gocryptox509-go1.22.2🔗

Unexpected verifications🔗

These testcases were expected to fail, but succeeded instead.

Testcase	Context
`rfc5280::aki::critical-aki`	validation: chain built
`rfc5280::aki::leaf-missing-aki`	validation: chain built
`rfc5280::aki::intermediate-missing-aki`	validation: chain built
`rfc5280::aki::cross-signed-root-missing-aki`	validation: chain built
`rfc5280::nc::permitted-dns-match-noncritical`	validation: chain built
`rfc5280::nc::invalid-dnsname-leading-period`	validation: chain built
`rfc5280::nc::not-allowed-in-ee-noncritical`	validation: chain built
`rfc5280::nc::not-allowed-in-ee-critical`	validation: chain built
`rfc5280::nc::nc-permits-invalid-dns-san`	validation: chain built
`rfc5280::pc::ica-noncritical-pc`	validation: chain built
`rfc5280::san::noncritical-with-empty-subject`	validation: chain built
`rfc5280::serial::too-long`	validation: chain built
`rfc5280::serial::zero`	validation: chain built
`rfc5280::serial::negative`	validation: chain built
`rfc5280::ski::critical-ski`	validation: chain built
`rfc5280::ski::root-missing-ski`	validation: chain built
`rfc5280::ski::intermediate-missing-ski`	validation: chain built
`rfc5280::ee-empty-issuer`	validation: chain built
`rfc5280::ca-empty-subject`	validation: chain built
`rfc5280::root-non-critical-basic-constraints`	validation: chain built
`rfc5280::root-inconsistent-ca-extensions`	validation: chain built
`rfc5280::leaf-ku-keycertsign`	validation: chain built
`rfc5280::ee-critical-aia-invalid`	validation: chain built
`webpki::aki::root-with-aki-missing-keyidentifier`	validation: chain built
`webpki::aki::root-with-aki-authoritycertissuer`	validation: chain built
`webpki::aki::root-with-aki-authoritycertserialnumber`	validation: chain built
`webpki::aki::root-with-aki-all-fields`	validation: chain built
`webpki::aki::root-with-aki-ski-mismatch`	validation: chain built
`webpki::eku::ee-anyeku`	validation: chain built
`webpki::eku::ee-critical-eku`	validation: chain built
`webpki::eku::ee-without-eku`	validation: chain built
`webpki::eku::root-has-eku`	validation: chain built
`webpki::san::public-suffix-wildcard-san`	validation: chain built
`webpki::san::san-critical-with-nonempty-subject`	validation: chain built
`webpki::san::san-wildcard-only-tld`	validation: chain built
`webpki::forbidden-dsa-leaf`	validation: chain built
`webpki::forbidden-weak-rsa-key-in-root`	validation: chain built
`webpki::forbidden-weak-rsa-in-leaf`	validation: chain built
`webpki::forbidden-rsa-not-divisable-by-8-in-root`	validation: chain built
`webpki::forbidden-rsa-key-not-divisable-by-8-in-leaf`	validation: chain built
`webpki::ee-basicconstraints-ca`	validation: chain built
`webpki::ca-as-leaf`	validation: chain built

Unexpected failures🔗

These testcases were expected to succeed, but failed instead.

Testcase	Context
`pathlen::self-issued-certs-pathlen`	validation: x509: too many intermediates for path length constraint
`rfc5280::nc::permitted-dn-match`	validation: x509: certificate is not valid for any names, but wanted to match example.com
`rfc5280::nc::permitted-self-issued`	validation: x509: a root or intermediate certificate is not authorized to sign for this name: DNS name "not-example.com" is not permitted by any constraint
`rfc5280::nc::nc-forbids-othername-noop`	validation: x509: unhandled critical extension
`rfc5280::validity::notafter-fractional`	validation: x509: certificate has expired or is not yet valid: current time 2024-04-01T00:00:00Z is after 2024-04-01T00:00:00Z

Skipped tests🔗

These testcases were skipped due to a harness or implementation limitation.

Testcase	Context
`pathlen::max-chain-depth-0`	max chain depth not supported
`pathlen::max-chain-depth-0-exhausted`	max chain depth not supported
`pathlen::max-chain-depth-1`	max chain depth not supported
`pathlen::max-chain-depth-1-exhausted`	max chain depth not supported
`pathlen::max-chain-depth-1-self-issued`	max chain depth not supported
`pathological::intermediate-cycle-distinct-cas-max-depth`	max chain depth not supported
`rfc5280::nc::invalid-email-address`	unimplemented validationKindClient
`rfc5280::nc::nc-permits-invalid-email-san`	unimplemented validationKindClient
`rfc5280::nc::nc-permits-email-exact`	unimplemented validationKindClient
`rfc5280::nc::nc-permits-email-domain`	unimplemented validationKindClient