rfc5280🔗
rfc5280::aki::critical-aki🔗
Produces the following invalid chain:
root -> EE
The root cert has an AKI extension marked as critical, which is disallowed under RFC 5280 4.2.1.1:
Conforming CAs MUST mark this extension as non-critical.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | unhandled critical extension |
rust-webpki |
✅ | trusted certs: trust anchor extraction failed |
openssl-3.0.13 |
✅ | unhandled critical extension |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("Certificate extension has incorrect criticality")) |
openssl-1.1 |
✅ | unhandled critical extension |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | unhandled critical extension |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | trusted certs: trust anchor extraction failed |
rfc5280::aki::leaf-missing-aki🔗
Produces the following invalid chain:
root -> EE
The EE cert is signed by the root but missing the AKI extension, which is forbidden under RFC 5280 4.2.1.1.
The keyIdentifier field of the authorityKeyIdentifier extension MUST be included in all certificates generated by conforming CAs to facilitate certification path construction.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | Missing Authority Key Identifier |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
✅ | Missing Authority Key Identifier |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("Certificate is missing required extension") |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | Missing Authority Key Identifier |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::aki::intermediate-missing-aki🔗
Produces the following invalid chain:
root -> intermediate -> EE
The intermediate is signed by the root but missing the AKI extension, which is forbidden under RFC 5280 4.2.1.1.
The keyIdentifier field of the authorityKeyIdentifier extension MUST be included in all certificates generated by conforming CAs to facilitate certification path construction.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | Missing Authority Key Identifier |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
✅ | Missing Authority Key Identifier |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicitly unsupported case) |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | Missing Authority Key Identifier |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::aki::self-signed-root-missing-aki🔗
Produces the following valid chain:
root -> EE
The root cert is missing the AKI extension, which is ordinarily forbidden under RFC 5280 4.2.1.1 unless the certificate is self-signed, which this root is:
The keyIdentifier field of the authorityKeyIdentifier extension MUST be included in all certificates generated by conforming CAs to facilitate certification path construction. There is one exception; where a CA distributes its public key in the form of a "self-signed" certificate, the authority key identifier MAY be omitted.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
✅ | N/A |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::aki::cross-signed-root-missing-aki🔗
Produces the following invalid chain:
root -> EE
The root is cross signed by another root but missing the AKI extension, which is ambiguous but potentially disallowed under RFC 5280 4.2.1.1.
The keyIdentifier field of the authorityKeyIdentifier extension MUST be included in all certificates generated by conforming CAs to facilitate certification path construction.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | pedantic-rfc5280 | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
❌ (unexpected success) | N/A |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
❌ (unexpected success) | N/A |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicit unsupported feature) |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
❌ (unexpected success) | N/A |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::eku::ee-wrong-eku🔗
Produces the following invalid chain:
root -> EE
The chain is correctly constructed, but the EE cert contains
an Extended Key Usage extension that contains just id-kp-clientAuth
while the validator expects id-kp-serverAuth.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
🚧 | custom EKUs not yet supported |
openssl-3.2.1 |
✅ | unsuitable certificate purpose |
rust-webpki |
✅ | RequiredEkuNotFound |
openssl-3.0.13 |
✅ | unsuitable certificate purpose |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("required EKU not found") |
openssl-1.1 |
✅ | unsupported certificate purpose |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unsuitable certificate purpose |
certvalidator-0.11.1 |
✅ | The X.509 certificate provided is not valid for securing TLS connections |
rustls-webpki |
✅ | RequiredEkuNotFound |
rfc5280::eku::ee-without-eku🔗
Produces the following valid chain:
root -> EE
The EE is missing an extKeyUsage extension, which is permitted under RFC 5280 4.2.1.12.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | webpki::eku::ee-without-eku |
PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
✅ | N/A |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::nc::permitted-dns-mismatch🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with a permitted dNSName "example.com", whereas the leaf certificate has a SubjectAlternativeName with a dNSName of "not-example.com".
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | hostname mismatch |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | hostname mismatch |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("leaf certificate has no matching subjectAltName") |
openssl-1.1 |
✅ | Hostname mismatch |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | hostname mismatch |
certvalidator-0.11.1 |
✅ | The X.509 certificate provided is not valid for example.com. Valid hostnames include: not-example.com |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::excluded-dns-match🔗
Produces the following invalid chain:
root -> ICA -> leaf
The ICA contains a NameConstraints extension with an excluded dNSName of "example.com", matching the leaf's SubjectAlternativeName.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | excluded subtree violation |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | excluded subtree violation |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("excluded name constraint matched SAN")) |
openssl-1.1 |
✅ | excluded subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | excluded subtree violation |
certvalidator-0.11.1 |
✅ | The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::permitted-dns-match🔗
Produces the following valid chain:
root -> leaf
The root contains a NameConstraints extension with a permitted dNSName of "example.com", matching the leaf's SubjectAlternativeName.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
❌ (unexpected failure) | UnknownIssuer |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::nc::permitted-dns-match-noncritical🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with a permitted dNSName of "example.com", matching the leaf's SubjectAlternativeName. However, the NameConstraints extension is not marked as critical, which is required by the RFC 5280 profile.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | rfc5280-incompatible-with-webpki | undetermined | webpki::nc::permitted-dns-match-noncritical |
PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
❌ (unexpected success) | N/A |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
❌ (unexpected success) | N/A |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicit unsupported feature) |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
❌ (unexpected success) | N/A |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::nc::permitted-dns-match-more🔗
Produces the following valid chain:
root -> leaf
The root contains a NameConstraints extension with a permitted dNSName of "example.com". The leaf's "foo.bar.example.com" satisfies this constraint per the RFC 5280 profile:
DNS name restrictions are expressed as host.example.com. Any DNS name that can be constructed by simply adding zero or more labels to the left-hand side of the name satisfies the name constraint. For example, www.host.example.com would satisfy the constraint but host1.example.com would not.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
❌ (unexpected failure) | UnknownIssuer |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::nc::excluded-dns-match-second🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with an excluded dNSName of "not-allowed.example.com". This should match the leaf's second SubjectAlternativeName entry.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. |
openssl-3.2.1 |
✅ | excluded subtree violation |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | excluded subtree violation |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("excluded name constraint matched SAN")) |
openssl-1.1 |
✅ | excluded subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | excluded subtree violation |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::permitted-ip-mismatch🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with a permitted iPAddress of
192.0.2.0/24, which does not match the iPAddress in the SubjectAlternativeName
of the leaf.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. |
openssl-3.2.1 |
✅ | permitted subtree violation |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | permitted subtree violation |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("no permitted name constraints matched SAN")) |
openssl-1.1 |
✅ | permitted subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | permitted subtree violation |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::excluded-ipv4-match🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with an excluded iPAddress of
192.0.2.0/24, matching the iPAddress in the SubjectAlternativeName of the leaf.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. |
openssl-3.2.1 |
✅ | excluded subtree violation |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | excluded subtree violation |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("excluded name constraint matched SAN")) |
openssl-1.1 |
✅ | excluded subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | excluded subtree violation |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::excluded-ipv6-match🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with an excluded iPAddress of
::1/128, matching the iPAddress in the SubjectAlternativeName of the leaf.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. |
openssl-3.2.1 |
✅ | excluded subtree violation |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | excluded subtree violation |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("excluded name constraint matched SAN")) |
openssl-1.1 |
✅ | excluded subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | excluded subtree violation |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::permitted-ipv4-match🔗
Produces the following valid chain:
root -> leaf
The root contains a NameConstraints extension with a permitted iPAddress of
192.0.2.0/24, which matches the iPAddress in the SubjectAlternativeName
of the leaf.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
❌ (unexpected failure) | UnknownIssuer |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::nc::permitted-ipv6-match🔗
Produces the following valid chain:
root -> leaf
The root contains a NameConstraints extension with a permitted iPAddress of
::1/128, which matches the iPAddress in the SubjectAlternativeName
of the leaf.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
❌ (unexpected failure) | UnknownIssuer |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::nc::permitted-dn-mismatch🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with a permitted DirectoryName
of CN=foo. This should not match the child's DirectoryName of CN=not-foo.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | name-constraint-dn | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | hostname mismatch |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | hostname mismatch |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicit unsupported feature) |
openssl-1.1 |
✅ | Hostname mismatch |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | hostname mismatch |
certvalidator-0.11.1 |
✅ | The X.509 certificate provided is not valid for example.com. Valid hostnames include: |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::excluded-dn-match🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with an excluded DirectoryName
of CN=foo, matching the leaf's SubjectAlternativeName.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | name-constraint-dn | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | hostname mismatch |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | hostname mismatch |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicit unsupported feature) |
openssl-1.1 |
✅ | Hostname mismatch |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | hostname mismatch |
certvalidator-0.11.1 |
✅ | The X.509 certificate provided is not valid for example.com. Valid hostnames include: |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::permitted-dn-match🔗
Produces the following valid chain:
root -> leaf
The root contains a NameConstraints extension with a permitted DirectoryName
of CN=foo, matching the leaf's SubjectAlternativeName.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | name-constraint-dn | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected failure) | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
❌ (unexpected failure) | hostname mismatch |
rust-webpki |
❌ (unexpected failure) | UnknownIssuer |
openssl-3.0.13 |
❌ (unexpected failure) | hostname mismatch |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicit unsupported feature) |
openssl-1.1 |
❌ (unexpected failure) | Hostname mismatch |
gocryptox509-go1.22.2 |
❌ (unexpected failure) | validation: x509: certificate is not valid for any names, but wanted to match example.com |
openssl-3.1.5 |
❌ (unexpected failure) | hostname mismatch |
certvalidator-0.11.1 |
❌ (unexpected failure) | The X.509 certificate provided is not valid for example.com. Valid hostnames include: |
rustls-webpki |
❌ (unexpected failure) | NameConstraintViolation |
rfc5280::nc::permitted-dn-match-subject-san-mismatch🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with a permitted DirectoryName of "CN=foo", matching the leaf's SubjectAlternativeName but not its subject. The leaf must be rejected per RFC 5280 4.2.1.10 due to this mismatch:
Restrictions of the form directoryName MUST be applied to the subject field in the certificate (when the certificate includes a non-empty subject field) and to any names of type directoryName in the subjectAltName extension.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | name-constraint-dn | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | hostname mismatch |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | hostname mismatch |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicit unsupported feature) |
openssl-1.1 |
✅ | Hostname mismatch |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | hostname mismatch |
certvalidator-0.11.1 |
✅ | The X.509 certificate provided is not valid for example.com. Valid hostnames include: |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::excluded-dn-match-sub-mismatch🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with an excluded DirectoryName of "CN=foo", matching the leaf's subject but not its SubjectAlternativeName. The leaf must be rejected per RFC 5280 4.2.1.10 due to this match:
Restrictions of the form directoryName MUST be applied to the subject field in the certificate (when the certificate includes a non-empty subject field) and to any names of type directoryName in the subjectAltName extension.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | name-constraint-dn | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | hostname mismatch |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | hostname mismatch |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicit unsupported feature) |
openssl-1.1 |
✅ | Hostname mismatch |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | hostname mismatch |
certvalidator-0.11.1 |
✅ | The X.509 certificate provided is not valid for example.com. Valid hostnames include: |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::permitted-self-issued🔗
Produces the following valid chain:
root -> intermediate -> leaf
The root contains a NameConstraints extension with a permitted dNSName of "example.com", whereas the intermediate certificate has a SubjectAlternativeName with a dNSName of "not-example.com".
Normally, this would mean that the chain would be rejected, however the intermediate is self-issued so name constraints don't apply to it.
Name constraints are not applied to self-issued certificates (unless the certificate is the final certificate in the path). (This could prevent CAs that use name constraints from employing self-issued certificates to implement key rollover.)
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected failure) | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
❌ (unexpected failure) | UnknownIssuer |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected failure) | validation: x509: a root or intermediate certificate is not authorized to sign for this name: DNS name "not-example.com" is not permitted by any constraint |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
❌ (unexpected failure) | InvalidSignatureForPublicKey |
rfc5280::nc::excluded-self-issued-leaf🔗
Produces the following invalid chain:
root -> intermediate -> leaf
The root contains a NameConstraints extension with a permitted dNSName of "example.com", whereas the leaf certificate has a SubjectAlternativeName with a dNSName of "not-example.com".
In this case, the chain would still be rejected as name constraints do apply to self-issued certificates if they are in the leaf position.
Name constraints are not applied to self-issued certificates (unless the certificate is the final certificate in the path). (This could prevent CAs that use name constraints from employing self-issued certificates to implement key rollover.)
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. |
openssl-3.2.1 |
✅ | permitted subtree violation |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | permitted subtree violation |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("no permitted name constraints matched SAN")) |
openssl-1.1 |
✅ | permitted subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | permitted subtree violation |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::excluded-match-permitted-and-excluded🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with a permitted and excluded dNSName of "example.com", both of which match the leaf's SubjectAlternativeName.
The excluded constraint takes precedence over the the permitted so this chain should be marked as invalid.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. |
openssl-3.2.1 |
✅ | excluded subtree violation |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | excluded subtree violation |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("excluded name constraint matched SAN")) |
openssl-1.1 |
✅ | excluded subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | excluded subtree violation |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::permitted-different-constraint-type🔗
Produces the following valid chain:
root -> leaf
The root contains a NameConstraints extension with a permitted iPAddress of
192.0.2.0/24, while the leaf's SubjectAlternativeName is a dNSName.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
❌ (unexpected failure) | UnknownIssuer |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::nc::excluded-different-constraint-type🔗
Produces the following valid chain:
root -> leaf
The root contains a NameConstraints extension with an excluded iPAddress of
192.0.2.0/24, while the leaf's SubjectAlternativeName is a dNSName.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
❌ (unexpected failure) | UnknownIssuer |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::nc::invalid-dnsname-wildcard🔗
Produces the following invalid chain:
root -> leaf
The root contains a Name Constraints extension with a malformed dNSName (uses a wildcard pattern, which is not permitted under RFC 5280).
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. |
openssl-3.2.1 |
✅ | permitted subtree violation |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | permitted subtree violation |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("malformed DNS name constraint: *.example.com")) |
openssl-1.1 |
✅ | permitted subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | permitted subtree violation |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | MalformedNameConstraint |
rfc5280::nc::invalid-dnsname-leading-period🔗
Produces the following invalid chain:
root -> leaf
The root contains a Name Constraint extension with a malformed DNS name (uses a leading period, which is not permitted under RFC 5280 4.2.1.10).
This is widely (incorrectly) accepted by implementations due to OpenSSL accepting it and due to misreadings of RFC 5280, which allows a leading period in URI constraints but not DNS constraints.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
❌ (unexpected success) | N/A |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
❌ (unexpected success) | N/A |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("malformed DNS name constraint: .example.com")) |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
❌ (unexpected success) | N/A |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::nc::invalid-ipv4-address🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with a malformed IPv4 iPAddress (not in CIDR form).
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. |
openssl-3.2.1 |
✅ | unsupported or invalid name syntax |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | unsupported or invalid name syntax |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("malformed IP name constraints: [127, 0, 0, 1]")) |
openssl-1.1 |
✅ | unsupported or invalid name syntax |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unsupported or invalid name syntax |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | InvalidNetworkMaskConstraint |
rfc5280::nc::invalid-ipv6-address🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with a malformed IPv6 iPAddress (not in CIDR form).
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. |
openssl-3.2.1 |
✅ | unsupported or invalid name syntax |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | unsupported or invalid name syntax |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("malformed IP name constraints: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]")) |
openssl-1.1 |
✅ | unsupported or invalid name syntax |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unsupported or invalid name syntax |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | InvalidNetworkMaskConstraint |
rfc5280::nc::invalid-email-address🔗
Produces the following invalid chain:
root -> leaf
The root contains a NameConstraints extension with a malformed
RFC822 name constraint (invalid@invalid@example.com, which is not
a valid email address).
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | CLIENT | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
🚧 | non-SERVER testcases not yet supported |
openssl-3.2.1 |
🚧 | non-SERVER testcases not supported yet |
rust-webpki |
🚧 | non-SERVER testcases not supported yet |
openssl-3.0.13 |
🚧 | non-SERVER testcases not supported yet |
pyca-cryptography-42.0.5 |
🚧 | non-SERVER cases not supported yet |
openssl-1.1 |
🚧 | non-SERVER testcases not supported yet |
gocryptox509-go1.22.2 |
🚧 | unimplemented validationKindClient |
openssl-3.1.5 |
🚧 | non-SERVER testcases not supported yet |
certvalidator-0.11.1 |
🚧 | non-SERVER cases not supported yet |
rustls-webpki |
🚧 | non-SERVER testcases not supported yet |
rfc5280::nc::not-allowed-in-ee-noncritical🔗
Produces the following invalid chain:
root -> EE
The EE contains a non-critical NameConstraints extension, which is not permitted under the RFC 5280 profile:
The name constraints extension, which MUST be used only in a CA certificate
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
❌ (unexpected success) | N/A |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
❌ (unexpected success) | N/A |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("Certificate contains prohibited extension") |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
❌ (unexpected success) | N/A |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::nc::not-allowed-in-ee-critical🔗
Produces the following invalid chain:
root -> EE
The EE contains a critical NameConstraints extension, which is not permitted under the RFC 5280 profile:
The name constraints extension, which MUST be used only in a CA certificate
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
❌ (unexpected success) | N/A |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
❌ (unexpected success) | N/A |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("Certificate contains prohibited extension") |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
❌ (unexpected success) | N/A |
certvalidator-0.11.1 |
✅ | The path could not be validated because the end-entity certificate contains the following unsupported critical extension: name_constraints |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::nc::intermediate-with-san-rejected-by-intermediate-nc🔗
Produces the following invalid chain:
root -> ICA1 -> ICA2 -> EE
| | |
| | |
NC SAN1 SAN2
ICA1 contains a NameConstraints extension that forbids SAN1 (forbidden.example.com) and permits SAN2 (permitted.example.com), which should be rejected under RFC 5280:
The name constraints extension, which MUST be used only in a CA certificate, indicates a name space within which all subject names in subsequent certificates in a certification path MUST be located.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | permitted subtree violation |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | permitted subtree violation |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("no permitted name constraints matched SAN")) |
openssl-1.1 |
✅ | permitted subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | permitted subtree violation |
certvalidator-0.11.1 |
✅ | The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::intermediate-with-san-rejected-by-root-nc🔗
Produces the following invalid chain:
root -> ICA1 -> ICA2 -> EE
| | |
| | |
NC SAN1 SAN2
The root contains a NameConstraints extension that forbids SAN1 (forbidden.example.com) and permits SAN2 (permitted.example.com), which should be rejected under RFC 5280:
The name constraints extension, which MUST be used only in a CA certificate, indicates a name space within which all subject names in subsequent certificates in a certification path MUST be located.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | permitted subtree violation |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | permitted subtree violation |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("no permitted name constraints matched SAN")) |
openssl-1.1 |
✅ | permitted subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | permitted subtree violation |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::restrictive-permits-in-intermediates-narrows🔗
Produces the following invalid chain:
root -> ICA1 -> ICA2 -> EE
| | |
permits: permits: SAN: foo.example.com
foo.example.com bar.example.com
bar.example.com
ICA1 contains a NameConstraints extension permitting foo.example.com
and bar.example.com, while ICA2 contains a NameConstraints extension
permitting only bar.example.com. The EE then contains a SAN for
foo.example.com, which should be rejected under RFC 5280:
a name space within which all subject names in subsequent certificates in a certification path MUST be located.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | permitted subtree violation |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | permitted subtree violation |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("no permitted name constraints matched SAN")) |
openssl-1.1 |
✅ | permitted subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | permitted subtree violation |
certvalidator-0.11.1 |
✅ | The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::restrictive-permits-in-intermediates-widens🔗
Produces the following invalid chain:
root -> ICA1 -> ICA2 -> EE
| | |
permits: permits: SAN: foo.example.com
bar.example.com foo.example.com
bar.example.com
ICA1 contains a NameConstraints extension permitting only bar.example.com,
while ICA2 contains a NameConstraints extension permitting foo.example.com
and bar.example.com. The EE then contains a SAN for foo.example.com,
which should be rejected under RFC 5280:
a name space within which all subject names in subsequent certificates in a certification path MUST be located.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | permitted subtree violation |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | permitted subtree violation |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("no permitted name constraints matched SAN")) |
openssl-1.1 |
✅ | permitted subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | permitted subtree violation |
certvalidator-0.11.1 |
✅ | The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::nc-permits-invalid-dns-san🔗
Produces the following invalid chain:
root -> ICA (NC: example.com) -> EE (SAN: .example.com)
The ICA contains a NC that allows example.com and all subdomains,
but the EE's SAN contains a malformed DNS name (.example.com). This should
fail per RFC 5280, since all names MUST be located within the
permitted namespace.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
❌ (unexpected success) | N/A |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
❌ (unexpected success) | N/A |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("unsatisfiable DNS name constraint: malformed SAN .example.com")) |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
❌ (unexpected success) | N/A |
certvalidator-0.11.1 |
✅ | The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints |
rustls-webpki |
✅ | MalformedDnsIdentifier |
rfc5280::nc::nc-permits-invalid-ip-san🔗
Produces the following invalid chain:
root -> ICA (NC: 192.0.2.0/24) -> EE (SAN: 192.0.2.0/24)
The ICA contains a NC that permits 192.0.2.0/24, but the EE's SAN is malformed (containing a CIDR range instead of an IP address). This should fail per RFC 5280, since all names MUST be located within the permitted namespace.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | unsupported or invalid name syntax |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | unsupported or invalid name syntax |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("unsatisfiable IP name constraint: malformed SAN [192, 0, 2, 0, 255, 255, 255, 0]")) |
openssl-1.1 |
✅ | unsupported or invalid name syntax |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unsupported or invalid name syntax |
certvalidator-0.11.1 |
✅ | The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints |
rustls-webpki |
✅ | BadDer |
rfc5280::nc::nc-permits-invalid-email-san🔗
Produces the following invalid chain:
root -> ICA (NC: example.com) -> EE (SAN: invalid@address@example.com)
The ICA contains a NC that permits any email inbox on example.com,
but the EE's SAN is malformed (containing a malformed email address).
This should fail per RFC 5280, since all names MUST be located within the
permitted namespace.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | CLIENT | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
🚧 | non-SERVER testcases not yet supported |
openssl-3.2.1 |
🚧 | non-SERVER testcases not supported yet |
rust-webpki |
🚧 | non-SERVER testcases not supported yet |
openssl-3.0.13 |
🚧 | non-SERVER testcases not supported yet |
pyca-cryptography-42.0.5 |
🚧 | non-SERVER cases not supported yet |
openssl-1.1 |
🚧 | non-SERVER testcases not supported yet |
gocryptox509-go1.22.2 |
🚧 | unimplemented validationKindClient |
openssl-3.1.5 |
🚧 | non-SERVER testcases not supported yet |
certvalidator-0.11.1 |
🚧 | non-SERVER cases not supported yet |
rustls-webpki |
🚧 | non-SERVER testcases not supported yet |
rfc5280::nc::nc-forbids-alternate-chain-ica🔗
Produces the following valid graph:
EE (SAN:X) +-> ICA_B' (SAN:Y) -> No root to chain to
|-> ICA_B'' (no SAN) -> ICA_A (NC forbids SAN:Y) -> Root
ICA_B' and ICA_B'' are certificates for the same logical intermediate,
but issued by different logical root CAs.
This graph allows validation through EE -> ICA_B'' -> Root.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected failure) | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
❌ (unexpected failure) | unable to get local issuer certificate |
rust-webpki |
❌ (unexpected failure) | UnknownIssuer |
openssl-3.0.13 |
❌ (unexpected failure) | unable to get local issuer certificate |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
❌ (unexpected failure) | unable to get local issuer certificate |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
❌ (unexpected failure) | unable to get local issuer certificate |
certvalidator-0.11.1 |
❌ (unexpected failure) | The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints |
rustls-webpki |
✅ | N/A |
rfc5280::nc::nc-forbids-same-chain-ica🔗
Produces the following valid graph:
EE (SAN:X) +-> ICA_B' (SAN:Y) -> ICA_A (forbid: SAN:Y) -> RCA_A
|-> ICA_B'' (SAN:Z) -> RCA_B (no NC)
ICA_B' and ICA_B'' are certificates for the same logical intermediate,
but chained to different logical root CAs. Both root CAs are trusted,
but ICA_B' is issued through ICA_A, which forbids ICA_B''s SAN.
This graph allows validation through EE -> ICA_B'' -> RCA_B
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected failure) | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
❌ (unexpected failure) | excluded subtree violation |
rust-webpki |
✅ | N/A |
openssl-3.0.13 |
❌ (unexpected failure) | excluded subtree violation |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
❌ (unexpected failure) | excluded subtree violation |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
❌ (unexpected failure) | excluded subtree violation |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::nc::nc-permits-email-exact🔗
Produces the following valid graph:
root -> ICA (permit: foo@example.com) -> EE (SAN: foo@example.com)
Per RFC 5280 4.2.1.10 an email name constraint may specify a particular mailbox, like in this graph.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | CLIENT | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
🚧 | non-SERVER testcases not yet supported |
openssl-3.2.1 |
🚧 | non-SERVER testcases not supported yet |
rust-webpki |
🚧 | non-SERVER testcases not supported yet |
openssl-3.0.13 |
🚧 | non-SERVER testcases not supported yet |
pyca-cryptography-42.0.5 |
🚧 | non-SERVER cases not supported yet |
openssl-1.1 |
🚧 | non-SERVER testcases not supported yet |
gocryptox509-go1.22.2 |
🚧 | unimplemented validationKindClient |
openssl-3.1.5 |
🚧 | non-SERVER testcases not supported yet |
certvalidator-0.11.1 |
🚧 | non-SERVER cases not supported yet |
rustls-webpki |
🚧 | non-SERVER testcases not supported yet |
rfc5280::nc::nc-permits-email-domain🔗
Produces the following valid graph:
root -> ICA (permit: example.com) -> EE (SAN: foo@example.com)
Per RFC 5280 4.2.1.10 an email name constraint may specify a host name to constrain all inboxes on that host.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | CLIENT | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
🚧 | non-SERVER testcases not yet supported |
openssl-3.2.1 |
🚧 | non-SERVER testcases not supported yet |
rust-webpki |
🚧 | non-SERVER testcases not supported yet |
openssl-3.0.13 |
🚧 | non-SERVER testcases not supported yet |
pyca-cryptography-42.0.5 |
🚧 | non-SERVER cases not supported yet |
openssl-1.1 |
🚧 | non-SERVER testcases not supported yet |
gocryptox509-go1.22.2 |
🚧 | unimplemented validationKindClient |
openssl-3.1.5 |
🚧 | non-SERVER testcases not supported yet |
certvalidator-0.11.1 |
🚧 | non-SERVER cases not supported yet |
rustls-webpki |
🚧 | non-SERVER testcases not supported yet |
rfc5280::nc::nc-forbids-othername🔗
Produces the following invalid graph:
root -> ICA (forbid: ON) -> EE (SAN: ON)
RFC 5280 does not specify the handling other OtherName constraints, but does specify that implementations must either process (and therefore recognize) all constraints or outright reject the certificate.
If a name constraints extension that is marked as critical imposes constraints on a particular name form, and an instance of that name form appears in the subject field or subjectAltName extension of a subsequent certificate, then the application MUST either process the constraint or reject the certificate.
This testcase contains an ICA with a private OtherName (meaning the implementation will not recognize it), and therefore must reject the chain.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | unsupported name constraint type |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | unsupported name constraint type |
pyca-cryptography-42.0.5 |
❌ (unexpected success) | N/A |
openssl-1.1 |
✅ | unsupported name constraint type |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unsupported name constraint type |
certvalidator-0.11.1 |
✅ | The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints |
rustls-webpki |
✅ | NameConstraintViolation |
rfc5280::nc::nc-forbids-othername-noop🔗
Produces the following valid graph:
root -> ICA (forbid: ON) -> EE (SAN: no ON)
RFC 5280 does not specify the handling other OtherName constraints, but does specify that implementations are only required to evaluate constraints for names that actually appear on the validation path.
In this case, ICA contains an OtherName Name Constraint but no actual SANs on the path contain any OtherName subjects, making the chain valid.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected failure) | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
❌ (unexpected failure) | UnknownIssuer |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected failure) | validation: x509: unhandled critical extension |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
❌ (unexpected failure) | The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints |
rustls-webpki |
✅ | N/A |
rfc5280::pc::ica-noncritical-pc🔗
Produces the following invalid chain:
root -> ICA -> EE
The ICA has a PolicyConstraints extension marked as non-critical,
which is disallowed under RFC 5280 4.2.1.11:
Conforming CAs MUST mark this extension as critical.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | has-policy-constraints | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
❌ (unexpected success) | N/A |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
❌ (unexpected success) | N/A |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicit unsupported feature) |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
❌ (unexpected success) | N/A |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::san::malformed🔗
Produces the following invalid chain:
root -> EE
The EE cert has a SubjectAlternativeName with a value in ASCII bytes, rather than in the expected DER encoding.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | N/A |
openssl-3.2.1 |
✅ | unable to get local issuer certificate |
rust-webpki |
✅ | leaf cert: X.509 parse failed |
openssl-3.0.13 |
✅ | unable to get local issuer certificate |
pyca-cryptography-42.0.5 |
✅ | validation failed: Malformed(ParseError { kind: ShortData }) |
openssl-1.1 |
✅ | unable to get local issuer certificate |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unable to get local issuer certificate |
certvalidator-0.11.1 |
✅ | Insufficient data - 120 bytes requested but only 9 available while parsing asn1crypto.core.ParsableOctetString while parsing asn1crypto.x509.Extension |
rustls-webpki |
✅ | leaf cert: X.509 parse failed |
rfc5280::san::noncritical-with-empty-subject🔗
Produces an invalid chain due to an invalid EE cert.
The EE cert contains a non-critical Subject Alternative Name extension, which is disallowed when the cert's Subject is empty under RFC 5280:
If the subject field contains an empty sequence, then the issuing CA MUST include a subjectAltName extension that is marked as critical.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | Subject empty and Subject Alt Name extension not critical |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
✅ | Subject empty and Subject Alt Name extension not critical |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("EE subjectAltName MUST be critical when subject is empty") |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | Subject empty and Subject Alt Name extension not critical |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::serial::too-long🔗
Produces an invalid chain due to an invalid EE cert.
The EE cert contains a serial number longer than 20 octets, which is disallowed under RFC 5280.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | pedantic-serial-number | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
❌ (unexpected success) | N/A |
rust-webpki |
✅ | leaf cert: X.509 parse failed |
openssl-3.0.13 |
❌ (unexpected success) | N/A |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("certificate must have a serial between 1 and 20 octets") |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
❌ (unexpected success) | N/A |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::serial::zero🔗
Produces an invalid chain due to an invalid EE cert.
The EE cert contains a serial number of zero, which is disallowed under RFC 5280.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | pedantic-serial-number | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
❌ (unexpected success) | N/A |
rust-webpki |
✅ | leaf cert: X.509 parse failed |
openssl-3.0.13 |
❌ (unexpected success) | N/A |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicitly unsupported case) |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
❌ (unexpected success) | N/A |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::serial::negative🔗
Produces an invalid chain due to an invalid EE cert. Verifies against a
saved copy of a certificate with a negative serial number from the
cryptography.io test suite since the API won't allow us to create
certificates with negative serial numbers.
The EE cert contains a negative serial number, which is disallowed under RFC 5280.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | 2016-09-01T00:00:00+00:00 | pedantic-serial-number | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | N/A |
openssl-3.2.1 |
❌ (unexpected success) | N/A |
rust-webpki |
✅ | leaf cert: X.509 parse failed |
openssl-3.0.13 |
❌ (unexpected success) | N/A |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("certificate serial number cannot be negative") |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
❌ (unexpected success) | N/A |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | CaUsedAsEndEntity |
rfc5280::ski::critical-ski🔗
Produces the following invalid chain:
root -> EE
The root cert has an SKI extension marked as critical, which is disallowed under RFC 5280 4.2.1.2.
Conforming CAs MUST mark this extension as non-critical.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. |
openssl-3.2.1 |
✅ | unable to get local issuer certificate |
rust-webpki |
✅ | trusted certs: trust anchor extraction failed |
openssl-3.0.13 |
✅ | unable to get local issuer certificate |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("Certificate extension has incorrect criticality")) |
openssl-1.1 |
✅ | unable to get local issuer certificate |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | unable to get local issuer certificate |
certvalidator-0.11.1 |
✅ | Unable to build a validation path for the certificate "Common Name: example.com" - no issuer matching "Common Name: x509-limbo-root" was found |
rustls-webpki |
✅ | trusted certs: trust anchor extraction failed |
rfc5280::ski::root-missing-ski🔗
Produces the following invalid chain:
root -> EE
The root cert is missing the SKI extension, which is disallowed under RFC 5280 4.2.1.2.
To facilitate certification path construction, this extension MUST appear in all conforming CA certificates, that is, all certificates including the basic constraints extension (Section 4.2.1.9) where the value of cA is TRUE.
Note: for roots, the SKI should be the same value as the AKI, therefore, this extension isn't strictly necessary, although required by the RFC.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | Missing Subject Key Identifier |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
✅ | Missing Subject Key Identifier |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicitly unsupported case) |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | Missing Subject Key Identifier |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::ski::intermediate-missing-ski🔗
Produces the following invalid chain:
root -> ICA -> EE
The intermediate cert is missing the SKI extension, which is disallowed under RFC 5280 4.2.1.2.
To facilitate certification path construction, this extension MUST appear in all conforming CA certificates, that is, all certificates including the basic constraints extension (Section 4.2.1.9) where the value of cA is TRUE.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | Missing Subject Key Identifier |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
✅ | Missing Subject Key Identifier |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicitly unsupported case) |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | Missing Subject Key Identifier |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::validity::expired-root🔗
Produces the following invalid chain:
root -> intermediate -> EE
All three certificates are well-formed, but the root (and only the root) is expired at the validation time.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | 2022-01-01T00:00:00+00:00 | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | N/A |
openssl-3.2.1 |
✅ | certificate has expired |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
✅ | certificate has expired |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("cert is not valid at validation time")) |
openssl-1.1 |
✅ | certificate has expired |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | certificate has expired |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::validity::expired-intermediate🔗
Produces the following invalid chain:
root -> intermediate -> EE
All three certificates are well-formed, but the intermediate (and only the intermediate) is expired at the validation time.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | 2022-01-01T00:00:00+00:00 | N/A | critical | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | N/A |
openssl-3.2.1 |
✅ | certificate has expired |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | certificate has expired |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("cert is not valid at validation time")) |
openssl-1.1 |
✅ | certificate has expired |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | certificate has expired |
certvalidator-0.11.1 |
✅ | The path could not be validated because intermediate certificate 1 expired 2020-01-01 00:00:00Z |
rustls-webpki |
✅ | CertExpired |
rfc5280::validity::expired-leaf🔗
Produces the following invalid chain:
root -> intermediate -> EE
All three certificates are well-formed, but the leaf (and only the leaf) is expired at the validation time.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | 2022-01-01T00:00:00+00:00 | N/A | critical | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | N/A |
openssl-3.2.1 |
✅ | certificate has expired |
rust-webpki |
✅ | CertExpired |
openssl-3.0.13 |
✅ | certificate has expired |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("cert is not valid at validation time") |
openssl-1.1 |
✅ | certificate has expired |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | certificate has expired |
certvalidator-0.11.1 |
✅ | The path could not be validated because the end-entity certificate expired 2021-01-01 00:00:00Z |
rustls-webpki |
✅ | CertExpired |
rfc5280::validity::notbefore-exact🔗
Produces the following valid chain:
root -> ICA -> EE
EE becomes valid at 2024-03-01T00:00:00Z, and the chain is validated at
exactly 2024-03-01T00:00:00Z.
RFC 5280 4.1.2.5 says that notBefore is inclusive, so this chain should
validate:
The validity period for a certificate is the period of time from notBefore through notAfter, inclusive.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | 2024-03-01T00:00:00+00:00 | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected failure) | N/A |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
✅ | N/A |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::validity::notbefore-fractional🔗
Produces the following invalid chain:
root -> ICA -> EE
EE becomes valid at 2024-03-01T00:00:01Z, and the chain is validated at
exactly 2024-03-01T00:00:00.999Z.
This is the counterpart to rfc5280::validity::notafter-fractional:
despite rounding to the notBefore date, implementations should
floor the validation time instead and subsequently reject this chain.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | 2024-03-01T00:00:00.999000+00:00 | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | N/A |
openssl-3.2.1 |
✅ | certificate is not yet valid |
rust-webpki |
✅ | CertNotValidYet |
openssl-3.0.13 |
✅ | certificate is not yet valid |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("cert is not valid at validation time") |
openssl-1.1 |
✅ | certificate is not yet valid |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | certificate is not yet valid |
certvalidator-0.11.1 |
✅ | The path could not be validated because intermediate certificate 1 is not valid until 2024-03-01 00:00:01Z |
rustls-webpki |
✅ | CertNotValidYet |
rfc5280::validity::notafter-exact🔗
Produces the following valid chain:
root -> ICA -> EE
EE expires at 2024-04-01T00:00:00Z, and the chain is validated at
exactly 2024-04-01T00:00:00Z.
RFC 5280 4.1.2.5 says that notAfter is inclusive, so this chain should
validate:
The validity period for a certificate is the period of time from notBefore through notAfter, inclusive.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | 2024-04-01T00:00:00+00:00 | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected failure) | N/A |
openssl-3.2.1 |
❌ (unexpected failure) | certificate has expired |
rust-webpki |
✅ | N/A |
openssl-3.0.13 |
❌ (unexpected failure) | certificate has expired |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
❌ (unexpected failure) | certificate has expired |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
❌ (unexpected failure) | certificate has expired |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::validity::notafter-fractional🔗
Produces the following ambiguous chain:
root -> ICA -> EE
EE expires at 2024-04-01T00:00:00Z, and the chain is validated at
2024-04-01T00:00:00.005Z, i.e. 5 milliseconds after the notAfter
date.
RFC 5280 only allows second granularities in the validity interval, with two conflicting interpretations of how to handle the validity check:
- Comparisons are performed at the granularity of the encoded
representation, i.e.
floor(time). Under this interpretation, the chain is valid, since the entire millisecond interval[0, .999...]is truncated to0. - Comparisons are instantaneous. Under this interpretation the chain
is invalid, since 5 milliseconds after the
notAfteris factually after thenotAfter.
There is no clear "winning" interpretation here, although CAs in the Web PKI have filed and handled compliance reports based on interpretation (1).
See also:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1715455
- https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/-BogZx_IJyk/m/gHm3l613AgAJ
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | 2024-04-01T00:00:00.005000+00:00 | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected failure) | N/A |
openssl-3.2.1 |
❌ (unexpected failure) | certificate has expired |
rust-webpki |
✅ | N/A |
openssl-3.0.13 |
❌ (unexpected failure) | certificate has expired |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
❌ (unexpected failure) | certificate has expired |
gocryptox509-go1.22.2 |
❌ (unexpected failure) | validation: x509: certificate has expired or is not yet valid: current time 2024-04-01T00:00:00Z is after 2024-04-01T00:00:00Z |
openssl-3.1.5 |
❌ (unexpected failure) | certificate has expired |
certvalidator-0.11.1 |
❌ (unexpected failure) | The path could not be validated because intermediate certificate 1 expired 2024-04-01 00:00:00Z |
rustls-webpki |
✅ | N/A |
rfc5280::ee-empty-issuer🔗
Produces the following invalid chain:
root -> EE
This chain is invalid solely because of the EE cert's construction: it has an empty issuer name, which isn't allowed under the RFC 5280 profile.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | Issuer name empty |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
✅ | Issuer name empty |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("certificate must have a non-empty Issuer")) |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | Issuer name empty |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::ca-empty-subject🔗
Produces an invalid chain due to an invalid CA cert.
The CA cert contains an empty Subject SEQUENCE, which is disallowed
under RFC 5280:
If the subject is a CA [...], then the subject field MUST be populated with a non-empty distinguished name
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | N/A |
openssl-3.2.1 |
✅ | Issuer name empty |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
✅ | Issuer name empty |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("certificate must have a non-empty Issuer") |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | Issuer name empty |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::unknown-critical-extension-ee🔗
Produces the following invalid chain:
root -> EE
The EE cert has an extension, 1.3.6.1.4.1.55738.666.1, that no implementation should recognize. As this unrecognized extension is marked as critical, a chain should not be built with this EE.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate contains an unknown critical extension. |
openssl-3.2.1 |
✅ | unhandled critical extension |
rust-webpki |
✅ | leaf cert: X.509 parse failed |
openssl-3.0.13 |
✅ | unhandled critical extension |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("certificate contains unaccounted-for critical extensions: 1.3.6.1.4.1.55738.666.1") |
openssl-1.1 |
✅ | unhandled critical extension |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unhandled critical extension |
certvalidator-0.11.1 |
✅ | The path could not be validated because the end-entity certificate contains the following unsupported critical extension: 1.3.6.1.4.1.55738.666.1 |
rustls-webpki |
✅ | leaf cert: X.509 parse failed |
rfc5280::unknown-critical-extension-root🔗
Produces the following invalid chain:
root -> EE
The root has an extension, 1.3.6.1.4.1.55738.666.1, that no implementation should recognize. As this unrecognized extension is marked as critical, a chain should not be built with this root.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate contains an unknown critical extension. |
openssl-3.2.1 |
✅ | unhandled critical extension |
rust-webpki |
✅ | trusted certs: trust anchor extraction failed |
openssl-3.0.13 |
✅ | unhandled critical extension |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("certificate contains unaccounted-for critical extensions: 1.3.6.1.4.1.55738.666.1")) |
openssl-1.1 |
✅ | unhandled critical extension |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unhandled critical extension |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | trusted certs: trust anchor extraction failed |
rfc5280::unknown-critical-extension-intermediate🔗
Produces the following invalid chain:
root -> intermediate (pathlen:0) -> EE
The intermediate has an extension, 1.3.6.1.4.1.55738.666.1, that no implementation should recognize. As this unrecognized extension is marked as critical, a chain should not be built with this intermediate.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate contains an unknown critical extension. |
openssl-3.2.1 |
✅ | unhandled critical extension |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | unhandled critical extension |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("certificate contains unaccounted-for critical extensions: 1.3.6.1.4.1.55738.666.1")) |
openssl-1.1 |
✅ | unhandled critical extension |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unhandled critical extension |
certvalidator-0.11.1 |
✅ | The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: 1.3.6.1.4.1.55738.666.1 |
rustls-webpki |
✅ | UnsupportedCriticalExtension |
rfc5280::chain-untrusted-root🔗
Produces the following chain:
root (untrusted) -> intermediate -> EE
The root is not in the trusted set, thus no chain should be built. Verification can't be achieved without trusted certificates so we add an unrelated root CA to create a more realistic scenario.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. |
openssl-3.2.1 |
✅ | self-signed certificate in certificate chain |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | self-signed certificate in certificate chain |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("chain construction exceeds max depth")) |
openssl-1.1 |
✅ | self signed certificate in certificate chain |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | self-signed certificate in certificate chain |
certvalidator-0.11.1 |
✅ | Unable to build a validation path for the certificate "Common Name: example.com" - no issuer matching "Common Name: x509-limbo-root" was found |
rustls-webpki |
✅ | UnknownIssuer |
rfc5280::intermediate-ca-without-ca-bit🔗
Produces the following invalid chain:
root -> intermediate -> EE
The intermediate CA does not have the cA bit set in BasicConstraints, thus no valid chain to the leaf exists per RFC 5280 4.2.1.9:
If the basic constraints extension is not present in a version 3 certificate, or the extension is present but the cA boolean is not asserted, then the certified public key MUST NOT be used to verify certificate signatures.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | invalid CA certificate |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | invalid CA certificate |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("basicConstraints.cA must be asserted in a CA certificate")) |
openssl-1.1 |
✅ | invalid CA certificate |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | invalid CA certificate |
certvalidator-0.11.1 |
✅ | The path could not be validated because intermediate certificate 1 is not a CA |
rustls-webpki |
✅ | EndEntityUsedAsCa |
rfc5280::intermediate-ca-missing-basic-constraints🔗
Produces the following invalid chain:
root -> ICA -> EE
The intermediate CA is missing the BasicConstraints extension, which is disallowed under RFC 5280 4.2.1.9:
Conforming CAs MUST include this extension in all CA certificates that contain public keys used to validate digital signatures on certificates and MUST mark the extension as critical in such certificates.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. |
openssl-3.2.1 |
✅ | unable to get local issuer certificate |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | unable to get local issuer certificate |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("all candidates exhausted with no interior errors")) |
openssl-1.1 |
✅ | unable to get local issuer certificate |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unable to get local issuer certificate |
certvalidator-0.11.1 |
✅ | Unable to build a validation path for the certificate "Common Name: example.com" - no issuer matching "Common Name: x509-limbo-intermediate-pathlen-None, Organizational Unit: 81834265167565115997600513937968044947151477761" was found |
rustls-webpki |
✅ | UnknownIssuer |
rfc5280::root-missing-basic-constraints🔗
Produces the following invalid chain:
root -> EE
The root CA is missing the BasicConstraints extension, which is disallowed under RFC 5280 4.2.1.9:
Conforming CAs MUST include this extension in all CA certificates that contain public keys used to validate digital signatures on certificates and MUST mark the extension as critical in such certificates.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | invalid CA certificate |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
✅ | invalid CA certificate |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("Certificate is missing required extension")) |
openssl-1.1 |
✅ | invalid CA certificate |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | invalid CA certificate |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::root-non-critical-basic-constraints🔗
Produces the following invalid chain:
root -> EE
The root CA has a non-critical BasicConstraints extension, which is disallowed under RFC 5280 4.2.1.9:
Conforming CAs MUST include this extension in all CA certificates that contain public keys used to validate digital signatures on certificates and MUST mark the extension as critical in such certificates.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | Basic Constraints of CA cert not marked critical |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
✅ | Basic Constraints of CA cert not marked critical |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("Certificate extension has incorrect criticality")) |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | Basic Constraints of CA cert not marked critical |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::root-inconsistent-ca-extensions🔗
Produces the following invalid chain:
root -> EE
The root CA has BasicConstraints.cA=TRUE and KeyUsage.keyCertSign=FALSE.
According to RFC 5280, these two fields are related in the
following ways:
If the keyCertSign bit is asserted, then the cA bit in the basic constraints extension MUST also be asserted. (Section 4.2.1.3)
and
If the cA boolean is not asserted, then the keyCertSign bit in the key usage extension MUST NOT be asserted. (Section 4.2.1.9)
Although the profile does not directly state that keyCertSign must be asserted when cA is asserted, this configuration is inconsistent and clients should reject it.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain violates the signer's constraints. |
openssl-3.2.1 |
✅ | unable to get local issuer certificate |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
✅ | unable to get local issuer certificate |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("keyUsage.keyCertSign must be asserted in a CA certificate")) |
openssl-1.1 |
✅ | invalid CA certificate |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | unable to get local issuer certificate |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::ica-ku-keycertsign🔗
Produces the following invalid chain:
root -> ICA -> EE
The intermediate CA includes BasicConstraints with pathLenConstraint=0 and KeyUsage.keyCertSign=FALSE, which is disallowed under RFC 5280 4.2.1.9:
CAs MUST NOT include the pathLenConstraint field unless the cA boolean is asserted and the key usage extension asserts the keyCertSign bit.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. |
openssl-3.2.1 |
✅ | unable to get local issuer certificate |
rust-webpki |
✅ | UnknownIssuer |
openssl-3.0.13 |
✅ | unable to get local issuer certificate |
pyca-cryptography-42.0.5 |
✅ | validation failed: CandidatesExhausted(Other("all candidates exhausted with no interior errors")) |
openssl-1.1 |
✅ | unable to get local issuer certificate |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unable to get local issuer certificate |
certvalidator-0.11.1 |
✅ | Unable to build a validation path for the certificate "Common Name: example.com" - no issuer matching "Common Name: x509-limbo-intermediate-pathlen-0, Organizational Unit: 136409353335516871720730290859131474967060427195" was found |
rustls-webpki |
✅ | UnknownIssuer |
rfc5280::leaf-ku-keycertsign🔗
Produces the following invalid chain:
root -> EE
The leaf has a BasicConstraints extension with cA=FALSE and a KeyUsage extension with keyCertSign=TRUE. This is disallowed under RFC 5280 4.2.1.9:
The cA boolean indicates whether the certified public key may be used to verify certificate signatures. If the cA boolean is not asserted, then the keyCertSign bit in the key usage extension MUST NOT be asserted.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | Key usage keyCertSign invalid for non-CA cert |
rust-webpki |
❌ (unexpected success) | N/A |
openssl-3.0.13 |
✅ | Key usage keyCertSign invalid for non-CA cert |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("EE keyUsage must not assert keyCertSign") |
openssl-1.1 |
❌ (unexpected success) | N/A |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | Key usage keyCertSign invalid for non-CA cert |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
❌ (unexpected success) | N/A |
rfc5280::ee-aia🔗
Produces a valid chain with an EE cert.
This EE cert contains an Authority Information Access extension with a CA Issuer Access Description.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
✅ | N/A |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::ee-critical-aia-invalid🔗
Produces a invalid chain with an EE cert.
This EE cert contains an Authority Information Access extension with a CA Issuer Access Description. The AIA extension is marked as critical, which is disallowed under RFC 5280:
Conforming CAs MUST mark this extension as non-critical.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected success) | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | unhandled critical extension |
rust-webpki |
✅ | leaf cert: X.509 parse failed |
openssl-3.0.13 |
✅ | unhandled critical extension |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("Certificate extension has incorrect criticality") |
openssl-1.1 |
✅ | unhandled critical extension |
gocryptox509-go1.22.2 |
❌ (unexpected success) | validation: chain built |
openssl-3.1.5 |
✅ | unhandled critical extension |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | leaf cert: X.509 parse failed |
rfc5280::duplicate-extensions🔗
Produces the following invalid chain:
root -> EE
This chain is invalid solely because of the EE cert's construction: it contains multiple X.509v3 extensions with the same OID, which is prohibited under RFC 5280 4.2.
A certificate MUST NOT include more than one instance of a particular extension.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | N/A |
openssl-3.2.1 |
✅ | unable to get local issuer certificate |
rust-webpki |
✅ | leaf cert: X.509 parse failed |
openssl-3.0.13 |
✅ | unable to get local issuer certificate |
pyca-cryptography-42.0.5 |
✅ | validation failed: DuplicateExtension(DuplicateExtensionsError(ObjectIdentifier { oid: 2.5.29.17 })) |
openssl-1.1 |
✅ | unable to get local issuer certificate |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | unable to get local issuer certificate |
certvalidator-0.11.1 |
❌ (unexpected success) | N/A |
rustls-webpki |
✅ | leaf cert: X.509 parse failed |
rfc5280::no-keyusage🔗
Produces the following valid chain:
root -> EE
The EE lacks a Key Usage extension, which is not required for end-entity certificates under the RFC 5280 profile.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
✅ | N/A |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::no-basicconstraints🔗
Produces the following valid chain:
root -> EE
The EE lacks a Basic Constraints extension, which is not required for end-entity certificates under the RFC 5280 profile.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
✅ | N/A |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |
rfc5280::mismatching-signature-algorithm🔗
Verifies against a saved copy of cryptography.io's chain with
the root certificate modified to have mismatched signatureAlgorithm
fields, which is prohibited under RFC 5280 4.2.
A certificate MUST NOT include more than one instance of a particular extension.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | 2023-07-10T00:00:00+00:00 | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | N/A |
openssl-3.2.1 |
✅ | cert info signature and signature algorithm mismatch |
rust-webpki |
✅ | leaf cert: X.509 parse failed |
openssl-3.0.13 |
✅ | cert info signature and signature algorithm mismatch |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("mismatch between signatureAlgorithm and SPKI algorithm") |
openssl-1.1 |
✅ | certificate signature failure |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | cert info signature and signature algorithm mismatch |
certvalidator-0.11.1 |
✅ | The path could not be validated because the signature of the end-entity certificate could not be verified |
rustls-webpki |
✅ | leaf cert: X.509 parse failed |
rfc5280::ca-as-leaf🔗
Produces the following valid chain:
root -> ICA
The ICA is in leaf position, despite being a CA certificate. This is permitted under RFC 5280, which makes no stipulations about CA/EE state in the leaf position.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | webpki::ca-as-leaf |
PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Verified. The certificate is trusted. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
❌ (unexpected failure) | CaUsedAsEndEntity |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
🚧 | testcase skipped (explicitly unsupported case) |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
❌ (unexpected failure) | The X.509 certificate provided is not valid for securing TLS connections |
rustls-webpki |
❌ (unexpected failure) | CaUsedAsEndEntity |
rfc5280::ca-as-leaf-wrong-san🔗
Produces the following invalid chain:
root -> ICA
The ICA is in leaf position, despite being a CA certificate. This is permitted under RFC 5280, which makes no stipulations about CA/EE state in the leaf position. However, the ICA also has a different SAN than expected, resulting in a failure.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| FAILURE | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
✅ | Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected. |
openssl-3.2.1 |
✅ | hostname mismatch |
rust-webpki |
✅ | CaUsedAsEndEntity |
openssl-3.0.13 |
✅ | hostname mismatch |
pyca-cryptography-42.0.5 |
✅ | validation failed: Other("basicConstraints.cA must not be asserted in an EE certificate") |
openssl-1.1 |
✅ | Hostname mismatch |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | hostname mismatch |
certvalidator-0.11.1 |
✅ | The X.509 certificate provided is not valid for some-other-ca.example.com. Valid hostnames include: ca.example.com |
rustls-webpki |
✅ | CaUsedAsEndEntity |
rfc5280::root-and-intermediate-swapped🔗
Produces the following valid chain:
root -> ICA -> EE
The configuration puts the ICA in the trusted set, meaning that validation should ignore (and not fail on) the root in the untrusted intermediate set.
| Expected result | Validation kind | Validation time | Features | Importance | Conflicts | Download |
|---|---|---|---|---|---|---|
| SUCCESS | SERVER | N/A | N/A | undetermined | N/A | PEM bundle |
| Harness | Result | Context |
|---|---|---|
gnutls-certtool-3.7.3 |
❌ (unexpected failure) | Chain verification output: Not verified. The certificate is NOT trusted. The certificate issuer is unknown. |
openssl-3.2.1 |
✅ | N/A |
rust-webpki |
✅ | N/A |
openssl-3.0.13 |
✅ | N/A |
pyca-cryptography-42.0.5 |
✅ | N/A |
openssl-1.1 |
✅ | N/A |
gocryptox509-go1.22.2 |
✅ | N/A |
openssl-3.1.5 |
✅ | N/A |
certvalidator-0.11.1 |
✅ | N/A |
rustls-webpki |
✅ | N/A |