Skip to content

pathological🔗

pathological::multiple-chains-expired-intermediate🔗

Produces the following chain:

root 2 -> intermediate (expired) -> root -> EE

Both roots are trusted. A chain should be built successfully, disregarding the expired intermediate certificate and the second root. This scenario is known as the "chain of pain"; for further reference, see https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration.

Expected result Validation kind Validation time Features Importance Conflicts Download
SUCCESS SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected failure) Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain uses expired certificate.
openssl-3.0.15 N/A
openssl-3.3.2 N/A
openssl-3.2.3 N/A
rustls-webpki N/A
certvalidator-0.11.1 N/A
gocryptox509-go1.23.3 N/A
openssl-3.4.0 N/A
pyca-cryptography-43.0.3 N/A
openssl-3.1.7 N/A
openssl-1.1 N/A
rust-webpki N/A

pathological::intermediate-cycle-distinct-cas🔗

Produces the following invalid chain:

root -/-> (ICA' <-> ICA'') -> EE

ICA' and ICA'' are separate logical CAs that sign for each other. Neither chains up to the root.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected.
openssl-3.0.15 unable to get local issuer certificate
openssl-3.3.2 unable to get local issuer certificate
openssl-3.2.3 unable to get local issuer certificate
rustls-webpki UnknownIssuer
certvalidator-0.11.1 Unable to build a validation path for the certificate "Common Name: example.com" - no issuer matching "Common Name: intermediate-cycle-distinct-ca1" was found
gocryptox509-go1.23.3 N/A
openssl-3.4.0 unable to get local issuer certificate
pyca-cryptography-43.0.3 validation failed: CandidatesExhausted(Other("chain construction exceeds max depth"))
openssl-3.1.7 unable to get local issuer certificate
openssl-1.1 unable to get local issuer certificate
rust-webpki UnknownIssuer

pathological::intermediate-cycle-distinct-cas-max-depth🔗

Produces the following invalid chain:

root -/-> (ICA' <-> ICA'') -> EE

ICA' and ICA'' are separate logical CAs that sign for each other. Neither chains up to the root.

This testcase is identical to intermediate-cycle-distinct-cas, except that it specifies a large explicit max depth.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected.
openssl-3.0.15 unable to get local issuer certificate
openssl-3.3.2 unable to get local issuer certificate
openssl-3.2.3 unable to get local issuer certificate
rustls-webpki UnknownIssuer
certvalidator-0.11.1 Unable to build a validation path for the certificate "Common Name: example.com" - no issuer matching "Common Name: intermediate-cycle-distinct-ca1" was found
gocryptox509-go1.23.3 🚧 max chain depth not supported
openssl-3.4.0 unable to get local issuer certificate
pyca-cryptography-43.0.3 validation failed: CandidatesExhausted(Other("current depth calculation overflowed"))
openssl-3.1.7 unable to get local issuer certificate
openssl-1.1 unable to get local issuer certificate
rust-webpki UnknownIssuer

pathological::intermediate-cycle-same-logical-ca🔗

Produces the following invalid chain:

root -/-> (ICA <-> ICA) -> EE

The two ICA certificates are from the same logical CA (same subject), but have different keys and sign for each other, forming a cycle. Neither chains up to the root.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected.
openssl-3.0.15 unable to get local issuer certificate
openssl-3.3.2 unable to get local issuer certificate
openssl-3.2.3 unable to get local issuer certificate
rustls-webpki UnknownIssuer
certvalidator-0.11.1 Unable to build a validation path for the certificate "Common Name: example.com" - no issuer matching "Common Name: intermediate-cycle-same-logical-ca" was found
gocryptox509-go1.23.3 N/A
openssl-3.4.0 unable to get local issuer certificate
pyca-cryptography-43.0.3 validation failed: CandidatesExhausted(Other("Certificate is missing required extension"))
openssl-3.1.7 unable to get local issuer certificate
openssl-1.1 unable to get local issuer certificate
rust-webpki UnknownIssuer

pathological::nc-dos-1🔗

Produces the following pathological chain:

root [many constraints] -> EE [many names]

The root CA contains 2048 permits and excludes name constraints, which are checked against the EE's 2048 SANs and 2048 subjects. This is typically rejected by implementations due to quadratic blowup, but is technically valid.

This testcase is extended from OpenSSL's (many-names1.pem, many-constraints.pem) testcase, via https://github.com/openssl/openssl/pull/4393.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A denial-of-service undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 unspecified certificate verification error
openssl-3.3.2 unspecified certificate verification error
openssl-3.2.3 unspecified certificate verification error
rustls-webpki leaf cert: X.509 parse failed
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 N/A
openssl-3.4.0 unspecified certificate verification error
pyca-cryptography-43.0.3 validation failed: FatalError("Exceeded maximum name constraint check limit")
openssl-3.1.7 unspecified certificate verification error
openssl-1.1 unspecified certificate verification error
rust-webpki leaf cert: X.509 parse failed

pathological::nc-dos-2🔗

Produces the following pathological chain:

root [many constraints] -> EE [many names]

The root CA contains over 2048 permits and excludes name constraints, which are checked against the EE's 2048 SANs. This is typically rejected by implementations due to quadratic blowup, but is technically valid.

This testcase is extended from OpenSSL's (many-names2.pem, many-constraints.pem) testcase, via https://github.com/openssl/openssl/pull/4393.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A denial-of-service undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 unspecified certificate verification error
openssl-3.3.2 unspecified certificate verification error
openssl-3.2.3 unspecified certificate verification error
rustls-webpki MaximumNameConstraintComparisonsExceeded
certvalidator-0.11.1 The path could not be validated because the end-entity certificate contains the following unsupported critical extension: subject_alt_name
gocryptox509-go1.23.3 N/A
openssl-3.4.0 unspecified certificate verification error
pyca-cryptography-43.0.3 validation failed: FatalError("Exceeded maximum name constraint check limit")
openssl-3.1.7 unspecified certificate verification error
openssl-1.1 unspecified certificate verification error
rust-webpki UnknownIssuer

pathological::nc-dos-3🔗

Produces the following pathological chain:

root [many constraints] -> EE [many names]

The root CA contains over 2048 permits and excludes name constraints, which are checked against the EE's 2048 subjects (not SANS). This is typically rejected by implementations due to quadratic blowup, but is technically valid.

This testcase is a reproduction of OpenSSL's (many-names3.pem, many-constraints.pem) testcase, via https://github.com/openssl/openssl/pull/4393.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A denial-of-service undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 unspecified certificate verification error
openssl-3.3.2 unspecified certificate verification error
openssl-3.2.3 unspecified certificate verification error
rustls-webpki subject name validation failed
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 N/A
openssl-3.4.0 unspecified certificate verification error
pyca-cryptography-43.0.3 validation failed: Other("Certificate is missing required extension")
openssl-3.1.7 unspecified certificate verification error
openssl-1.1 unspecified certificate verification error
rust-webpki UnknownIssuer