Skip to content

bettertls🔗

bettertls::nameconstraints::tc0🔗

Testcase 0 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 N/A
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki N/A
openssl-1.1 N/A

bettertls::nameconstraints::tc1🔗

Testcase 1 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc2🔗

Testcase 2 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 N/A
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki N/A
openssl-1.1 N/A

bettertls::nameconstraints::tc3🔗

Testcase 3 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The X.509 certificate provided is not valid for test.localhost. Valid hostnames include: bad.example.com
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki DNS name validation failed
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc4🔗

Testcase 4 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 N/A
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki 🚧 implementation requires DNS peer names
openssl-1.1 N/A

bettertls::nameconstraints::tc5🔗

Testcase 5 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 IP address mismatch
boringssl-legacy-40 IP address mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 IP address mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 IP address mismatch
libressl-4.3.1 IP address mismatch
openssl-3.2.6 IP address mismatch
libressl-4.0.1 IP address mismatch
libressl-3.9.2 IP address mismatch
openssl-4.0.0 IP address mismatch
openssl-3.5.6 IP address mismatch
certvalidator-0.11.1 The X.509 certificate provided is not valid for 127.0.0.1. Valid hostnames include:
openssl-3.6.2 IP address mismatch
openssl-3.0.20 IP address mismatch
aws-lc-1.72.0 IP address mismatch
openssl-3.3.7 IP address mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki 🚧 implementation requires DNS peer names
openssl-1.1 IP address mismatch

bettertls::nameconstraints::tc6🔗

Testcase 6 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 unsupported or invalid name syntax
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 unsupported or invalid name syntax
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 unsupported or invalid name syntax
openssl-3.2.6 hostname mismatch
libressl-4.0.1 unsupported or invalid name syntax
libressl-3.9.2 unsupported or invalid name syntax
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc7🔗

Testcase 7 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The X.509 certificate provided is not valid for test.localhost. Valid hostnames include:
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki DNS name validation failed
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc8🔗

Testcase 8 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc9🔗

Testcase 9 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc10🔗

Testcase 10 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc11🔗

Testcase 11 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc12🔗

Testcase 12 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc13🔗

Testcase 13 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc14🔗

Testcase 14 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc15🔗

Testcase 15 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc16🔗

Testcase 16 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc17🔗

Testcase 17 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc18🔗

Testcase 18 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc19🔗

Testcase 19 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc20🔗

Testcase 20 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc21🔗

Testcase 21 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc22🔗

Testcase 22 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc23🔗

Testcase 23 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc24🔗

Testcase 24 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc25🔗

Testcase 25 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc26🔗

Testcase 26 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc27🔗

Testcase 27 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc28🔗

Testcase 28 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc29🔗

Testcase 29 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc30🔗

Testcase 30 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc31🔗

Testcase 31 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc32🔗

Testcase 32 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc33🔗

Testcase 33 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc34🔗

Testcase 34 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc35🔗

Testcase 35 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc36🔗

Testcase 36 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc37🔗

Testcase 37 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc38🔗

Testcase 38 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc39🔗

Testcase 39 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc40🔗

Testcase 40 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc41🔗

Testcase 41 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc42🔗

Testcase 42 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc43🔗

Testcase 43 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc44🔗

Testcase 44 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc45🔗

Testcase 45 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc46🔗

Testcase 46 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc47🔗

Testcase 47 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc48🔗

Testcase 48 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc49🔗

Testcase 49 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc50🔗

Testcase 50 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc51🔗

Testcase 51 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc52🔗

Testcase 52 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc53🔗

Testcase 53 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc54🔗

Testcase 54 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc55🔗

Testcase 55 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc56🔗

Testcase 56 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc57🔗

Testcase 57 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc58🔗

Testcase 58 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc59🔗

Testcase 59 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc60🔗

Testcase 60 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc61🔗

Testcase 61 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc62🔗

Testcase 62 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc63🔗

Testcase 63 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc64🔗

Testcase 64 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc65🔗

Testcase 65 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc66🔗

Testcase 66 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc67🔗

Testcase 67 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc68🔗

Testcase 68 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc69🔗

Testcase 69 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc70🔗

Testcase 70 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc71🔗

Testcase 71 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc72🔗

Testcase 72 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc73🔗

Testcase 73 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc74🔗

Testcase 74 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc75🔗

Testcase 75 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc76🔗

Testcase 76 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc77🔗

Testcase 77 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc78🔗

Testcase 78 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc79🔗

Testcase 79 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc80🔗

Testcase 80 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc81🔗

Testcase 81 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc82🔗

Testcase 82 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc83🔗

Testcase 83 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc84🔗

Testcase 84 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc85🔗

Testcase 85 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc86🔗

Testcase 86 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc87🔗

Testcase 87 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: missing required extension: leaf server certificate has no subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc88🔗

Testcase 88 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The X.509 certificate provided is not valid for test.localhost. Valid hostnames include:
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki DNS name validation failed
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc89🔗

Testcase 89 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc90🔗

Testcase 90 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc91🔗

Testcase 91 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc92🔗

Testcase 92 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc93🔗

Testcase 93 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc94🔗

Testcase 94 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc95🔗

Testcase 95 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc96🔗

Testcase 96 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc97🔗

Testcase 97 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc98🔗

Testcase 98 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc99🔗

Testcase 99 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc100🔗

Testcase 100 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc101🔗

Testcase 101 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc102🔗

Testcase 102 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc103🔗

Testcase 103 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc104🔗

Testcase 104 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc105🔗

Testcase 105 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc106🔗

Testcase 106 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc107🔗

Testcase 107 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc108🔗

Testcase 108 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc109🔗

Testcase 109 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc110🔗

Testcase 110 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc111🔗

Testcase 111 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc112🔗

Testcase 112 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc113🔗

Testcase 113 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc114🔗

Testcase 114 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc115🔗

Testcase 115 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc116🔗

Testcase 116 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc117🔗

Testcase 117 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc118🔗

Testcase 118 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc119🔗

Testcase 119 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc120🔗

Testcase 120 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc121🔗

Testcase 121 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc122🔗

Testcase 122 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc123🔗

Testcase 123 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc124🔗

Testcase 124 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc125🔗

Testcase 125 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc126🔗

Testcase 126 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc127🔗

Testcase 127 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc128🔗

Testcase 128 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc129🔗

Testcase 129 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc130🔗

Testcase 130 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc131🔗

Testcase 131 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc132🔗

Testcase 132 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc133🔗

Testcase 133 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc134🔗

Testcase 134 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc135🔗

Testcase 135 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc136🔗

Testcase 136 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc137🔗

Testcase 137 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc138🔗

Testcase 138 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc139🔗

Testcase 139 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc140🔗

Testcase 140 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc141🔗

Testcase 141 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc142🔗

Testcase 142 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc143🔗

Testcase 143 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc144🔗

Testcase 144 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc145🔗

Testcase 145 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc146🔗

Testcase 146 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc147🔗

Testcase 147 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc148🔗

Testcase 148 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc149🔗

Testcase 149 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc150🔗

Testcase 150 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc151🔗

Testcase 151 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc152🔗

Testcase 152 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc153🔗

Testcase 153 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc154🔗

Testcase 154 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc155🔗

Testcase 155 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc156🔗

Testcase 156 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc157🔗

Testcase 157 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc158🔗

Testcase 158 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc159🔗

Testcase 159 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc160🔗

Testcase 160 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc161🔗

Testcase 161 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc162🔗

Testcase 162 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc163🔗

Testcase 163 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc164🔗

Testcase 164 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc165🔗

Testcase 165 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc166🔗

Testcase 166 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc167🔗

Testcase 167 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc168🔗

Testcase 168 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc169🔗

Testcase 169 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The X.509 certificate provided is not valid for test.localhost. Valid hostnames include:
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki DNS name validation failed
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc170🔗

Testcase 170 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc171🔗

Testcase 171 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc172🔗

Testcase 172 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc173🔗

Testcase 173 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc174🔗

Testcase 174 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc175🔗

Testcase 175 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc176🔗

Testcase 176 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc177🔗

Testcase 177 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc178🔗

Testcase 178 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc179🔗

Testcase 179 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc180🔗

Testcase 180 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc181🔗

Testcase 181 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc182🔗

Testcase 182 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc183🔗

Testcase 183 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc184🔗

Testcase 184 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc185🔗

Testcase 185 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc186🔗

Testcase 186 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc187🔗

Testcase 187 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc188🔗

Testcase 188 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc189🔗

Testcase 189 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc190🔗

Testcase 190 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc191🔗

Testcase 191 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc192🔗

Testcase 192 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc193🔗

Testcase 193 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc194🔗

Testcase 194 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc195🔗

Testcase 195 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc196🔗

Testcase 196 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc197🔗

Testcase 197 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc198🔗

Testcase 198 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc199🔗

Testcase 199 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc200🔗

Testcase 200 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc201🔗

Testcase 201 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc202🔗

Testcase 202 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc203🔗

Testcase 203 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc204🔗

Testcase 204 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc205🔗

Testcase 205 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc206🔗

Testcase 206 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc207🔗

Testcase 207 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc208🔗

Testcase 208 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc209🔗

Testcase 209 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc210🔗

Testcase 210 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc211🔗

Testcase 211 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc212🔗

Testcase 212 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc213🔗

Testcase 213 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc214🔗

Testcase 214 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc215🔗

Testcase 215 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc216🔗

Testcase 216 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc217🔗

Testcase 217 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc218🔗

Testcase 218 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc219🔗

Testcase 219 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc220🔗

Testcase 220 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc221🔗

Testcase 221 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc222🔗

Testcase 222 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc223🔗

Testcase 223 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc224🔗

Testcase 224 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc225🔗

Testcase 225 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc226🔗

Testcase 226 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc227🔗

Testcase 227 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc228🔗

Testcase 228 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc229🔗

Testcase 229 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc230🔗

Testcase 230 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc231🔗

Testcase 231 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc232🔗

Testcase 232 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc233🔗

Testcase 233 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc234🔗

Testcase 234 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc235🔗

Testcase 235 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc236🔗

Testcase 236 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc237🔗

Testcase 237 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc238🔗

Testcase 238 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc239🔗

Testcase 239 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc240🔗

Testcase 240 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc241🔗

Testcase 241 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc242🔗

Testcase 242 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc243🔗

Testcase 243 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc244🔗

Testcase 244 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc245🔗

Testcase 245 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc246🔗

Testcase 246 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc247🔗

Testcase 247 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc248🔗

Testcase 248 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki subject name validation failed
libressl-4.1.2 Hostname mismatch
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 Hostname mismatch
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 Hostname mismatch
openssl-3.2.6 hostname mismatch
libressl-4.0.1 Hostname mismatch
libressl-3.9.2 Hostname mismatch
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc249🔗

Testcase 249 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 Hostname mismatch
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.4.5 hostname mismatch
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 hostname mismatch
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 hostname mismatch
openssl-3.5.6 hostname mismatch
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 hostname mismatch
openssl-3.0.20 hostname mismatch
aws-lc-1.72.0 Hostname mismatch
openssl-3.3.7 hostname mismatch
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected.
rust-webpki UnknownIssuer
openssl-1.1 Hostname mismatch

bettertls::nameconstraints::tc250🔗

Testcase 250 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 N/A
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki N/A
openssl-1.1 N/A

bettertls::nameconstraints::tc251🔗

Testcase 251 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc252🔗

Testcase 252 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc253🔗

Testcase 253 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc254🔗

Testcase 254 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc255🔗

Testcase 255 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc256🔗

Testcase 256 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc257🔗

Testcase 257 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc258🔗

Testcase 258 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc259🔗

Testcase 259 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc260🔗

Testcase 260 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc261🔗

Testcase 261 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc262🔗

Testcase 262 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc263🔗

Testcase 263 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc264🔗

Testcase 264 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc265🔗

Testcase 265 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc266🔗

Testcase 266 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc267🔗

Testcase 267 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc268🔗

Testcase 268 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc269🔗

Testcase 269 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc270🔗

Testcase 270 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc271🔗

Testcase 271 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc272🔗

Testcase 272 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc273🔗

Testcase 273 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc274🔗

Testcase 274 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc275🔗

Testcase 275 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc276🔗

Testcase 276 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc277🔗

Testcase 277 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc278🔗

Testcase 278 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc279🔗

Testcase 279 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc280🔗

Testcase 280 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc281🔗

Testcase 281 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc282🔗

Testcase 282 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc283🔗

Testcase 283 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc284🔗

Testcase 284 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc285🔗

Testcase 285 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc286🔗

Testcase 286 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc287🔗

Testcase 287 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc288🔗

Testcase 288 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc289🔗

Testcase 289 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc290🔗

Testcase 290 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc291🔗

Testcase 291 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc292🔗

Testcase 292 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc293🔗

Testcase 293 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc294🔗

Testcase 294 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc295🔗

Testcase 295 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc296🔗

Testcase 296 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc297🔗

Testcase 297 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc298🔗

Testcase 298 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc299🔗

Testcase 299 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc300🔗

Testcase 300 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 excluded subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: excluded name constraint matched SAN
openssl-3.4.5 excluded subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 excluded subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 excluded subtree violation
openssl-3.5.6 excluded subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 excluded subtree violation
openssl-3.0.20 excluded subtree violation
aws-lc-1.72.0 excluded subtree violation
openssl-3.3.7 excluded subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 excluded subtree violation

bettertls::nameconstraints::tc301🔗

Testcase 301 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc302🔗

Testcase 302 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc303🔗

Testcase 303 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
SUCCESS SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki N/A
libressl-4.1.2 N/A
boringssl-legacy-40 N/A
gocryptox509-go1.26.3 N/A
libressl-4.2.1 N/A
pyca-cryptography-46.0.7 chain built successfully
openssl-3.4.5 N/A
libressl-4.3.1 N/A
openssl-3.2.6 N/A
libressl-4.0.1 N/A
libressl-3.9.2 N/A
openssl-4.0.0 N/A
openssl-3.5.6 N/A
certvalidator-0.11.1 ❌ (unexpected failure) The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 N/A
openssl-3.0.20 N/A
aws-lc-1.72.0 N/A
openssl-3.3.7 N/A
gnutls-certtool-3.8.3 Chain verification output: Verified. The certificate is trusted.
rust-webpki ❌ (unexpected failure) UnknownIssuer
openssl-1.1 N/A

bettertls::nameconstraints::tc304🔗

Testcase 304 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc305🔗

Testcase 305 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc306🔗

Testcase 306 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc307🔗

Testcase 307 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc308🔗

Testcase 308 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc309🔗

Testcase 309 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc310🔗

Testcase 310 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc311🔗

Testcase 311 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc312🔗

Testcase 312 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc313🔗

Testcase 313 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc314🔗

Testcase 314 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc315🔗

Testcase 315 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc316🔗

Testcase 316 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc317🔗

Testcase 317 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc318🔗

Testcase 318 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 excluded subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 excluded subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 excluded subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 excluded subtree violation
libressl-3.9.2 excluded subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc319🔗

Testcase 319 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc320🔗

Testcase 320 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc321🔗

Testcase 321 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc322🔗

Testcase 322 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A
Harness Result Context
rustls-webpki NameConstraintViolation
libressl-4.1.2 permitted subtree violation
boringssl-legacy-40 permitted subtree violation
gocryptox509-go1.26.3 N/A
libressl-4.2.1 permitted subtree violation
pyca-cryptography-46.0.7 validation failed: candidates exhausted: no permitted name constraints matched SAN
openssl-3.4.5 permitted subtree violation
libressl-4.3.1 permitted subtree violation
openssl-3.2.6 permitted subtree violation
libressl-4.0.1 permitted subtree violation
libressl-3.9.2 permitted subtree violation
openssl-4.0.0 permitted subtree violation
openssl-3.5.6 permitted subtree violation
certvalidator-0.11.1 The path could not be validated because intermediate certificate 2 contains the following unsupported critical extension: name_constraints
openssl-3.6.2 permitted subtree violation
openssl-3.0.20 permitted subtree violation
aws-lc-1.72.0 permitted subtree violation
openssl-3.3.7 permitted subtree violation
gnutls-certtool-3.8.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints.
rust-webpki UnknownIssuer
openssl-1.1 permitted subtree violation

bettertls::nameconstraints::tc323🔗

Testcase 323 from the BetterTLS nameconstraints suite.

Expected result Validation kind Validation time Features Importance Conflicts
FAILURE SERVER 2026-01-19T17:25:50+00:00 N/A undetermined N/A