfj5rA/ak1xFK4AZaGbmeGAiA36J80qZkKPzLYDBWo\nKdx5qwIi92JWDLfvsfeeJWSpbw==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUATCq5nNspKg0ByqUMAxC35LZyZgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASBmkvCj4UepEmkoM3WpQo5txJI3bXUjCnncfPm\nRN/ZWBqWCS76rnhSsKhqsZI7GIvfXyQg/FIkN9249936IPLdo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUgxbs5mQ5EeMcisDFBKev5yvi74IwCgYIKoZIzj0EAwIDRwAwRAIg\nfd8aFG/HW043yRpoLkJVZw7Q/LfjzsJXWptwiMLgKhACIDzHUb7CLB8uSQXXuTvA\ntZJSJjw/uWmr2e7gL6IxZTr3\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVugAwIBAgIUTSqH3HXx4u3iW7FQo4k84RTtRWAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABJMIOcKhxW6MmNMvZU4TKVt0lsRaBb281Vns7dahb05K\nbikRCIfrZDW2lOiwyTsQjxdNHDdXHy/Z+2lTfy/MKL6jgYAwfjAdBgNVHQ4EFgQU\nzbDmae7FiPEFnMZfo+aMYzxjpgYwHwYDVR0jBBgwFoAUtErpuWBz5oOHiPfBkjxc\nHxjVO58wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2FiYy5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiBnSALEBOLoOv1x\npBvm+5VVOK0x+3rvivTlV6uLxiCX+AIhAMhnwQ/7V/oTs3tPpPmQWjTjrXyGMpbo\ng/dcms861RaO\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVugAwIBAgIUdLKL7S7ShIukuCXVBRkKHiaXPnowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGReUBvf4qlzk4KLudd1yVXTbtdqENYzAC+P9lg0BUTu\nzfyuHtq0kW4vXzcsDLkY2Swh7y60/5FVArujepbsN+2jgYAwfjAdBgNVHQ4EFgQU\nBUBBuCAiZ9cxIu6BOJs7t9Oqen0wHwYDVR0jBBgwFoAUgxbs5mQ5EeMcisDFBKev\n5yvi74IwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2FiYy5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiA5iXMv2iegJoDd\n/ce7xAtQweIKIxU9PA1BLARbTKYm2wIhAIWHjkSWAr9MQ/c3n0oHXcW2XM0MEmvL\naJxuHFp1Ws+M\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2577,10 +2577,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative name with the dNSName \"*.com\".\nConformant CAs should not issue such a certificate, according to CABF:\n\n> If the FQDN portion of any Wildcard Domain Name is “registry‐controlled”\n> or is a “public suffix”, CAs MUST refuse issuance unless the Applicant\n> proves its rightful control of the entire Domain Namespace.\n\nWhile the Baseline Requirements do not specify how clients should behave\nwhen given such a certificate, it is generally safe to assume that wildcard\ncertificates spanning a gTLD are malicious, and clients should reject them.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUbyqaqZ6TDXuHriOYdyKPrjLW/BwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQNGC1eWUuIoYo10y6Mjr/5OpIgHNgOgtSba1SU\neWtA4npkaFUxZNUCfKoK4MaDUn1XftO283xeL06YI4wcX18Io1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUWx8EiXR0wSW/1I3Dk1PYHHaMh7cwCgYIKoZIzj0EAwIDSAAwRQIg\ndXmmmov3yzVWsD1d/iyeObnocHQsOoTb7VbU/FFJauwCIQD0/IAf6LEUVEQ9GInT\nFVWtThAoY6BID7Uu/hrqzs2eEQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUdxVlcG+J41kGjnkRcVFZRBS7tqYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATiIt95JcaOZZkwYHpI4yZFGmBOKun02b77yO5N\nAziKtdxZCnyZbaFQm3A0S6ELDOBPDkGuOE/wZ5TC+BWEjzj7o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUUgGT06QMvKPsqBOeuKB4oBVXfkIwCgYIKoZIzj0EAwIDSAAwRQIg\nF9A0DZCHPSg91hOX1UqflAYDE1S1YuZU7c9X2ZD5w3gCIQCvdc20iO4QeZaPZW/D\nj3tdFc0bL0zwsuD4OTGcakfo6w==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqTCCAVCgAwIBAgIUQyjOVk4LYH1wSsZdy9o7C1nXmKkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGl1TYviTdPxPZpqwZeYrVBCWEAtKV3uWXCU2uAQGhRF\npmA19MTPh3+MVld7xfX6pRPJZWt8/hNBBickLuEdIU6jdjB0MB0GA1UdDgQWBBS7\nC/tmrXojvlug3K5b+Bd9LgEHSzAfBgNVHSMEGDAWgBRbHwSJdHTBJb/UjcOTU9gc\ndoyHtzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEAYDVR0RBAkw\nB4IFKi5jb20wCgYIKoZIzj0EAwIDRwAwRAIgClIF50Tc0UWlVc6Gsg14pKo5kFE/\nrMFtORj/uZ1bS9cCIDfqECLpLunPdF2HbeqhRaCD+jHQTuRlu1zR97yjsxUC\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBqjCCAVCgAwIBAgIUdz+KWYd3KYgnOtKke5XQMv2mgSEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMkNVkH/A7nrifgGfFUYd2MYn+cLVqNI117+oBqYf0AD\nTLVGb7qL8HHvomxzDrmzd9SO69l1CAF2hmauofNlZ4KjdjB0MB0GA1UdDgQWBBQx\ngJOzKHcmS36pazfwzHxVgbi6DzAfBgNVHSMEGDAWgBRSAZPTpAy8o+yoE564oHig\nFVd+QjALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEAYDVR0RBAkw\nB4IFKi5jb20wCgYIKoZIzj0EAwIDSAAwRQIhALzVyubznt8ifgY9AnqRqh95g7vw\nHwM6ZDComTaucPWxAiAxo8i9/1qHo5NP5b30fQKXfk+4oS16HERAulaoXYXTwg==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2600,10 +2600,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"*.example.com\".\nThis should verify successfully against the domain \"foo.example.com\", per RFC 6125 6.4.3.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUAcHv4OTs1QI68VxVBzquwyfER+owCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATx7QeixdJsQFHGQfOlw08cnzkDqHPXLUsJFsiY\nRkiBbh8Imzuf7gmf1Au1a+JFY9fxiqNaNGiGza2Dk19KrZZGo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUYlFRsK5OXePhKVIJnl54Wp+kg50wCgYIKoZIzj0EAwIDRwAwRAIg\nGt7HtS31StwSo9oKuUHtFuGpXzTYZalmwf4JnEmUaNICICmbUBQ4Mz+/cms4d981\nMM9sMzrkKuQ6h4QXW7U5jU2j\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUOIc8WGHwAMZ678a9j61rvozRdj0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQx1n4H3mjmmBBj7Hl6EqP9BfzpxGSspcFIAFp8\nHiVTX7Tn4ge8eY3Orb7NcSBza/5ko/uFIMNYlp2WxfDz17Ono1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU02dKaHoacw3dDkd83rHtB5SmjfYwCgYIKoZIzj0EAwIDSQAwRgIh\nAL2qQXI79t4dCdbeuMwof7kWRTbY1lwkj0ikhJJ7jFE7AiEAq6uhrIA5hYBsCflC\nj376moiZiicmfFCJwNQPjtg/FHM=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVigAwIBAgIUV8VQCVLoGa+vvQAN3MQL+XfboZUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGqGmWCIC6yeUGcYxLR7mn4Jph/zcbQofZM6oj9RVjHj\nboVLz3jPI0cg9d2R4PYlMiMs9UPZg1A9zrf5pFYwmNijfjB8MB0GA1UdDgQWBBTo\neShdwcOOBvB8DHeK3utpP+99HTAfBgNVHSMEGDAWgBRiUVGwrk5d4+EpUgmeXnha\nn6SDnTALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGAYDVR0RBBEw\nD4INKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBp9ZPq9RinBFsNROP7\nHq+f85RXoWRAYLpnzrP7Lkwx3gIgM8SHy8UiRLNQ2SZ5hSd9ALqz+Q/Fmy4zSPHJ\n+kMIa4Q=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVigAwIBAgIUNW9js9ifkxQ/gGkSpHcBQPTa4cEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABD/8x6237WuqKZqUQHMgI7ttYeNyVdaXF5gfZZ77u4Zt\nABB8lT8RVyBHQLrl0J0ao+GQj+byOd1cP6m58KfZyEmjfjB8MB0GA1UdDgQWBBTa\nvIJ1tqgS6beoQhs0ZmCI1rhJbDAfBgNVHSMEGDAWgBTTZ0poehpzDd0OR3zese0H\nlKaN9jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGAYDVR0RBBEw\nD4INKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEAuQetf9514CFG9SyN\n9Fk7zEPGndTa5FRjQ7dOrnzzk98CIGbYCIKHdlC1ZnjIfJhzFGYR+KDi1HJM9OSh\n8qe4zfcc\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2623,10 +2623,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"ba*.example.com\".\nThis should **fail to verify** against the domain \"baz.example.com\", per CABF.\n\n> Wildcard Domain Name: A string starting with “*.” (U+002A ASTERISK, U+002E FULL STOP)\n> immediately followed by a Fully-Qualified Domain Name.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUFkqDB4tGIwYkqB0acWM3Zo6JAYwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQTOIflAxcqNjSrKdopqjMrHcNTY/lWENBUF4wg\nKVenfhWiidi1hLP5nbfhUIH9rcuW2a6img4MRgOpwCuUMSSYo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUlgFJFK9rFxxASVxj6xB6O3XG3WAwCgYIKoZIzj0EAwIDRwAwRAIg\nc0LdopzlT2gyAVbTs+3NQPeI4hk4piZmSChiou74bcwCICKidvIKLq+SSs20OfGV\n2nf5x/onGgPP+ufT4C/motaC\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUWJ3y85BD/M8zhK5RRdGzKtMbbVEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ8LmmvvMmdNFfaunI6A9zj5CamGyvjjzl1pmxX\n/kBcukDZnkLwdDXvzThVWICsAhqwtjW+PlSlXim0FyDXAwpCo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUX9rYLW/9lny3C0C/0xM/0uPsfc4wCgYIKoZIzj0EAwIDSAAwRQIg\nD9AiXrbyD8QKUItfxDYkOEqtYLHHNCrYSjC+Hq8NFygCIQCCHtMACfC/2i3EQwfb\nVrsZ4LWv+bqsKClMglDibxeQWQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVugAwIBAgIUcMk950KMdcxgwcGqXmqGOyzRbRkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGCgx8FGNyFJ1b8ootG39yYFGTJ8X2BljVFK9Xhqo3QA\n9xnMHDhmWmz6yfYQYRH8U4WeZbYks+YddYb0eMhPiZKjgYAwfjAdBgNVHQ4EFgQU\nswncuFozCoZ8N5TonCJeCyUq2zgwHwYDVR0jBBgwFoAUlgFJFK9rFxxASVxj6xB6\nO3XG3WAwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2JhKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEA8DzRjjCz7lNn\nmyqER7ikClwfXWPIps8/d+9xTrP39TQCIHtDgmXMsFsvIrM4ssb3sXN+88sLAHA8\nRE2ltldQx6AA\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVugAwIBAgIUQiWGZbmdmhSmmjlf3rJipbMcNUYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABFuZvKLP1LrmbcfK6rGuiBvLFXskgeCIOjzdLyL3Lc2H\nHreX8a1d+CpY2Q8ExccpSjW9X25rCx8bbzZyz8vAxKGjgYAwfjAdBgNVHQ4EFgQU\ns0CRxm8RX1fdeqrNX6G5WTFKuGEwHwYDVR0jBBgwFoAUX9rYLW/9lny3C0C/0xM/\n0uPsfc4wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQT\nMBGCD2JhKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNJADBGAiEA5er88OhgbOup\npBB8d0n7EPkblZZQ6Vqi1OqzBbkLkM0CIQDIBsDKeZONXil74cPjNXFdJAag1JiA\nKcB2pfIeER1LAQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2646,10 +2646,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"foo.*.example.com\".\nThis should **fail to verify** against the domain \"foo.bar.example.com\", per RFC 6125 6.4.3.\n\n> The client SHOULD NOT attempt to match a presented identifier in\n> which the wildcard character comprises a label other than the\n> left-most label (e.g., do not match bar.*.example.net).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUTpW0uorSPTxup8Wvk8BIWJJLDswwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAR/ql8e0q0S1seYAhSv7foSXgB6Aw3yAosKV5rS\n53YY+GkAH16JOH/a0Z1AAhizfTSkOsJVdtVzCsMaiwuzLEpFo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUla2Gk1C5II1CcMYglJLXygXAu24wCgYIKoZIzj0EAwIDSQAwRgIh\nAM4XFx2lEiUxDnbF9ceQmYLWn5GnLGfuyiWxyEDuvTyVAiEA1APqZEu6koSgS4o6\ng079eD6lMhMKLbXtQ5ZEzw9xe9Q=\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUQNz+Rt5fvqFtdSsKC4dYcTRkGSkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASozvoKL0e1OcvSwS0E3leHt1E61pugLOQQP9TP\naYzgM5t5J0B1Sz0D/ch5dtDFVwvRm9OrL1+n7SorBsg/h9dto1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU9HAKyyY9ucOMwj0J5SbLMhvhFpgwCgYIKoZIzj0EAwIDSQAwRgIh\nAO0+vL9VHyRWUe5CjutiBoPETQEyaH/HJTHkF2hUlWSLAiEA+C92n+OMCH9tKqBA\n8+24EZR3nHQQ2xOE1VZ3rWCtdPw=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUJI5PdT3DV3esShvyFt9sTWCjIHUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABEL9FTHgUnTJSieHw/r4DUMfkimk43HugKaRwRX9wlIc\ncAqboaqpyVTnhFd+3YaJF2ozQdosfq22qFjlxiLmq3GjgYMwgYAwHQYDVR0OBBYE\nFKxvCZ30EpMBOzlm8RGBfr5nHJNQMB8GA1UdIwQYMBaAFJWthpNQuSCNQnDGIJSS\n18oFwLtuMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAcBgNVHREE\nFTATghFmb28uKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiA/R7twIpId\nO7ATGWAEiv41rAL66msFvztXQwLHXxscbwIhANU+fkEtpdCem94D+HsPmYybX9Lz\n4ODaAA4LwFjUj6mV\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBuDCCAV6gAwIBAgIUYKLYeUuhU2EgsBuuDuslNsiPGMowCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMz5+1yRbw/cUe2PwGQyOFpWnMJaix1BtDai/Nyg5emB\nbnGudS2xI8VaYOop6xJz7QuQGQXISJTVmXyu+RJzpLOjgYMwgYAwHQYDVR0OBBYE\nFEHGuI5fRLbLZGuTwfIJJ9g1e9ORMB8GA1UdIwQYMBaAFPRwCssmPbnDjMI9CeUm\nyzIb4RaYMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAcBgNVHREE\nFTATghFmb28uKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEA1ChilhQC\nhSl5e40PLrFV3OpgRvnkhElkol28AT+nH3UCID4Zu2BRUYGWt95KCW2wHHXcFX6J\n1MnhWPe572j7yCSo\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2669,10 +2669,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"*.example.com\".\nThis should **fail to verify** against the domain \"foo.bar.example.com\", per RFC 6125 6.4.3.\n\n> If the wildcard character is the only character of the left-most\n> label in the presented identifier, the client SHOULD NOT compare\n> against anything but the left-most label of the reference\n> identifier (e.g., *.example.com would match foo.example.com but\n> not bar.foo.example.com or example.com).", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUcMiHumPaC2IDIi1u8iwzJew6b7kwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASLAVxZvv/Ow7baE30WOEl858B0HinLbPU7rA83\nTJyc7fXSs2sl+JHfpDVHRg6AgjazY5sapJ0jdfDbvHeTZl3bo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU/+p1UDhS28GcKVps1Ol51XCv8O4wCgYIKoZIzj0EAwIDSAAwRQIg\nL4hnk21iBdZGsLu6PktWwbvXFZEqyEu/H1ZJ3GgD0EUCIQCpSQpbgDd4pkUJnxgM\nqGHB7vZrXFGMVpBmyoeY8EKdUQ==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUOD2uayDWoHGE0p6+aXfxrLp4K+4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATlaTbLev77gY90zEzUjZi7lb5iIkzK5n+0yxUF\n31WNXWVf5lz6XlnfCKjIBbypxD085xHcumktsUdBj2RQBbHEo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU6vdClQaWuvm+9UaHwwPrPC5DKKswCgYIKoZIzj0EAwIDRwAwRAIg\nKSpOHAnkhn6JIwb5ixTYxQFSVpT0CHbslwcWRv578oMCIE0OQUeIXaZ0Eemmxwg8\n4ugUyPsIqDQtMvZ7n0Z5oLEi\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVigAwIBAgIUGbjvrPSiiYVYKhgH5Oos7IquDSAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABGQVEgUkFgAzEdW9EI+Tg0sSUR/A568VNBRlLpBRSBrr\nUUj8JEpbHann78b3nqbIIM3atJHLyT9OEkCFu+Mh6hKjfjB8MB0GA1UdDgQWBBSS\nTJf+OZezv9mTIsuXMwWdDJmHXzAfBgNVHSMEGDAWgBT/6nVQOFLbwZwpWmzU6XnV\ncK/w7jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGAYDVR0RBBEw\nD4INKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiEAtDM8cyyhRgyE2y18\nbjnSBDUwHfrgYIVrbDT56cieU38CIHVieA6nKmcpmfcouPJJ6s8yqwrQNSLxBp4w\nbp49aXdR\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVigAwIBAgIUYtjowAUAX1eIr/jr1GTzreOmCs4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOl8CVUUSx8lPMZCuAhtWsKYEZl7gb70yFIVOW+md4BH\nFhCxYwW+S5mmcEOmi2z4yQ59JBjNu05FK7ETdXoxX8WjfjB8MB0GA1UdDgQWBBQ5\n2Fn0jwoXaj/nZKtyonAA4hTO4DAfBgNVHSMEGDAWgBTq90KVBpa6+b71RofDA+s8\nLkMoqzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGAYDVR0RBBEw\nD4INKi5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiAk86g4CVMRdQVFHjOA\nZ6Ef21DWDOL/TS01exPL9X/POgIhAKOt4a2wqK5LEIEaPmQ21qt4ryVo+MpL20l2\n186e98xq\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2692,10 +2692,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName\n\"xn--*-1b3c148a.example.com\". This should **fail to verify** against the domain\n\"xn--bliss-1b3c148a.example.com\", per RFC 6125 6.4.3:\n\n> ... the client SHOULD NOT attempt to match a presented identifier\n> where the wildcard character is embedded within an A-label or\n> U-label [IDNA-DEFS] of an internationalized domain name [IDNA-PROTO].", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIULSQHb9QdUpOskAokXzGiNLossd0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQeL8kAv09k15psORqOEbNTI/k6vSl8WtxfbUeG\nIsLedNvFdTgFH7oTx0ShGdRm7WRBOdbKkuBz8tIHByMzFlFco1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUN4UFoOdmiUWATBKQWO3o6AE3g/gwCgYIKoZIzj0EAwIDRwAwRAIg\nd/jRbQ4w7ntKQQU3XXnrb4gmTqG3endTdoD9pZ8ov5gCIBNThnc/dR0F9/tL7iUw\nSBYIvTnUsXeC/r2ll1RwklwT\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUWg+NM18bldZeDWtlTJ4wLK2Hu64wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATQmuWBhwLzps0KVaHULmA7oA4l/busGvxCWqkY\nv5RiE/8jSwt7He0RTOjQTwHxlp0L+cmFL3fMBeiTugXCFRqYo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUZgPDptDyVrlwzB7/fj0XTNR1sgYwCgYIKoZIzj0EAwIDRwAwRAIg\nenT99uAkMSwJBL8CLay97hLuYDEqpOetIaMxVFwHyz4CIF2wi4/VBb+crFm9FDR4\nJUkZq7cV7tjk5Fkn3Ssz6+oa\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwDCCAWegAwIBAgIUKRZMWCNu8JSIi9UPFJ8x/fExp8wwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABItmzqSnc6WpY4YiBWYZJPJ+M9BW8rwJgHoMc+kwbn0V\nkeKy2bwn1ZELyK/crC4fAbEXxypGxUANSiURIug/pCOjgYwwgYkwHQYDVR0OBBYE\nFHf4SwXu8qQwgFyHA2p+AW8y3Y9zMB8GA1UdIwQYMBaAFDeFBaDnZolFgEwSkFjt\n6OgBN4P4MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAlBgNVHREE\nHjAcghp4bi0tKi0xYjNjMTQ4YS5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNHADBE\nAiBoe9KtThNUxbIHG0qBm4MEbsvTOEHONuxciv8mfiX9+wIgcvMCwofyhQjWwvLV\njEH/cmksySSLQnJ4Qv5scMUISCc=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwTCCAWegAwIBAgIUGGyEdKxMP+xTG8yEB7Ez1pRflckwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOo/2VpBiSKOXcwpHxZCiRnBUY0sDEMEckd0AM0LTS3V\nGC2bVdmB7pm6FCLzpDFk5kHq0bssLhMm6HsQu9R+8PejgYwwgYkwHQYDVR0OBBYE\nFFFmSOvohJ3r3E9zfiipfLGbJuiPMB8GA1UdIwQYMBaAFGYDw6bQ8la5cMwe/349\nF0zUdbIGMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAlBgNVHREE\nHjAcghp4bi0tKi0xYjNjMTQ4YS5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBF\nAiA6yClc2OEt4NvXMYNDk3Nn22MhXTjmJWC/DmhGr4qGrAIhAJQoYOg5zI6uszPd\n4wi47Te5O2vSXHR/O8Q+AEAvHrzV\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2715,10 +2715,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains a Subject Alternative Name with the dNSName \"😜.example.com\",\nThis should **fail to verify** against the domain \"xn--628h.example.com\",\nper RFC 5280 7.2:\n\n> IA5String is limited to the set of ASCII characters. To accommodate\n> internationalized domain names in the current structure, conforming\n> implementations MUST convert internationalized domain names to the\n> ASCII Compatible Encoding (ACE) format as specified in Section 4 of\n> RFC 3490 before storage in the dNSName field.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUCw0IP6OjIKxnjK1i+5tE1lJCaAMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASXFzxklQrTxRJLdbP2IQU4G5jHfvn6fy/HsUOM\nwr0QORw2sUYT8obOOgRqjrB00ukH+mbhS1/LKHBnWg37/Y4co1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUNaZKGSkmstWU74/6h23a44wJ6GowCgYIKoZIzj0EAwIDSAAwRQIh\nANxcdtTbSX6lbdVKxn4+v8vkqljLhj9WY5kcmJZhWACXAiBSRf8xHTwnqlT9E0SQ\nbs2Q9scUFQh5FBOn3gNofWwr5g==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUdCUbO215Kjs2NlLLXNSU/GYp8JcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQCjLjCl1v/AyT9bbC5WtjxuM9H/XKWVD+8SFEf\nuqXR/V21twEc+xc5UA94notv5//vQGXccqVskYW2H+2en+41o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUaPsz7QXwfvyhaBUxtQXi53pldkowCgYIKoZIzj0EAwIDSAAwRQIg\nXZbZ8MhNGNEaVVKTJUUftRtE4lMKowkxgwQvJY/9CpUCIQDMH7guipi0c70cWyLv\ntfZZizXF9qDmuZqrrPOIi7opNQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVygAwIBAgIUZkAR3NvnJTNJ/0HT86ww+PL4oFwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABM1deirwi3fUBx8zaKqk57l8iETdDodr6zqcqeg6jinv\nfQQTMlOrPFLQtdtAmO8wGTTH9mkrGqVax1nMwUIFhcujgYEwfzAdBgNVHQ4EFgQU\ncuIrU2gA0iYeYXiFwURFQOoWuiwwHwYDVR0jBBgwFoAUNaZKGSkmstWU74/6h23a\n44wJ6GowCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKCEPCfmJwuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgKBQe7nGCsOAN\nAMNjxYGQAyFoaqltvOxh8bk8m387ziACIEfqTmebpiQ8hDdaCepeDT6xS26rcOgD\nbjMm6J0d1XoQ\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtzCCAVygAwIBAgIUFGDiv6Gf0nNacdCBC3t7SVfanVUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABHa2r/tBMHfL6e+VclqAcnrdQBC+COWJr24OXzWsEeQU\nxtayrBBAa/noQvT+Sc67zV+yE/gp+bO7oMZBHA8h/SujgYEwfzAdBgNVHQ4EFgQU\nIbpZfCbdt3NVAwIKBEC14dbFkvswHwYDVR0jBBgwFoAUaPsz7QXwfvyhaBUxtQXi\n53pldkowCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGA1UdEQQU\nMBKCEPCfmJwuZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSQAwRgIhAIxgx0MBqhUD\n5bMD7IlpiQZkwknRFdtREdoEfUFR5NGoAiEAjpGRhVNW4KE6JSnReMBZi82HXdA/\nBTevc4V1zVbnVDI=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2738,10 +2738,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe chain is correctly constructed, but the EE cert does not have a\nSubject Alternative Name, which is required. This is invalid even when\nthe Subject contains a valid domain name in its Common Name component.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUS4fEkYF128rA9EYY0LtLJ6HKxtAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASH8lWJVLva5juTRixquv69WBleZedOI/o4CxKl\nITF2fG1I+HC37tQvSWUKa6Sv7kxMZcvf6uVfXsuk1gEyaGiro1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUwVxzoYiNoHH14qd3w9rA++EOAfYwCgYIKoZIzj0EAwIDRwAwRAIg\nNjQZ19TcKc5sg8I6VmKBU8fkeKTCOiUKPpyqYd7e7OECIAVsC5u7Fhe7BvGJKuNS\nouKRDgAmIt/5/4cIXKnD+L1P\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUKtnTv+xpCMAnEicxeUbs3TxVLfMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQAA8Ysrhua71mEJOFr32oCkLyS6+uy762DJNth\ngp2/ZuESJ0SNr+JY/hCOVf9YOZ2N7mlqUaYzSoWDM9KJfffdo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQURqmYUUpqq70dgsosHQYnxNXNEtcwCgYIKoZIzj0EAwIDSQAwRgIh\nAMzmLh2/s6MASTBYl5cTDz22hCoZMRbX//waCYB3/bJyAiEA9evQxhtmdHm/9WrV\nQF6yS4SnOAIW6iqLgoj627opVpI=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmDCCAT6gAwIBAgIUX83HdS+dR3sbrV1mikjokbErLw0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMAvnTfNK0U6L9RrX68sYQoDWXqGPvDYnnh6LWWGKw8f\n4E+Yib7jH8nCL5b8EJyYzH7oLJIxqw80lXdK/zrqIzCjZDBiMB0GA1UdDgQWBBQH\nGliGHv6kiZewhtcW6lHLXCtWCDAfBgNVHSMEGDAWgBTBXHOhiI2gcfXip3fD2sD7\n4Q4B9jALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0E\nAwIDSAAwRQIgbbxKSR83qu6Y4o9YDAuHjUdmIuAV9FQXTtGGBvSQoL8CIQCm4qg7\nAnuWTvFrVJ5AZXMdPmZ2404KBNKkgcvXma/Wtg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBmDCCAT6gAwIBAgIUThjwx/M6HPM9Nsa1O6s53Sq0dLUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABMP9qoWB3vg77c+pCb8MqxBq5TVKypIzmEXKm3ao0Kpi\n+jR0HuykOg1aIxFCeq7b9S0+bZFWThMT/DX+EfZLMzCjZDBiMB0GA1UdDgQWBBR4\nEmMD+8doiZsUuKEKJOzYNiuIaTAfBgNVHSMEGDAWgBRGqZhRSmqrvR2CyiwdBifE\n1c0S1zALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0E\nAwIDSAAwRQIgeg5Rs/bf0xN24Rp6SFXRVt61n+ek79GjTNUje3zAiVcCIQDng8Md\n8YIt/LJbjt+iIBSyzSuEH7J6YAnXVeEzNsKtWQ==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2761,10 +2761,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert includes a critical subjectAlternativeName extension, which\nis forbidden under CABF:\n\n> If the subject field of the certificate is an empty SEQUENCE, this\n> extension MUST be marked critical, as specified in RFC 5280,\n> Section 4.2.1.6. Otherwise, this extension MUST NOT be marked\n> critical.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUbFjjBCzyW+jZtoXoQZwf5HhuhZAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQsgq3VuYTZQ/OUbmXGXS3UuzJ7KCFgGE70q+s5\nV0PQpT1qFYTEgC98MB9+6qh7xuJoHnoxSxwOKz0bLhmE28dio1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUV5mduPubL+1M4zuu3RVb9PIU7uEwCgYIKoZIzj0EAwIDRwAwRAIg\nL5Sdu5TyDrmXNYR/q1b3MTMPwZ024gR7P0zRo/9554sCIGVhpo0lTF9qxxZp1G+D\nrDRVDNyXuxMnY98FeKvcE3XX\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUbcQGzha0g04D3TEHHcLHjXoKj0swCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATsnSG8aN7oP0UUFfURpi51uXgzsa8qAeBNCKeU\nwWCB62Kq33sZyr4kpGWx3HuHatkD5Koo7CgCMm/MVUwjQ440o1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUaFBbBF9vYhFVTVYR2cceRe73SmAwCgYIKoZIzj0EAwIDRwAwRAIg\nH0s7/1/djZTrHfNYGnyRztTbYC2sFPNPAZiv7polMFMCICS2lsxDFzbjpqsvUrZp\nvGaFwyfKrbk4N8yx6ubwGR5S\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVygAwIBAgIUDNuxW++r46FokevTs9ho0Fqf4d4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAZMRcwFQYDVQQDDA5zb21ldGhpbmctZWxzZTBZMBMGByqG\nSM49AgEGCCqGSM49AwEHA0IABEWYWti7LiHN3ml+F+Q12LH3wxAqQ5+XPHX9BNJb\nWb8eusBuIWmRoyCabghj+NhOBoOWQ8DXuG9yUlhL3EqE51KjfzB9MB0GA1UdDgQW\nBBSwakXrDCj0Ai/UZb+g3OSrJK7o0zAfBgNVHSMEGDAWgBRXmZ24+5sv7UzjO67d\nFVv08hTu4TALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0R\nAQH/BA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDSAAwRQIgNh8bEhaIfIPX\naMZXjtXPyZoYzdYFbgzrMfSbMNkqpn0CIQCaRe8TfVstTlOMBSKOvS1VfhLXlFm6\n13YXhMujPE1Hmg==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBtTCCAVygAwIBAgIUObDQxfxh69kHQ+59BTeUqS3XNkYwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAZMRcwFQYDVQQDDA5zb21ldGhpbmctZWxzZTBZMBMGByqG\nSM49AgEGCCqGSM49AwEHA0IABBGDzbo/Ty47HnpDiI5u9amgbhm+3gl6SO1QMvU9\nRszD3e0SPE8e4n0ILj2wjZvDXEOPQp9KRienIZkdxJTBQQijfzB9MB0GA1UdDgQW\nBBRytWoI4Y+rqqQlnrCn5UVyMeszXzAfBgNVHSMEGDAWgBRoUFsEX29iEVVNVhHZ\nxx5F7vdKYDALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0R\nAQH/BA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgKVOabv9DFruk\n8are90XbOS5Zc1krEk82tVOB2VupLvkCIEnYVvjXvs/9ZeLeUzKuHQI6sKUMYT/I\nBWZ45WQbtjag\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2836,10 +2836,10 @@ "description": "Produces a chain with an EE cert.\n\nThis EE cert contains an Authority Information Access extension with malformed\ncontents. This is **invalid** per CABF.\n\n> The AuthorityInfoAccessSyntax MUST contain one or more AccessDescriptions.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUMXWMSheDr5p++VwP1fI8Y0TNz98wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATBwvMjL2M1PwdQE4NBdaqXx/GhEaoWQKb8RWZw\nBnCnmpP4mE1+SJmLOySzO3bqHqr9mKzeo5lEo3YoxQThngTvo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUIzsyWp0mjY27ijn29lAuAiJYl/4wCgYIKoZIzj0EAwIDRwAwRAIg\nbYnuRF5gGgRfv44t954Kb+W/qqvbcnP6upJ85r51fOMCIFbAgvM/bQ44YAx3OsX9\nWKfUdoyIQnlE18jTlJ8VG/DU\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUEEfzcWdsgdmN20hGdiNON4+TcWcwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASl7QF+eK+OKrjkA8EmwW48pyrxdO7dR8Qm/I8H\nokNZQ7GXsNE6Tkg09wDIFtu+0XMsCNlH3m25kmyYCs/GK42mo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU6D3kOuJQkjP34rV37HaejmKlVQkwCgYIKoZIzj0EAwIDSQAwRgIh\nAIZ/EUy3wMNA+TP3M9go/yZ09tWHiZR/FxCNgYKHgdheAiEAtGjcISePYSMeHpnC\n/p8xjHB6WVmZFH8jypmAVnrIxv4=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIByjCCAW+gAwIBAgIUIgRz6Fi7XrzgjJn8Mxj7/vDDhOwwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABNAUtso9NP0QfmCP+1o+LXi+7DWhPlMhwYj3bVQb8jfK\nup1InqM1QQ7sKeZInJwYVtXdQ2eZLpGrLTkLzorGcK6jgZQwgZEwHQYDVR0OBBYE\nFGYP6ciMXr2HlNSK4PV/auCSpKR/MB8GA1UdIwQYMBaAFCM7MlqdJo2Nu4o59vZQ\nLgIiWJf+MAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAVBggrBgEFBQcBAQQJbWFsZm9ybWVkMAoGCCqGSM49\nBAMCA0kAMEYCIQDLKr+ZNKTLEX4+BYiRy1f/fFgeAGfjN2MoOze6WqOjwgIhANpS\nUYU1amPn9tGs0gLBvTRsqdovU+gFCuNrgjlMWXsZ\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIByTCCAW+gAwIBAgIUFSycMZiJD3EYxcj6DpnM6/H//kAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABH3C7dxdAK1045vl30YJUSQfJQup2ND7ldcpMqfbwXW5\nfJNWCCje0GS4yz6h32kpLMXYaW2KxfcSveglqAwktqSjgZQwgZEwHQYDVR0OBBYE\nFFnldCST7lUi/ZgDmTJ2bczh+T6cMB8GA1UdIwQYMBaAFOg95DriUJIz9+K1d+x2\nno5ipVUJMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREE\nDzANggtleGFtcGxlLmNvbTAVBggrBgEFBQcBAQQJbWFsZm9ybWVkMAoGCCqGSM49\nBAMCA0gAMEUCIEvqBO0Pqkitie6N4n5/7hbHQsNughJ3LVnHoWm4M1YXAiEA0sJj\naaxOp6QZtnuzvneZbu1QCdTxJLE5jM89XyHK74M=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2861,10 +2861,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert contains a P-192 key, which is not one of the permitted\npublic keys under CABF.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUO8oiCcIEf8Niz690AvrZIIMDMFMwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQE3RABpqLVESpTKya4oDavrTXD+Zjy47z6I1fh\n/p6DupOKH1LrMBrTp8P2LB2OL6jgKBUDMGQjeek0BW3fLBQXo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUjqucQFuviOx0Ry/veEYs4IadLYwwCgYIKoZIzj0EAwIDRwAwRAIg\nPLQSDnHQQWo6Df8MbmXCmhDV1KJweh9khKm5KlVtc1ECIB9fwrIvqOfF3ZmGNY85\nyDLdNDJXO/IO6knls2TyGRIc\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUf6XlBbQGDvyI0JMC8txlQz7QDRIwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAS4K2I51sJ8XSgF+HR2l7r3y1zZVVN7Ou5LKjRq\n5rhEe9tCV4cg+o+Fh0oUFG82xMtAtcs9GvyohMjV/YFm9ByVo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUGhmFKRjYKdzK7hJauMfJzuRUGIMwCgYIKoZIzj0EAwIDSAAwRQIh\nAPVfeBJ2bJnvJgmiw+ZmDCcDJr9P8P87+CRwL8X9NN8VAiBUW6N67yKTUEt9Ik3F\naIUmyjJ2AWCNWdKX507iWK/v+g==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBoDCCAUagAwIBAgIUTgaWVz1PfsOzz0qTXxWxCJ2j2AkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBJMBMGByqGSM49\nAgEGCCqGSM49AwEBAzIABOd5YIYabhNz0jD9JM/W8EyXRw1wa8EIp6t3nIN9jFj9\nfsYDvP46XOOGKZ9m+w6y4KN8MHowHQYDVR0OBBYEFIceUMZl22x3DcrrRRCciF4d\nyCkLMB8GA1UdIwQYMBaAFI6rnEBbr4jsdEcv73hGLOCGnS2MMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNIADBFAiEA85mrYFZrVTQwiGB1Hyv32Pu1+czARYIcnGhROoQ8\nrUsCIADqHkN/nFg1xT+5hk/n/l9gxJG6W4ehIQM2QRsdcwPY\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBnzCCAUagAwIBAgIUKqGkZmDTE71Nk7swIv5gJNYo0DgwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBJMBMGByqGSM49\nAgEGCCqGSM49AwEBAzIABKfVp0mvG4KTsHB0eZZwXjhCg/0t18OVB4V9OXtZfVWy\nCbk+31gi87p9oX6r9D+Qw6N8MHowHQYDVR0OBBYEFKpex95pXxfLQ/L1hfuhsllO\nElXiMB8GA1UdIwQYMBaAFBoZhSkY2Cncyu4SWrjHyc7kVBiDMAsGA1UdDwQEAwIH\ngDATBgNVHSUEDDAKBggrBgEFBQcDATAWBgNVHREEDzANggtleGFtcGxlLmNvbTAK\nBggqhkjOPQQDAgNHADBEAiBIHaK1BunYLiX86gqE2UdZQq6iTcrtAox2W/rJn8dq\nFAIgY9Yst5wC5fUjuP7CYMXNQYIjHoEg5I8htUoPCDgnDQA=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2886,10 +2886,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert is signed with a DSA key, which is not one of the permitted\npublic keys under CABF.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUZl1aFeNOTB3EK+NQi1mmaNQM0M8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQmtms6XcF6XUoxtn0mldEnigcRdJ2h++D1zlY5\nBN6riekgnx74Medjv/+D3zKuQ9MWya/fqZNEd+38PobjxFozo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU7aggcyJMep+UJbdQTgshmVTb/mAwCgYIKoZIzj0EAwIDRwAwRAIg\nNOi/ykE3SzXHjgHutZmrTi1dtaC4KMxoMPnldfCl/1cCIC5ioKMvLVQjFFH6nsTq\nyp5NBPrkP7k8LiRXcXfq53dn\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUAyG+VvzxKMqjqO3Rr6RWu9K4qdEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQdtLKlktdt8wC9vnJKLv7nhLDeZX+BeAsRTSMZ\ncO8NL/enpSFDuzODESCHH/C5fD7vgMIZ8y5NTMFjzBVRCk8go1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUWnZHqvsOK0+lTezDBwEYxJeFMuwwCgYIKoZIzj0EAwIDSQAwRgIh\nAOLUj69gTUwYUKr5GVeWtdQQyNpaQgnWN/dkzptaRGtNAiEA836WKLEVDeSzqyyb\nH95qChj/0k5nUJK58fkSrh+W2cg=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIGHjCCBcWgAwIBAgIUGjjTXbWvk+j/fFGwIsp+EVQ57PUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCBMYwggM5Bgcq\nhkjOOAQBMIIDLAKCAYEAz+vV+W4KvpeWIlamWYPyHvsXWJloK+/M60ej3bghrJpK\nktUL9eHtLIqI3shGzw14pYEbRp/xQ0l6meZpzhfP+FdeLREqY7iUYVH2JurBwj93\nXYz2kSFlQxc7+LlstOej+//hhYzhvx+2QV53J0Dy77Cc58X6VDcHljyze+fsc6GP\nKlsHTyv1z4uvaJ4kLYbjMWHN2J6tEH02a4uDf1pMZZtMdy1mJlUNgCxmIzztiED6\np5sgaQF8t3UdTAA49xSgi6VLILZFQea9FQFH1IXGhh25Fg0ZT2Vc3MBvbE7VfJCr\nTBd0dsvVU0YuzrAooaSXw2TmyI23BHfYZxGYfrRq47ocgHTCkwLMSq2C+Wwmawo5\nieieJblrjkGbtfqMRiGFw0ZS/7YzWetW39b3ZOI5QnHHqCOoAxZtAHMsLlJJqUFd\nqF6T0JwQu/4fhOPZ4wKOIt4ebwR9/YmBqrakIM88sMjhh53F3d2eoOi40k2qkppT\nyNIvx/wNNWQD1MSnSLJdAiEAhDdqGfhSl9xA7lgO0w1enHEd3R1vg1aKK1xu2cNj\nD9MCggGARM2/8guq1yOZcoiBFSrWZ8K/tGxdqvKoJLeeTd3+MiI+UVQ1qotkPGO4\nkz8u9DY0Ck3zxIZ2KYjCt4Y4qi4N2KmbM57tC6hnlvQP02nlgJUtQ2kfWD7iIxXe\nMAVCzIeYSZgL+in0zu+YT7NMshOSJ8Pjl0EORhxU3Uk2nxmhBTemalFCjtOcNQ1b\nx5poU1Zp//8Gyr9Xr/RXy1eRUBwK2UaX+9mMxhdQ4gX00E6IqN3KyWaqZd5WPBVZ\nINcF016MzRxOdbk0Y1/uDhi1f8N4BlmpZjWU/SUiU8kydRHclfKFsYxj3823xrHr\n4GH8VFd8o8qWT824y/SXI6vYoyo5S5wR7/0JVdl9edn9zhwCDsgAApXkDwVMhL+x\nrlr0m3fib7lrp2zPPwBML+dD/SKg9liC3oT4NTHgCKFzP5YLE0wJCY44RjKaEpHE\nf4tBIGPq+ASOKYPJcXHBlUsLqiLSIKejC9E/s/UmLKQPkIp81hHlT2MW4P2cSmq2\nRRKABLhPA4IBhQACggGAY/qAHB7NQs88PL+v1Ozyl9hK/3CzmTm6XhBMHXHCD9uU\nwR+QFzHaNPjAL8VmJuCmvC1WoVCTdzF7YYC4eKM1pjhNWlyCUTMpAyEJfa5kKZix\nLoXypTi6jhxACw+s4aT5kayQ87rIzejVHgvQVH9o3FrKivwW7o3HQQrfD6uOAPhf\n6ovNFfPjDh3+CoPb6KADAxPulacP+XTl3abNXTVEtMEvgcNUKnTNkcOvxF7hDi5+\nxxpdKNmg0zxiXsjYVh0ziqXujrK4Z50ogt2eCCyCmR565hvdoNyDbJz8GfKhlWTI\nAzGjJLLqG0rLZytU+c8ZYF7VGuR+6aFtW0b11QMiFWbQY/lyUYZKTBzeSOzpILSm\nEtsFKnYUNXAdPVz5hgRw/IsJwmDZ+GR5jGRUIMZHIm6JEMdiUb5C1mNYkOhhUcG+\n2IwqJKYRyXpQdE1qNNQwkfnkwTtX0A/ayFfqS7reCtcIXAiBCHdQMQVwoEhorNRp\niSLfALF1r9zh6iYmzamto3wwejAdBgNVHQ4EFgQU9WkZhAouBNOgCcRpZr7w6cYv\nnMgwHwYDVR0jBBgwFoAU7aggcyJMep+UJbdQTgshmVTb/mAwCwYDVR0PBAQDAgeA\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoG\nCCqGSM49BAMCA0cAMEQCIAGP0gyTYZSVDPvudGBMYBx7rg97ZqQrUVuln6NVCWOu\nAiBweksCvnCDx4rpEMHTqup5KLsLgSWL32jORPciH6ecZQ==\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIGHzCCBcWgAwIBAgIUcr7XVNdBvX95J+AaDQt8k2xKe5YwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCBMYwggM5Bgcq\nhkjOOAQBMIIDLAKCAYEAiq5i+M/r61UbEKeLZ3EqobFS8LAVZyhusmuOh9KZWS6l\ndhTeiNkpdmzbFPwf2XQBjpam7xebmoKukIA+6Nrn6zD3xIPAIRtoNeMnmyV5V75g\nqia6zgsbfXXLoxRKpq8KMFoaBdFiYnIYfqlsbIx2VbWghp882H1/n1swoCjo1+/f\nEAGVzWP+zt+GsVThnAFvMj7ypAWpiH2xhfns1zwbGuUg8xfOAYAimC6w0mAWgnm8\n3PIsta7QXA49/9/1lSCtQ60n8nPr2aP3BUXSvW4+aeMTmI/kXdYZzGYSbbzFkO0p\ngLXz4Ri2+S5pse1LY925EMAS/PT97RLlLjvUj+HwKiEqZ7Lv21Zkp4mALqZq2m39\nhK0/mHRdWt5JPGiy4CdLvwrcSoEHcKhuD98SHB46Z+FA/8jhmbAaxJVIz+vGMMMH\nZQC5jt/LMdPOFymhbkS+lb6F8TT3XI41n0zmL22DHCiQXQT5eeUS+pyYLPIeSQ8G\n/4JmBWpqFkWALU5T0Px9AiEAnuqOfkO/HaUimeL9bi44PCNhamF9kCiMNla2dvMh\n0KsCggGAQQu0Apz5RmZrGciiyhSTM9DN/nmFcTX5V1kxGcyikRY09KqNszovEZtM\n4kSrqa+HG0ClpGw6+MkYE3WeJ4PwGIeetlYB7ibimC4cvTy0b4fLqhCIlzI8ERIe\n4ibhlhmmRxyuDhVP3vY9WE6h2M5FArG7ylUH6usZ/CpTvJsJxZDdyLsh224UBkQX\nUNjmaqPYgRwGbOiwWP5gh6kuo5orKj5kGYYniO1JpXPbLFM9t+2MyQh/RaKDc9WG\nl5e0wsqDVRccsYclasVJB7qV6cXyy1iZHcE5O6WPc7oYIdZTzuNXnYRxx2k82uWv\n70980SR7TGqezJrWEcJl9l1Pr3F5HcOedBFIoraFEKaQ227MDioxatfdoA1R7g6Y\nRgvHe0EcLCu7vltdE4q5ePleCtZaR3OA9mzrbNxpTt5LE5cL0CQ1g4+fXeZRZU0x\nftRbEiO3QaGcxWk4iPo6FPNYNhQ8dn9pug9IPWUQrNaMk25biTMFOpumq+9N/rhe\nSa9zTtdaA4IBhQACggGAW94pfF0zkqayNNkbR42jQSncljPfvPfEfpm5oxOlGW4C\nwjyQ71SKXmG1aXNes3maEybu7VFYvbFagYWeKSgxWfCvbihzTtfcL9CnHpvAfe1x\nuWsIrP5+INMGwaKTyNOBnEesMW9HpgN/5FYgdJQdLHQPB95smr2h6l2zdwXIEl85\n5BOq1S2eFbWR9d/c+T8Tm7BdGkX8psIhRgbigY/rUARHvAybKohYekz4L73w6YaM\nsQ9dbn17gsAiZUSc1h7UORkHemphs21jHiyGFr+dUaR3ZmBUpyJ1lXNnVyl0gAZG\np8q+aAaKnTlHMf/HCWacJlsbzjyp/4CaGVNOshAE8WrzfeNh+NJDr+6rR5aLScCQ\nesvfjSWnd0+JK77qfCKMwVTZyHASGKcEeKwCbO2l436/8O8X9cY/LbwMVezISj22\nUeOGx8sb3AXXr5nvmMnXsVL32ZrbiivDEESdMEB5DOYN2GNRkwiHCsYJOcK0Aoqp\n0prlRMnkPyoiYy22ldJro3wwejAdBgNVHQ4EFgQUDIc4byS2G1wxxUo1EfDabZZq\nkG8wHwYDVR0jBBgwFoAUWnZHqvsOK0+lTezDBwEYxJeFMuwwCwYDVR0PBAQDAgeA\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoG\nCCqGSM49BAMCA0gAMEUCIG/KPVUXM46tWTBVwih1YDF0JryIYPg9Ycli+sYGjCoN\nAiEAy/PxPVYqVDnqrtz3d93WyreV3vMlF72aaq2CEXspwS8=\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2909,10 +2909,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe root cert is signed with a DSA-3072 key, which is not one of the\npermitted signature algorithms under CABF.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIF/zCCBaWgAwIBAgIUIIIQZzO7OpI3/uXAwtbtuctzbr0wCwYJYIZIAWUDBAMC\nMBoxGDAWBgNVBAMMD3g1MDktbGltYm8tcm9vdDAgFw03MDAxMDEwMDAwMDFaGA8y\nOTY5MDUwMzAwMDAwMVowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MIIExjCC\nAzkGByqGSM44BAEwggMsAoIBgQCAcF6V8dXREKdoPwGtVzqs/Jvwsj81RUhUHbsW\nT9yYsLO6IN+zWxRCklQpVJGKahmgXpaNX4yiB9fMZxFrbm8CGszw5WNxSQgMjdfv\nya0jM3qPJEKGeHXvx9TGIj+MqH2oBhwdKk5lMSAnGo+odXlMY5DkTjiMH6xDKIOo\nO3dzcFbJdTnfNOGcG49rIIgwf2wC5lCyQ1vcQL2AXt7npd/gTbl5dnfhwUQ8GtQ5\nZWa0v2yIUs60XwsIprNSE6YvsjMMAfBG/8/lZ4OG1Cr+TO9wtiva64AsL013FX+G\nMlPJNkFpC2VS7Lh19RyK2wz32SozO1WvEEvkVYDYPfBsE06xkxg4fo8NPGAjRL2E\noizav7/VdT7OoXrUVxl3HX6T69ay0xgfZchCE/6Qlo6iV65JNE8vZ3cG/faEdOSi\noyXInntjLljp/YOU3zvH4YHwmdCcWzXJnJs7XWAaQ4JS3xfChhDK9NEMoaUV8ZYN\nxcB7L1C77fIQPOWVwS3bZCMoKLkCIQCKrG/9cSB7ME1h9frVWwAp1ieQ5EhHSvcD\nIr1Bz9IaYwKCAYA1H7Wz+3yMzZife9cJxbtjjuNcmA2p66lv+UiW/pou6Hp4CpGl\nwGcB0+vuoomysaVckYO67gtXiopeI9hxx8FcwY+aNWyLdPJ/jatThnEj7oXdDZ5H\nzafIPGD4iCwip7VQTtR8l6VFZZxBcuR4DGMqeIlVhlMNfKKLp9j01E9tPDtvN5R6\nH3WljMQl5OtGnxWiDQ065KDqBI1OI8nz1BuPtbbCj6ePvNEh3zkYlz4NXHiRUYkO\nOHLY3p5kUXTzn2qRw/iJoPzVvsWXVF38VwFIBwcJQGH18r48RYX0Mg3GDGlrXJ6a\nxDNbyHoGfgXkrTfDM9LC6H6W94IbtM7zYNAxUldqH0FmsLdYHGmW60aAuVfKPdfC\nzE1CWoRRfnEF6lMeSKX1qVH5UUaRE+49R3Y2KkDqHguSAulTqL/EsCJlgp5lAOKs\n24IaVbBURTq1tnupBICWuNkfLijVutmVVLkC7vsco6U2rEDoTX/XeEvv8R9IjlBS\nnr3dMLf6e6HGDjcDggGFAAKCAYBywJ3Ne4zQlvEMJE8uahH7KV0i0bUgLIuAbc6t\ngGaTgopi4f6xtrdGTShzCHgl4aQiZuPnN74lySLrasjAmcjYoIY7FoP/pnabbHmJ\nY8IDQJ6ut+RDFp7/Frz4QgMCtCxMCZ9B+MKm4/avb5iV4cqF4Xmq6th3rCI0RLeT\nOs6i/8v3W08GaXqvhpA9DaEGY5kwBFaZTqLTtq5R5xdwgJWkPzRgtYFaKDWpn6m4\nifeNuf6VeEnHMR22dDxzMTbDTf9nlaywKi0P0l2b/WqdjcltRgIGnIIIjgDZRODr\nlHVhdG1qKbP8OPg+8Dvrcjf2H4GrBdU3wM5b45iqMp/UnJ+QsvnNKFgpDdVRAUhP\nypQ8f1Boy+vCbLF6S+dT1y7h4xR+4ndPcsNXR6oFOpP08T4xVzPrhVY0Ko2oUCvI\nK+cuQsUILXpo+f+bLHN3l2LMxm69n0dHbHqokGKYoanEIKR5sq4DFtIG9y8vZG8f\n2+jyET47byydE0PlKO0V+98Fyk6jVzBVMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0P\nBAQDAgIEMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMB0GA1UdDgQWBBQVLIDGvqT5\n39gqEicKbudka3obLjALBglghkgBZQMEAwIDRwAwRAIgDuvj6/prHdYT/Hg1PXlW\n9wCJ9rXElEekNvYqSnZykecCIG1DPfOLT99eR6p5Wj+Z1Hbl+GyoKwnDoALxx6Fr\nhahl\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIGATCCBaagAwIBAgIUAwrXcoWstyWi+ELuZMUoEnBhgNUwCwYJYIZIAWUDBAMC\nMBoxGDAWBgNVBAMMD3g1MDktbGltYm8tcm9vdDAgFw03MDAxMDEwMDAwMDFaGA8y\nOTY5MDUwMzAwMDAwMVowGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MIIExzCC\nAzoGByqGSM44BAEwggMtAoIBgQD69crG2Xn7BFzs3MSDP4GWwbMorG9VWEHZXKI8\nAA7KPvETwSk/7c2uGN8JRiuGpmT+uMbyHZNNxpFuYL6skxNyFcTRpBbIsyX6MBbR\nonYh6nhzrzgfFZk1StSUdR0Qhgw+Fpwkr3490wFmGqvTpnWTzzpxR6+sf5Z3U+mC\n2pkpBTErN4vuaE9patkqUr/4BKqsQAixHUEgPGUERvj04HigylPsA+n8iUdurPJs\ntkmIcAJg/VheLtxjYCEV1ugDW3HXjFfnek2RCcnVUe2zA6dFqL3+9Jjk+E1VaesX\nZu2dPiuUTYsU9NlP89Ifln3H3TI1RLj3qvFkCKBQHLnVqNnYyL0T4t403zOQj2xD\n6YqtAWsnDQ0x3nPwswaKWdgM83BchMNwcpHD4meR9gWfaQLtgaEMNwZDZXx7FE8x\nu8bzqCMpWO3/Or5uPOZhqRsnZLrH12VaEFCdhAFkcRq/MRT1OkLIsOlB49sPIykJ\n0wce52s+RQ73ac6Oc28t82mqpuUCIQCmWjd+xvqX0EmUAQOli1UmQb8/vFk2HW1m\nrsYtuk168QKCAYEAy0YxO2naSTICJ+rQ4+52yMPXvASPwM2ivW5cjma2shW5GUcP\nlZx3ELhed4ck2Ubsq1o95P+kFiJzI/QXAhvJb6uBB9xQjWjgILGN+7pTx02mcQw6\nlwaKLvlkoAR6ucgC2Tqngck+4SCmLrmoRlnJFPZPcQBluBVLG85STuajcuSNQhQQ\nNaJtz8FfYYpL2XIoQ06obRqsw6QQEqQMM7h57BDSJuEmi5ShIZpM9a0M//Lb3r6v\nxlH56NUIGF6wtLZ7bU/TWoDujFJ1G80WADlA3g63hm3KlcZcyvFLwn1QVJCpCSQs\nf8N8Lkmkobl0XUDGVAUD/0AFPc8XtKbvY0bebyTK9P+xfGPJZ3r6xCUj6u2uwbeK\nb0XFCtBIt3TIKEAiWNhIFNhYB70EXvyKGQxeNXgh7vjQnwlG2Tv4awLC6B6iq0fw\nXNfWJTf6erUHATSC95WVouc6qP5wbH1E2aqx9+nj0XiNVUKo1FzzsWATV5nAQrCk\nGncrC3/OxaWykzgWA4IBhQACggGAbpsPcU9o16rn31OWmK2XUWUy/mSsAwLWoq26\nMBVjQQ/gGNIhKckv128qZS5Ls7Cs3VzK229+K/ZXp1KKZbLaaezV9EzrgaR4TR75\n61zYS9Inksy8b6kWUhlDVKDUBHoKezdruxJ8x+1RDdht2bXTdUV+jCDMz1LeLiyH\nbIW0ksH50Pgr35d4p43PVPiTXwrqpfVzzeQPv2jQYmLJdkY4PhdPT3V+ilstWU9K\neWg5l1Ft1IdcnwqSpcsSsXQjSKoT6pKzoCa68xr6EpnhFKFVXrltnCpeJfe0IFDa\nwd/NSCJJ8kzfR/RdZCZUYYssP6Q3oyJVW7NxwqSZaPuuehjjxH/xPykEYr1qbBgj\nt0i0QcmyRA/yc8cCEblpE9c7O1oxJpsE3yzJYlo92Ge2Wh9EgPKSVFySLE04CdFb\nC/c85SUQ7b/OMA+VWACsLn5W+8z1ZtpiGTWcW7ttt7AI13dhuzXuwMAAkArntwGX\nShfQC79fmEgfgv96g1/GJjBVO5dRo1cwVTAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud\nDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAdBgNVHQ4EFgQU8kkViu/M\n/DajMKgCK6N6iYR1HBowCwYJYIZIAWUDBAMCA0gAMEUCIH/ZjUV5mWsc0GzKauvl\nGztSWWwQOi4FxZNtsTL7iqqeAiEAhO/Pkq7K0yScLRwpqOrg4KGuaQwI02ntPi4s\nUMru+s0=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsTCCAVegAwIBAgIUcvAmcQ/XjEKGp32aiTFkuHI8xtUwCwYJYIZIAWUDBAMC\nMBoxGDAWBgNVBAMMD3g1MDktbGltYm8tcm9vdDAgFw03MDAxMDEwMDAwMDFaGA8y\nOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjO\nPQIBBggqhkjOPQMBBwNCAATpQm5KD8fU9zPo00J7VE2JlUdrY3oIejekOnnHrmT4\nxVvKkYoAblM2rz/uuWmfTq+B7SNguW1XHEX2kO4SK2w0o3wwejAdBgNVHQ4EFgQU\ni2V+V+erb7sSL2TSnoex4keSwhkwHwYDVR0jBBgwFoAUFSyAxr6k+d/YKhInCm7n\nZGt6Gy4wCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQP\nMA2CC2V4YW1wbGUuY29tMAsGCWCGSAFlAwQDAgNHADBEAiBq5821VStGGlSvAFbD\nFAZnds0qiIdm3yhBLogjveIHRwIgPu9d9uZQe38ZES2pNPkKf/DObLuxoa3ArRsu\nWdfFs/4=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBsjCCAVegAwIBAgIUJAJSRUv4nxhJiqApIxzgsac2M1swCwYJYIZIAWUDBAMC\nMBoxGDAWBgNVBAMMD3g1MDktbGltYm8tcm9vdDAgFw03MDAxMDEwMDAwMDFaGA8y\nOTY5MDUwMzAwMDAwMVowFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wWTATBgcqhkjO\nPQIBBggqhkjOPQMBBwNCAASQG9FJi3JvVDIKltg4nAX/dLI5Fws5RgqlsidM052v\nnGc/ZGh32qYtoKJo53eckGoOfhJgqNXiY4oATvgAjPKno3wwejAdBgNVHQ4EFgQU\nsUlFiu+WAckFK59c9+JcDdzNUbQwHwYDVR0jBBgwFoAU8kkViu/M/DajMKgCK6N6\niYR1HBowCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQP\nMA2CC2V4YW1wbGUuY29tMAsGCWCGSAFlAwQDAgNIADBFAiAR0XLMJWemDX6JN3Po\nVlHnfh09b8JBDN4EUGPlNKZXLwIhAIFmhItpuW6P6qUL0cIHJyQTNf1v4aIPI9DP\nIRm/mNDB\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2934,10 +2934,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE cert is signed with a DSA-3072 key, which is not one of the\npermitted signature algorithms under CABF.\n\nThis case is distinct from `forbidden_signature_algorithm_in_root`,\nas DSA keys are forbidden in both places but not all implementations\ncheck both.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUUFKBX3iR+j8CQEnGWowD57VuLj0wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAASbM0kiW5+2zUMyhsVcR4pkpDNANJknDk+d0yv0\nCfQScLGyd/qTileQJFJ50qyfgsowXwiJtyyzF6NpPjPLPfIFo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUmfPoPxASeahBEV/1eQ36lG+hB9EwCgYIKoZIzj0EAwIDSAAwRQIh\nAN60z+IFfXbSFlV6DFj8lNcrrLkQboUrlEzx5Fwt28ztAiBEbkU9+zYKjJmvhdbH\nFifMmeGNpvllg8GRU2vBZRSA6Q==\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBkDCCATWgAwIBAgIUFTlZiNXVKaaACdCSVnkymh3e4xUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQtZxWHDE9xqfAZx9UGC5Wjjy61Q2jRh5FJcFf9\n+rfcCkJoyz84GyixF2oE2DNiIr16dEDk+jr5n63nsiGbcggIo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUzfJk1CmF695YHl+T7JKfFq/UiJ8wCgYIKoZIzj0EAwIDSQAwRgIh\nAMvF/Zd8I3eP2JUlBDws8CwE2kidMvYSKr5djNuw00JlAiEA+1WTBNSpHUArpq1W\nB7ueCkqcoWAI6uBr/Z1TofeNyn0=\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIGIDCCBcWgAwIBAgIUK3QElbnzCHaU7Yyyd17lWzqd8zEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCBMYwggM5Bgcq\nhkjOOAQBMIIDLAKCAYEAwG/mV5VpS+fUk6J1HhO+6JFi2sZ0ic/tjV7D9/b6dof8\nDUzxw8GOjEixOKtbuCbnTB/QBOvx38kKM4mWalL3l2VLFYLNQmurKqN35WYpQs91\nFTCk3EgQtev4baesYPblbjrXptB81ABrUM97NjWcPT0DMlwN0ftkZL5p8PIQzEGy\n+JUgeJER6nw3+AirTlmxO+mNWY2mitMOIK6YNnzpKhYlXYmIpg46AHrcVTYhmajj\nnFT7/Bov/AHaikcNRuvh+2ic21X9N/bHpbrK4Id9b7KCQ4UrhBjsgH0cjAmK+w0f\nmNxOfRYv8DohieMSUISyAnYI7tCtdp7gRfKSZ4jt32KJwRKGQ0R4e+9WAcfVeu4S\n219QDgSVNyrXoyZ+nTM5ftVMF45slBs8IFsQfZtLCaEaXigPVnlEuu9Wz72f1MAu\n3aO00w0bw9fuZdyUtVbc0votElGcD6+FpUYXkTgbIejXG17P+PcWqKypV6EupX1l\nL2tfQNP+pTw8BDBFj0OXAiEA9YhSce5tjZBEM/ARIYFJweT2U3q+bCV1J7sAsU6b\nHWkCggGAOiIZmPUfPQbAeavyd3y5suQhB1nyaBhE6eD2YzmcCsnpeWrLHRfQBU6j\ngxwqVEBv8/YUs+r3m7BLAhzDLkx0o068zF44tBekXyTdNyUJuZTPsU+uw1B5FeMd\neCTN6Z4dOk66g/ap/t7Hcc3rZtgo/DBKXX4J2bLlgvQRAL9jeDOvnBrhPbFQUhEd\naQxOjS7kwrn4hNJDJoncl1uX9HwoOu4QYLVqotZf1ngExu4zWO8O5MuvHEZvZ3Fp\nPFK6KRBnNPIaWlNpt6jbrTSTHIzOPJzBnlGhcqY0dSEWEpWfxwpGcGpRJMnexVDQ\nlULg6IT8J3uqW0waaiTJ442EeEorSgkOTmTxwr3GTahxJzDHN5uULEGqoP5DtBxh\nio8m2SIoltTXlD7sWsjxu3fxOmZCt1c66662ft8sqWZmE4tYIKUiMXeCFIXtGHQA\nZqU5TcPKsV1zoFmtrrC4ccU2ArDm8I95Jp9z6d6aCMV1KFIOeNRxaMdiXQwDUJvK\nbL2QightA4IBhQACggGAcqlztlXnlrZwrfiWzB9DLcHmskRMIacQN6Rl9C9YjiR2\nZf1qYs6iOkMEnKA3l81VZ8kjS3X6gcT6zepPAe9hT57/YCMfvunBuUZlzR3XOlKt\n0krOMlIG3uN9lY7Jdt20GdTe10Tz+Gj7mCnADsn2yBF0fg5ZBcMKSPE0yvcLPyJX\nHf9zRwWmG4n7suszJoAeYak+TDqooMiB/6dNd9HQ3CBfRumP4djV7zD3Vi6gdj1X\n32nA+4yxMUyW9QqiuuVUwy+BhcEjOfW31nywPjAIIVVritZVNPXfsUODzYygpWm9\nyHiQooiULlcPnfiNmi0/+F+jA3akDhGQX8foUFylGcjO8zcJFxewLJ72herTQwq5\nTLxadMwCKPjFqlSoZSZlmjEUPFC2YwhzPIbnQ5DsBsiUMZfIPI3Fferu/REq0EMR\nTVZAf+FMiqngqWI8hkzGKac7KuB/plKkcPFVQ394QV+yXJQbay5VY62m9QNwgasb\n88KtmqiT2ClC168uAfx6o3wwejAdBgNVHQ4EFgQUT3VmuMGCbIc7itzE9dxs48A+\n+4IwHwYDVR0jBBgwFoAUmfPoPxASeahBEV/1eQ36lG+hB9EwCwYDVR0PBAQDAgeA\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoG\nCCqGSM49BAMCA0kAMEYCIQCUMqMqJ5JIj2bHCfe4t6bpeWQGsrO4F2T/nWSEKTKO\nhAIhAIcGvoJfFKpCLDJ6knuQOz7kWqwj19rJWLiEWtRdHer4\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIGIDCCBcWgAwIBAgIUCYeCYL76mbvGTbdJ0/1ML2GCbeEwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCBMYwggM5Bgcq\nhkjOOAQBMIIDLAKCAYEA+P3qs0iJkO9OYYsY/kAIUZOi9QdEqfuMeefiQWzPpypN\nRgLPq3wIAVNa7f9AQ/XVDdnMLT+XITqMOKkQafAWVkNUiftk+kGYZHUXyN8VsQFP\n0C6CZVBI4lIbpcM6wgZMCXmRmDUjRJQ5xp6AorVwNh3cZsWEhYVbX1ufi3MblzM0\n8tley2enilnuysDKK1YmOY4OJZA0X8IEfJmFhKJMeCcGndz1QHeUeeqCD2zxTDAT\nqcpoZJyGbizT2C5ZfawOsQQBLDPqHoajGuQCxWLH+Fp0/BFJDoovJi6AkJir5Z8J\ned4KkEehcGfIeE+lYkUgR9cV4MFHJyRZ65DPa4hyH37ZfDoBLbCcmuNUPg+r0vUf\nGE30D3Y7uQKRmB1n4mgMZvTmiPj/WRCa6GhXVxIjIW9S2J8dGVSZTT7t8DQ+Mztl\nuWK4myDUY2rj1lED0+BHkVG6O0F+LBXIVTrl3awaV6CWqkx/34TsM2oexUzpn6Tz\nJTJBpAbyCsa28FXZH6P9AiEAh/mimcMpiTMW3LnzbrIr5QSgiVPAxnKqC63KcVVn\nOJkCggGAA2IMn5a3AQMhWbTvrWSxldqS2IHdu7DrcYxPGLdeKoYlXNmFsu12xqdx\nudqi9beus6VGzJ2Qc413DrFDe0lqfyCo201KDdTR+70026myRl1oK0Jm2qr6ampl\nOCAD3290WyZQm8xKnqsLazzlIvdyCRB2gj3bF12zgUffVj7Ze2Xf9dJMep9FJhU+\nVKTlEOACMYZSk3AArqZwgfnHjA7+gfbHR1YMOsWsJYz4Gq1K2UviAj/5GJRJW8+k\nALczjL1R5XOEeESs2c0z5BXszO3iJbFRbQN0jilSZbC46O/0uSIe3KzDiTTBgGrZ\nxNk5BaHOIx+0lOiQXY323JUW2ucNirj4nUqeaYibVVVghIbIPepyALXgjWm7V2gm\nB/y5da9852RVIGhLwodl9roXW0cdpHlRcqVJ9Hb45liYL9VvNNAYXe656/yZHqQF\nU4nQTI7mE2ZdQHRiSvxM1/SRht6IzsY1tqdVz+qIiI8jxUQ5+scmrt1hz6ZSjXCV\n3ftEVwBhA4IBhQACggGAM/wuRzhDOY42QW8OzAH25c/4wmkP2ePa8xrY17G5nIxR\nVxaohOJB+0xQ4M250eTbqfwo79oRg65V+emyFwIK0EtLPZQTk7F5VC4RYzNdKXiO\naq1x3dv0NVpCzzvXYKhT45KfN3aRxbkdRHY6PcPY49nGOkdtiTjFdUw31eticeuO\n70tBOARK7wY9DRgBJWuwzKUJXypEUeU0jMPj28dULDVqSY3+9N85Cn30Q4McT2cy\ne0AGoJEf48pFNkTTBq1v5v6vfxmk2F9uNxRhXgWNnfrgtxgTEhd5GC/ZtDn0zZXS\neFioivVFTSJFXPRQbKDLyzB5dsI0RlDYg8ZjTb7LMhz2Imt0W1eCByfysAQF0HBR\nxUm+sEYgz3TigAsKI8oFF8WuElREaFZP1Eu6VUXRugGN770AjCJM57U6ZP7dtVwf\nZ1yL1M7sLDPlm+x1ADafP4FkRxySyMVt0sNqzk2Z0ZcgMccPtQnUMdiB6Rhf45Wl\nMskY82xfWe9w96/bPG06o3wwejAdBgNVHQ4EFgQUvSXJs5MGIvM3tNO3zfJ2/ZBV\nLdswHwYDVR0jBBgwFoAUzfJk1CmF695YHl+T7JKfFq/UiJ8wCwYDVR0PBAQDAgeA\nMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoG\nCCqGSM49BAMCA0kAMEYCIQDKF33zkmnS8TbIkf5JfA6qLWrkM1oedLABNT2AgpW1\nugIhALbht3ebfn9hQ6yhnKAE8I/W0W+KKf3nwImNzkayZAqy\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2957,10 +2957,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThis chain is correctly constructed, but the EE cert is marked with\nversion 2 (ordinal 1) rather than version 3 (ordinal 2). This is invalid,\nper CABF 7.1.1:\n\n> Certificates MUST be of type X.509 v3.", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUMqp+oA4/ljs9iJ8tqGvjOS+2K/4wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQ0Rb9dOnewjiIR1mKpYoVGRi8tg2iGQWuDf6D3\np9loaxp1v7bjtW/6wcTxADWoH81j6vXeLZPw0SePkdZC6obso1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU+bQw2Z0XmHHxBP+SoLFQ1v7ihBUwCgYIKoZIzj0EAwIDRwAwRAIg\nSuFrg2D935DCJk1X09xcx1dfDHMD0MhY/PKCDV7wScACIGCVUkSGfYcnIU8IntbC\n25btlZtyiHZIsrTeGCH1QSFq\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUNUjwmZjb52KMpTpyHUuzBuk1SwkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAATtCKT4VmMCy04t8ALDRRjC7mWgUZBe+lfphUOB\naiJkMPzoUGOKjPE1CNAoeGebvSFj5L450XK23PstUW8AMtsFo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUI4YCZ+oH10YRUQG23ceep4GpYfIwCgYIKoZIzj0EAwIDSAAwRQIg\nYdBF16W9ZdF+GVWrUEGpxQSEzWOf9vemmWktEv/Gs7gCIQDvTe3vt+fOp4Nbprvi\npYpTbAEXjayIZONqH1ZDWgn7eQ==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBKzCB0wIUQy8thG3W86Xbvf20WNomzttHtlAwCgYIKoZIzj0EAwIwGjEYMBYG\nA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5NjkwNTAz\nMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABBBFbJILX2d3PBOHtX6A9HFV5fu+qQYQTCshZAxD7Dfsjmqfdfvc\nJBkzR7653uKI9yyGujShVlOm1uzRgirrXa8wCgYIKoZIzj0EAwIDRwAwRAIgAjGC\nJpxHEBp/HwUsvmYQDVcOZbNJlIanPD2AZO+NsVACIH0kK3uzFooVEG3boTHwbldA\no64aShltHbAo49DtbVVm\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBLDCB0wIUXRHOGY30vc1pp79xqrimYHEU/3UwCgYIKoZIzj0EAwIwGjEYMBYG\nA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5NjkwNTAz\nMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABIQIjbY+E51niv8dLT3QZJZ0Hky/nN5K+5k1ra4GgmFmf8hur4Ke\nS286xf2tQRJBwDrMxaQCQEnLo6OxwZEnazYwCgYIKoZIzj0EAwIDSAAwRQIgPoVI\n9ijXeUrTwQBv0omlVcfdnwSP2OM7/LT5rynvTuACIQCom94HOvsoEAa8WdH24ldK\nUK5ODtv4u3gRbfOiAhpG3w==\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], @@ -2980,10 +2980,10 @@ "description": "Produces the following **invalid** chain:\n\n```\nroot -> EE\n```\n\nThe EE certificate has `keyUsage.keyCertSign=FALSE` but\n`basicConstraints.cA=TRUE`, which is explicitly forbidden under\nCABF 7.1.2.7.8:\n\n> cA MUST be FALSE", "validation_kind": "SERVER", "trusted_certs": [ - "-----BEGIN CERTIFICATE-----\nMIIBjjCCATWgAwIBAgIUN9pXg14nUf9RSF9HT4WJrbRoZNUwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAAQbpKXtg2C4mHNH2o90EU1Ezlg9MU9wY7MAA1pP\nOl90qaGhclpJQiGN0WBAfwyPXP6BYEMbpI7Q+jO4pxKpNPhfo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQU7yc6jizdEcqXq9cEThS8FoxnRYUwCgYIKoZIzj0EAwIDRwAwRAIg\nMl7w07C1QU285UM/FL9AZG51GR94IYGC/vZ3x77mPSMCICyntlQFhqXlrtLFAMjN\n+CY2iBh/25geEDkLJCc2nGeD\n-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\nMIIBjzCCATWgAwIBAgIUQTozjFaIhy39h6tRp8l50RNTUv8wCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAaMRgwFgYDVQQDDA94NTA5LWxpbWJvLXJvb3QwWTATBgcq\nhkjOPQIBBggqhkjOPQMBBwNCAARzhUfuBJ4PZmo6FIVqWT5ZW4xbf0U0BrlbL6hR\nmnNlZh/0LWj+BBcqSiZgBtAKorev5T+tIadY5rQT5swsA8/yo1cwVTAPBgNVHRMB\nAf8EBTADAQH/MAsGA1UdDwQEAwICBDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAd\nBgNVHQ4EFgQUYM/dy12lkk9itjSjmZQwYyoDzQwwCgYIKoZIzj0EAwIDSAAwRQIg\nGMvSpZDRX012Ka5Qap7zZuuEVGSDHm/DiKQoWxy/UTgCIQDwQ9fzZBJnJiCow2oj\n4wksbsaYMoKwjY/QxIdl5fUYEw==\n-----END CERTIFICATE-----\n" ], "untrusted_intermediates": [], - "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBwzCCAWmgAwIBAgIUNd4WuHDiZel6otxJryZJI05dGUAwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABBNnmjygIgXu3GY4vG/SWoGNKnDp1vxcZNUbHJrBFdyI\nz4dFHf7opd3DQGVpWv9e4Q1rKE7rXl9NHLYIN1SQl2+jgY4wgYswHQYDVR0OBBYE\nFBHvPr7xL9W7KlGlWZdiPWh2f/PwMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw\nFoAU7yc6jizdEcqXq9cEThS8FoxnRYUwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoG\nCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0gA\nMEUCIGccCL/z5d44AxWkWE+w8vI5kIxHh6Oa1rtGtk4EPBJiAiEAs9GQv5kfGm4N\nCStYg8Ive+BxdpFfB7haKtl2gHa2vOw=\n-----END CERTIFICATE-----\n", + "peer_certificate": "-----BEGIN CERTIFICATE-----\nMIIBxDCCAWmgAwIBAgIULzdYyPhs2qw76DN9IzRkpg2F0PkwCgYIKoZIzj0EAwIw\nGjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5\nNjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABIZw+LwemARIK1bKAsy00r9uAaGiMXUBpdbZlcCLr41J\n6EGmoKGrgfLfOK56f2fmAzRNPyzf7seSijOCscX+ma6jgY4wgYswHQYDVR0OBBYE\nFGEVZU5CWBN/PKe1I9HMUzTKMCpDMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw\nFoAUYM/dy12lkk9itjSjmZQwYyoDzQwwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoG\nCCsGAQUFBwMBMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAoGCCqGSM49BAMCA0kA\nMEYCIQCu5jExYMe7aG0dCXanWs34m7cYnzfJVKgp0/R+/oOUdwIhAMhQWhtlV5rG\nk0gi//LCxvTA8pf5GVlvRTwyYNJucQlZ\n-----END CERTIFICATE-----\n", "validation_time": null, "signature_algorithms": [], "key_usage": [], diff --git a/limbo/testcases/rfc5280/nc.py b/limbo/testcases/rfc5280/nc.py index 2a1abca1..0a99b837 100644 --- a/limbo/testcases/rfc5280/nc.py +++ b/limbo/testcases/rfc5280/nc.py @@ -1327,7 +1327,7 @@ def nc_forbids_same_chain_ica(builder: Builder) -> None: Produces the following **valid** graph: ``` - EE (SAN:X) +-> ICA_B' (SAN:Y) -> -> ICA_A (forbid: SAN:Y) -> RCA_A + EE (SAN:X) +-> ICA_B' (SAN:Y) -> ICA_A (forbid: SAN:Y) -> RCA_A |-> ICA_B'' (SAN:Z) -> RCA_B (no NC) ``` @@ -1335,7 +1335,7 @@ def nc_forbids_same_chain_ica(builder: Builder) -> None: but chained to different logical root CAs. Both root CAs are trusted, but `ICA_B'` is issued through `ICA_A`, which forbids `ICA_B'`'s SAN. - This graph allows validation through `EE -> ICA_B'' -> ICA_A -> -> RCA_B` + This graph allows validation through `EE -> ICA_B'' -> RCA_B` """ root_a = builder.root_ca(san=None)