pathological🔗
pathological::multiple-chains-expired-intermediate🔗
Produces the following chain:
root 2 -> intermediate (expired) -> root -> EE
Both roots are trusted. A chain should be built successfully, disregarding the expired intermediate certificate and the second root. This scenario is known as the "chain of pain"; for further reference, see https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected failure) | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain uses expired certificate. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
✅ | N/A |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
pathological::intermediate-cycle-distinct-cas🔗
Produces the following invalid chain:
root -/-> (ICA' <-> ICA'') -> EE
ICA' and ICA'' are separate logical CAs that sign for each other.
Neither chains up to the root.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | unable to get local issuer certificate |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | unable to get local issuer certificate |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("chain construction exceeds max depth")) |
openssl-1.1 |
✅ | unable to get local issuer certificate |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unable to get local issuer certificate |
certvalidator-0.11.1 |
✅ | Unable to build a validation path for the certificate "Common Name: example.com" - no issuer matching "Common Name: intermediate-cycle-distinct-ca1" was found |
rustls-webpki |
✅ | UnknownIssuer |
pathological::intermediate-cycle-distinct-cas-max-depth🔗
Produces the following invalid chain:
root -/-> (ICA' <-> ICA'') -> EE
ICA' and ICA'' are separate logical CAs that sign for each other.
Neither chains up to the root.
This testcase is identical to intermediate-cycle-distinct-cas, except
that it specifies a large explicit max depth.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | unable to get local issuer certificate |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | unable to get local issuer certificate |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("current depth calculation overflowed")) |
openssl-1.1 |
✅ | unable to get local issuer certificate |
gocryptox509-go1.22.2 |
🚧 | max chain depth not supported |
openssl-3.1.5 |
✅ | unable to get local issuer certificate |
certvalidator-0.11.1 |
✅ | Unable to build a validation path for the certificate "Common Name: example.com" - no issuer matching "Common Name: intermediate-cycle-distinct-ca1" was found |
rustls-webpki |
✅ | UnknownIssuer |
pathological::intermediate-cycle-same-logical-ca🔗
Produces the following invalid chain:
root -/-> (ICA <-> ICA) -> EE
The two ICA certificates are from the same logical CA (same subject), but have different keys and sign for each other, forming a cycle. Neither chains up to the root.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | unable to get local issuer certificate |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | unable to get local issuer certificate |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("Certificate is missing required extension")) |
openssl-1.1 |
✅ | unable to get local issuer certificate |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unable to get local issuer certificate |
certvalidator-0.11.1 |
✅ | Unable to build a validation path for the certificate "Common Name: example.com" - no issuer matching "Common Name: intermediate-cycle-same-logical-ca" was found |
rustls-webpki |
✅ | UnknownIssuer |
pathological::nc-dos-1🔗
Produces the following pathological chain:
root [many constraints] -> EE [many names]
The root CA contains 2048 permits and excludes name constraints, which are checked against the EE's 2048 SANs and 2048 subjects. This is typically rejected by implementations due to quadratic blowup, but is technically valid.
This testcase is extended from OpenSSL's (many-names1.pem, many-constraints.pem)
testcase, via https://github.com/openssl/openssl/pull/4393.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | denial-of-service | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | unspecified certificate verification error |
rust-webpki |
✅ | leaf cert: X.509 parse failed |
openssl-3.0.13 |
✅ | unspecified certificate verification error |
pyca-cryptography-42.0.5 |
✅ | validation failed: FatalError("Exceeded maximum name constraint check limit") |
openssl-1.1 |
✅ | unspecified certificate verification error |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unspecified certificate verification error |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | leaf cert: X.509 parse failed |
pathological::nc-dos-2🔗
Produces the following pathological chain:
root [many constraints] -> EE [many names]
The root CA contains over 2048 permits and excludes name constraints, which are checked against the EE's 2048 SANs. This is typically rejected by implementations due to quadratic blowup, but is technically valid.
This testcase is extended from OpenSSL's (many-names2.pem, many-constraints.pem)
testcase, via https://github.com/openssl/openssl/pull/4393.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | denial-of-service | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | unspecified certificate verification error |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | unspecified certificate verification error |
pyca-cryptography-42.0.5 |
✅ | validation failed: FatalError("Exceeded maximum name constraint check limit") |
openssl-1.1 |
✅ | unspecified certificate verification error |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unspecified certificate verification error |
certvalidator-0.11.1 |
✅ | The path could not be validated because the end-entity certificate contains the following unsupported critical extension: subject_alt_name |
rustls-webpki |
✅ | MaximumNameConstraintComparisonsExceeded |
pathological::nc-dos-3🔗
Produces the following pathological chain:
root [many constraints] -> EE [many names]
The root CA contains over 2048 permits and excludes name constraints, which are checked against the EE's 2048 subjects (not SANS). This is typically rejected by implementations due to quadratic blowup, but is technically valid.
This testcase is a reproduction of OpenSSL's (many-names3.pem, many-constraints.pem)
testcase, via https://github.com/openssl/openssl/pull/4393.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | denial-of-service | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | unspecified certificate verification error |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | unspecified certificate verification error |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("Certificate is missing required extension") |
openssl-1.1 |
✅ | unspecified certificate verification error |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unspecified certificate verification error |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | subject name validation failed |