Skip to content

webpkiπŸ”—

webpki::aki::root-with-aki-missing-keyidentifierπŸ”—

Produces the following invalid chain:

root -> EE

The root cert incudes the authorityKeyIdentifier extension but without the keyIdentifier field, which is required under CABF:

7.1.2.1.3 Root CA Authority Key Identifier Field Description ... keyIdentifier MUST be present. MUST be identical to the subjectKeyIdentifier field.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 βœ… validation failed: candidates exhausted: authorityKeyIdentifier must contain keyIdentifier
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::aki::root-with-aki-authoritycertissuerπŸ”—

Produces the following invalid chain:

root -> EE

The root cert includes the authorityKeyIdentifier extension with the authorityCertIssuer field, which is forbidden under CABF:

7.1.2.1.3 Root CA Authority Key Identifier Field Description ... authorityCertIssuer MUST NOT be present

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 ❌ (unexpected success) N/A
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::aki::root-with-aki-authoritycertserialnumberπŸ”—

Produces the following invalid chain:

root -> EE

The root cert includes the authorityKeyIdentifier extension with the authorityCertSerialNumber field, which is forbidden under the [CA/B BR profile]:

7.1.2.1.3 Root CA Authority Key Identifier Field Description ... authorityCertSerialNumber MUST NOT be present

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 ❌ (unexpected success) N/A
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::aki::root-with-aki-all-fieldsπŸ”—

Produces the following invalid chain:

root -> EE

The root cert includes the authorityKeyIdentifier extension with the authorityCertIssuer and authorityCertSerialNumber fields, which is forbidden under CABF:

7.1.2.1.3 Root CA Authority Key Identifier Field Description ... authorityCertIssuer MUST NOT be present authorityCertSerialNumber MUST NOT be present

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 ❌ (unexpected success) N/A
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::aki::root-with-aki-ski-mismatchπŸ”—

Produces the following invalid chain:

root -> EE

The root cert is self-signed contains an authorityKeyIdentifier, but the keyIdentifier field doesn't match the subjectKeyIdentifier field as required under CABF.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 🚧 testcase skipped (explicitly unsupported case)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::eku::ee-anyekuπŸ”—

Produces the following invalid chain:

root -> EE

This chain is correctly constructed, but the EE cert contains an Extended Key Usage extension that contains anyExtendedKeyUsage, which is explicitly forbidden under CABF 7.1.2.7.10.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A pedantic-webpki-eku undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 🚧 custom EKUs not yet supported
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 🚧 testcase skipped (explicit unsupported feature)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::eku::ee-critical-ekuπŸ”—

Produces the following invalid chain:

root -> EE

This chain is correctly constructed, but the EE has an extKeyUsage extension marked as critical, which is forbidden per CABF 7.1.2.7.6.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A pedantic-webpki-eku undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 🚧 custom EKUs not yet supported
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 🚧 testcase skipped (explicit unsupported feature)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::eku::ee-without-ekuπŸ”—

Produces the following invalid chain:

root -> EE

This chain is correctly constructed, but the EE does not have the extKeyUsage extension, which is required per CABF 7.1.2.7.6.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A pedantic-webpki-eku undetermined rfc5280::eku::ee-without-eku PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 🚧 testcase skipped (explicit unsupported feature)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::eku::root-has-ekuπŸ”—

Produces the following invalid chain:

root -> EE

The root cert includes the extKeyUsage extension, which is forbidden under CABF:

7.1.2.1.2 Root CA Extensions Extension Presence Critical ... extKeyUsage MUST NOT N

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A pedantic-webpki-eku undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 🚧 custom EKUs not yet supported
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 🚧 testcase skipped (explicit unsupported feature)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::nc::permitted-dns-match-noncriticalπŸ”—

Produces the following valid chain:

root -> leaf

The root contains a NameConstraints extension with a permitted dNSName of "example.com", matching the leaf's SubjectAlternativeName. The NameConstraints extension is marked as non-critical, which would be a violation of RFC 5280, but CABF explicitly permits this as an exception to RFC 5280:

As an explicit exception from RFC 5280, this extension SHOULD be marked critical, but MAY be marked non-critical if compatibility with certain legacy applications that do not support Name Constraints is necessary.

Expected result Validation kind Validation time Features Importance Conflicts Download
SUCCESS SERVER N/A N/A undetermined rfc5280::nc::permitted-dns-match-noncritical PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 βœ… N/A
openssl-3.3.2 βœ… N/A
openssl-3.2.3 βœ… N/A
rustls-webpki βœ… N/A
certvalidator-0.11.1 βœ… N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… N/A
pyca-cryptography-44.0.0 βœ… N/A
openssl-3.1.7 βœ… N/A
openssl-1.1 βœ… N/A
rust-webpki ❌ (unexpected failure) UnknownIssuer

webpki::nc::intermediate-permitted-excluded-subtrees-both-nullπŸ”—

Produces the following invalid chain:

root -> intermediate -> leaf

The intermediate contains a NameConstraints extension with ASN.1 NULL for both permittedSubtrees and excludedSubtrees, which is forbidden under CABF 7.1.2.5.2.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 βœ… The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 βœ… validation failed: candidates exhausted: nameConstraints must have non-empty permittedSubtrees or excludedSubtrees
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::nc::intermediate-permitted-excluded-subtrees-both-empty-sequencesπŸ”—

Produces the following invalid chain:

root -> intermediate -> leaf

The intermediate contains a NameConstraints extension with empty sequences for both permittedSubtrees and excludedSubtrees, which is forbidden under CABF 7.1.2.5.2.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 βœ… The path could not be validated because intermediate certificate 1 contains the following unsupported critical extension: name_constraints
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 βœ… validation failed: candidates exhausted: nameConstraints must have non-empty permittedSubtrees or excludedSubtrees
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki βœ… UnknownIssuer

webpki::san::exact-dns-sanπŸ”—

Produces a chain with a valid EE cert for example.com.

This EE cert contains a Subject Alternative Name with the dNSName "example.com". This should verify successfully against the domain "example.com", per RFC 6125 6.4.1.

Expected result Validation kind Validation time Features Importance Conflicts Download
SUCCESS SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 βœ… N/A
openssl-3.3.2 βœ… N/A
openssl-3.2.3 βœ… N/A
rustls-webpki βœ… N/A
certvalidator-0.11.1 βœ… N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… N/A
pyca-cryptography-44.0.0 βœ… N/A
openssl-3.1.7 βœ… N/A
openssl-1.1 βœ… N/A
rust-webpki βœ… N/A

webpki::san::exact-localhost-ip-sanπŸ”—

Produces a chain with a valid EE cert, for IP 127.0.0.1, i.e. localhost.

Expected result Validation kind Validation time Features Importance Conflicts Download
SUCCESS SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 βœ… N/A
openssl-3.3.2 βœ… N/A
openssl-3.2.3 βœ… N/A
rustls-webpki βœ… N/A
certvalidator-0.11.1 βœ… N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… N/A
pyca-cryptography-44.0.0 βœ… N/A
openssl-3.1.7 βœ… N/A
openssl-1.1 βœ… N/A
rust-webpki 🚧 implementation requires DNS peer names

webpki::san::mismatch-domain-sanπŸ”—

Produces a chain with an EE cert.

This EE cert contains a Subject Alternative Name with the dNSName example.com. This should fail to verify against the domain example2.com, per RFC 6125 6.4.1.

Each label MUST match in order for the names to be considered to match, except as supplemented by the rule about checking of wildcard labels.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
openssl-3.0.15 βœ… hostname mismatch
openssl-3.3.2 βœ… hostname mismatch
openssl-3.2.3 βœ… hostname mismatch
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 βœ… The X.509 certificate provided is not valid for example2.com. Valid hostnames include: example.com
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… hostname mismatch
pyca-cryptography-44.0.0 βœ… validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.1.7 βœ… hostname mismatch
openssl-1.1 βœ… Hostname mismatch
rust-webpki βœ… DNS name validation failed

webpki::san::mismatch-subdomain-sanπŸ”—

Produces a chain with an EE cert.

This EE cert contains a Subject Alternative Name with the dNSName abc.example.com. This should fail to verify against the domain def.example.com, per RFC 6125 6.4.1.

Each label MUST match in order for the names to be considered to match, except as supplemented by the rule about checking of wildcard labels.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
openssl-3.0.15 βœ… hostname mismatch
openssl-3.3.2 βœ… hostname mismatch
openssl-3.2.3 βœ… hostname mismatch
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 βœ… The X.509 certificate provided is not valid for def.example.com. Valid hostnames include: abc.example.com
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… hostname mismatch
pyca-cryptography-44.0.0 βœ… validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.1.7 βœ… hostname mismatch
openssl-1.1 βœ… Hostname mismatch
rust-webpki βœ… DNS name validation failed

webpki::san::mismatch-subdomain-apex-sanπŸ”—

Produces a chain with an EE cert.

This EE cert contains a Subject Alternative Name with the dNSName example.com. This should fail to verify against the domain abc.example.com, per RFC 6125 6.4.1.

Each label MUST match in order for the names to be considered to match, except as supplemented by the rule about checking of wildcard labels.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
openssl-3.0.15 βœ… hostname mismatch
openssl-3.3.2 βœ… hostname mismatch
openssl-3.2.3 βœ… hostname mismatch
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 βœ… The X.509 certificate provided is not valid for abc.example.com. Valid hostnames include: example.com
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… hostname mismatch
pyca-cryptography-44.0.0 βœ… validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.1.7 βœ… hostname mismatch
openssl-1.1 βœ… Hostname mismatch
rust-webpki βœ… DNS name validation failed

webpki::san::mismatch-apex-subdomain-sanπŸ”—

Produces a chain with an EE cert.

This EE cert contains a Subject Alternative Name with the dNSName abc.example.com. This should fail to verify against the domain example.com, per RFC 6125 6.4.1.

Each label MUST match in order for the names to be considered to match, except as supplemented by the rule about checking of wildcard labels.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
openssl-3.0.15 βœ… hostname mismatch
openssl-3.3.2 βœ… hostname mismatch
openssl-3.2.3 βœ… hostname mismatch
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 βœ… The X.509 certificate provided is not valid for example.com. Valid hostnames include: abc.example.com
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… hostname mismatch
pyca-cryptography-44.0.0 βœ… validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.1.7 βœ… hostname mismatch
openssl-1.1 βœ… Hostname mismatch
rust-webpki βœ… DNS name validation failed

webpki::san::public-suffix-wildcard-sanπŸ”—

Produces a chain with an EE cert.

This EE cert contains a Subject Alternative name with the dNSName *.com. Conformant CAs should not issue such a certificate, according to CABF:

If the FQDN portion of any Wildcard Domain Name is β€œregistry‐controlled” or is a β€œpublic suffix”, CAs MUST refuse issuance unless the Applicant proves its rightful control of the entire Domain Namespace.

While the Baseline Requirements do not specify how clients should behave when given such a certificate, it is generally safe to assume that wildcard certificates spanning a gTLD are malicious, and clients should reject them.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A pedantic-public-suffix-wildcard undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
openssl-3.0.15 βœ… hostname mismatch
openssl-3.3.2 βœ… hostname mismatch
openssl-3.2.3 βœ… hostname mismatch
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 βœ… hostname mismatch
pyca-cryptography-44.0.0 🚧 testcase skipped (explicit unsupported feature)
openssl-3.1.7 βœ… hostname mismatch
openssl-1.1 βœ… Hostname mismatch
rust-webpki βœ… DNS name validation failed

webpki::san::leftmost-wildcard-sanπŸ”—

Produces a chain with an EE cert.

This EE cert contains a Subject Alternative Name with the dNSName *.example.com. This should verify successfully against the domain foo.example.com, per RFC 6125 6.4.3.

Expected result Validation kind Validation time Features Importance Conflicts Download
SUCCESS SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 βœ… N/A
openssl-3.3.2 βœ… N/A
openssl-3.2.3 βœ… N/A
rustls-webpki βœ… N/A
certvalidator-0.11.1 βœ… N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… N/A
pyca-cryptography-44.0.0 βœ… N/A
openssl-3.1.7 βœ… N/A
openssl-1.1 βœ… N/A
rust-webpki βœ… N/A

webpki::san::wildcard-embedded-leftmost-sanπŸ”—

Produces a chain with an EE cert.

This EE cert contains a Subject Alternative Name with the dNSName ba*.example.com. This should fail to verify against the domain baz.example.com, per CABF.

Wildcard Domain Name: A string starting with β€œ*.” (U+002A ASTERISK, U+002E FULL STOP) immediately followed by a Fully-Qualified Domain Name.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
openssl-3.0.15 βœ… hostname mismatch
openssl-3.3.2 βœ… hostname mismatch
openssl-3.2.3 βœ… hostname mismatch
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… hostname mismatch
pyca-cryptography-44.0.0 βœ… validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.1.7 βœ… hostname mismatch
openssl-1.1 βœ… Hostname mismatch
rust-webpki βœ… DNS name validation failed

webpki::san::wildcard-not-in-leftmost-sanπŸ”—

Produces a chain with an EE cert.

This EE cert contains a Subject Alternative Name with the dNSName foo.*.example.com. This should fail to verify against the domain foo.bar.example.com, per RFC 6125 6.4.3.

The client SHOULD NOT attempt to match a presented identifier in which the wildcard character comprises a label other than the left-most label (e.g., do not match bar.*.example.net).

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
openssl-3.0.15 βœ… hostname mismatch
openssl-3.3.2 βœ… hostname mismatch
openssl-3.2.3 βœ… hostname mismatch
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 βœ… The X.509 certificate provided is not valid for foo.bar.example.com. Valid hostnames include: foo.*.example.com
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… hostname mismatch
pyca-cryptography-44.0.0 βœ… validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.1.7 βœ… hostname mismatch
openssl-1.1 βœ… Hostname mismatch
rust-webpki βœ… DNS name validation failed

webpki::san::wildcard-match-across-labels-sanπŸ”—

Produces a chain with an EE cert.

This EE cert contains a Subject Alternative Name with the dNSName *.example.com. This should fail to verify against the domain foo.bar.example.com, per RFC 6125 6.4.3.

If the wildcard character is the only character of the left-most label in the presented identifier, the client SHOULD NOT compare against anything but the left-most label of the reference identifier (e.g., *.example.com would match foo.example.com but not bar.foo.example.com or example.com).

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
openssl-3.0.15 βœ… hostname mismatch
openssl-3.3.2 βœ… hostname mismatch
openssl-3.2.3 βœ… hostname mismatch
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 βœ… The X.509 certificate provided is not valid for foo.bar.example.com. Valid hostnames include: *.example.com
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… hostname mismatch
pyca-cryptography-44.0.0 βœ… validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.1.7 βœ… hostname mismatch
openssl-1.1 βœ… Hostname mismatch
rust-webpki βœ… DNS name validation failed

webpki::san::wildcard-embedded-ulabel-sanπŸ”—

Produces a chain with an EE cert.

This EE cert contains a Subject Alternative Name with the dNSName xn--*-1b3c148a.example.com. This should fail to verify against the domain xn--bliss-1b3c148a.example.com, per RFC 6125 6.4.3:

... the client SHOULD NOT attempt to match a presented identifier where the wildcard character is embedded within an A-label or U-label [IDNA-DEFS] of an internationalized domain name [IDNA-PROTO].

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
openssl-3.0.15 βœ… hostname mismatch
openssl-3.3.2 βœ… hostname mismatch
openssl-3.2.3 βœ… hostname mismatch
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 βœ… The X.509 certificate provided is not valid for xn--bliss-1b3c148a.example.com. Valid hostnames include: *痛苦.example.com
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… hostname mismatch
pyca-cryptography-44.0.0 βœ… validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.1.7 βœ… hostname mismatch
openssl-1.1 βœ… Hostname mismatch
rust-webpki βœ… DNS name validation failed

webpki::san::unicode-emoji-sanπŸ”—

Produces a chain with an EE cert.

This EE cert contains a Subject Alternative Name with the dNSName 😜.example.com, This should fail to verify against the domain xn--628h.example.com, per RFC 5280 7.2:

IA5String is limited to the set of ASCII characters. To accommodate internationalized domain names in the current structure, conforming implementations MUST convert internationalized domain names to the ASCII Compatible Encoding (ACE) format as specified in Section 4 of RFC 3490 before storage in the dNSName field.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
openssl-3.0.15 βœ… hostname mismatch
openssl-3.3.2 βœ… hostname mismatch
openssl-3.2.3 βœ… hostname mismatch
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 βœ… 'ascii' codec can't decode byte 0xf0 in position 0: ordinal not in range(128)
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… hostname mismatch
pyca-cryptography-44.0.0 βœ… validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.1.7 βœ… hostname mismatch
openssl-1.1 βœ… Hostname mismatch
rust-webpki βœ… DNS name validation failed

webpki::san::no-sanπŸ”—

Produces the following invalid chain:

root -> EE

The chain is correctly constructed, but the EE cert does not have a Subject Alternative Name, which is required. This is invalid even when the Subject contains a valid domain name in its Common Name component.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 βœ… validation failed: Certificate is missing required extension (encountered processing , ...)>)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki βœ… DNS name validation failed

webpki::san::san-critical-with-nonempty-subjectπŸ”—

Produces the following invalid chain:

root -> EE

The EE cert includes a critical subjectAlternativeName extension, which is forbidden under CABF when the subject is non-empty:

If the subject field of the certificate is an empty SEQUENCE, this extension MUST be marked critical, as specified in RFC 5280, Section 4.2.1.6. Otherwise, this extension MUST NOT be marked critical.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 βœ… The path could not be validated because the end-entity certificate contains the following unsupported critical extension: subject_alt_name
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 βœ… validation failed: EE subjectAltName MUST NOT be critical when subject is nonempty (encountered processing , ...)>)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::san::san-wildcard-onlyπŸ”—

Produces the following invalid chain:

root -> EE

The EE cert contains a SAN of just DNS:*, which should be rejected.

The reason for this is subtle: CABF 3.2.2.6 notes that certs with wildcards on public suffixes should not be issued, and . (i.e. the DNS root) is effectively a public suffix. This is true even though the DNS root is not itself on the PSL.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
openssl-3.0.15 βœ… hostname mismatch
openssl-3.3.2 βœ… hostname mismatch
openssl-3.2.3 βœ… hostname mismatch
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 βœ… The X.509 certificate provided is not valid for example.com. Valid hostnames include: *
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… hostname mismatch
pyca-cryptography-44.0.0 βœ… validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.1.7 βœ… hostname mismatch
openssl-1.1 βœ… Hostname mismatch
rust-webpki βœ… DNS name validation failed

webpki::san::san-wildcard-only-tldπŸ”—

Produces the following invalid chain:

root -> EE

The EE cert contains a SAN of just DNS:*, which should be rejected.

The reason for this is subtle: CABF 3.2.2.6 notes that certs with wildcards on public suffixes should not be issued, and . (i.e. the DNS root) is effectively a public suffix. This is true even though the DNS root is not itself on the PSL.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The name in the certificate does not match the expected.
openssl-3.0.15 βœ… hostname mismatch
openssl-3.3.2 βœ… hostname mismatch
openssl-3.2.3 βœ… hostname mismatch
rustls-webpki βœ… subject name validation failed
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… hostname mismatch
pyca-cryptography-44.0.0 βœ… validation failed: leaf certificate has no matching subjectAltName (encountered processing , ...)>)
openssl-3.1.7 βœ… hostname mismatch
openssl-1.1 βœ… Hostname mismatch
rust-webpki βœ… DNS name validation failed

webpki::explicit-curveπŸ”—

Produces the following invalid chain:

root -> EE

Both root and EE convey EC keys using the "explicit" curve encoding, which is forbidden under CABF 7.1.3.1.2:

The CA SHALL indicate an ECDSA key using the id‐ecPublicKey (OID: 1.2.840.10045.2.1) algorithm identifier. The parameters MUST use the namedCurve encoding.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER 2024-03-13T00:00:00+00:00 N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… N/A
openssl-3.0.15 βœ… Certificate public key has explicit ECC parameters
openssl-3.3.2 βœ… Certificate public key has explicit ECC parameters
openssl-3.2.3 βœ… Certificate public key has explicit ECC parameters
rustls-webpki βœ… UnsupportedSignatureAlgorithmForPublicKey
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… Certificate public key has explicit ECC parameters
pyca-cryptography-44.0.0 βœ… validation failed: candidates exhausted: Forbidden public key algorithm: AlgorithmIdentifier { oid: DefinedByMarker(PhantomData), params: Ec(SpecifiedCurve(Sequence { data: [2, 1, 1, 48, 44, 6, 7, 42, 134, 72, 206, 61, 1, 1, 2, 33, 0, 255, 255, 255, 255, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 48, 91, 4, 32, 255, 255, 255, 255, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 252, 4, 32, 90, 198, 53, 216, 170, 58, 147, 231, 179, 235, 189, 85, 118, 152, 134, 188, 101, 29, 6, 176, 204, 83, 176, 246, 59, 206, 60, 62, 39, 210, 96, 75, 3, 21, 0, 196, 157, 54, 8, 134, 231, 4, 147, 106, 102, 120, 225, 19, 157, 38, 183, 129, 159, 126, 144, 4, 65, 4, 107, 23, 209, 242, 225, 44, 66, 71, 248, 188, 230, 229, 99, 164, 64, 242, 119, 3, 125, 129, 45, 235, 51, 160, 244, 161, 57, 69, 216, 152, 194, 150, 79, 227, 66, 226, 254, 26, 127, 155, 142, 231, 235, 74, 124, 15, 158, 22, 43, 206, 51, 87, 107, 49, 94, 206, 203, 182, 64, 104, 55, 191, 81, 245, 2, 33, 0, 255, 255, 255, 255, 0, 0, 0, 0, 255, 255, 255, 255, 255, 255, 255, 255, 188, 230, 250, 173, 167, 23, 158, 132, 243, 185, 202, 194, 252, 99, 37, 81, 2, 1, 1] })) }
openssl-3.1.7 βœ… Certificate public key has explicit ECC parameters
openssl-1.1 βœ… Certificate public key has explicit ECC parameters
rust-webpki βœ… UnknownIssuer

webpki::cryptographydotio-chainπŸ”—

Verifies against a saved copy of cryptography.io's chain. This should trivially succeed.

Expected result Validation kind Validation time Features Importance Conflicts Download
SUCCESS SERVER 2023-07-10T00:00:00+00:00 N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 🚧 custom key usages not supported
openssl-3.0.15 βœ… N/A
openssl-3.3.2 βœ… N/A
openssl-3.2.3 βœ… N/A
rustls-webpki 🚧 key_usage not supported yet
certvalidator-0.11.1 βœ… N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… N/A
pyca-cryptography-44.0.0 βœ… N/A
openssl-3.1.7 βœ… N/A
openssl-1.1 βœ… N/A
rust-webpki 🚧 key_usage not supported yet

webpki::cryptographydotio-chain-missing-intermediateπŸ”—

Verifies against a saved copy of cryptography.io's chain, but without its intermediates. This should trivially fail.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER 2023-07-10T00:00:00+00:00 N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 🚧 custom key usages not supported
openssl-3.0.15 βœ… unable to get local issuer certificate
openssl-3.3.2 βœ… unable to get local issuer certificate
openssl-3.2.3 βœ… unable to get local issuer certificate
rustls-webpki 🚧 key_usage not supported yet
certvalidator-0.11.1 βœ… Unable to build a validation path for the certificate "Common Name: cryptography.io" - no issuer matching "Common Name: R3, Organization: Let's Encrypt, Country: US" was found
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… unable to get local issuer certificate
pyca-cryptography-44.0.0 βœ… validation failed: candidates exhausted: all candidates exhausted with no interior errors
openssl-3.1.7 βœ… unable to get local issuer certificate
openssl-1.1 βœ… unable to get local issuer certificate
rust-webpki 🚧 key_usage not supported yet

webpki::malformed-aiaπŸ”—

Produces a chain with an EE cert.

This EE cert contains an Authority Information Access extension with malformed contents. This is invalid per CABF.

The AuthorityInfoAccessSyntax MUST contain one or more AccessDescriptions.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 βœ… Insufficient data - 97 bytes requested but only 7 available
while parsing asn1crypto.core.ParsableOctetString
while parsing asn1crypto.x509.Extension
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 βœ… validation failed: ASN.1 parsing error: short data (needed at least 90 additional bytes) (encountered processing , ...)>)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::forbidden-p192-rootπŸ”—

Produces the following invalid chain:

root -> EE

The root cert conveys a P-192 key and signs for the EE with it, which is not permitted under the CABF's key or signature types.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain uses insecure algorithm.
openssl-3.0.15 βœ… CA certificate key too weak
openssl-3.3.2 βœ… CA certificate key too weak
openssl-3.2.3 βœ… CA certificate key too weak
rustls-webpki βœ… UnsupportedSignatureAlgorithmForPublicKey
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… CA certificate key too weak
pyca-cryptography-44.0.0 βœ… validation failed: candidates exhausted: Forbidden public key algorithm: AlgorithmIdentifier { oid: DefinedByMarker(PhantomData), params: Ec(NamedCurve(ObjectIdentifier { oid: 1.2.840.10045.3.1.1 })) }
openssl-3.1.7 βœ… CA certificate key too weak
openssl-1.1 βœ… CA certificate key too weak
rust-webpki βœ… UnknownIssuer

webpki::forbidden-p192-leafπŸ”—

Produces the following invalid chain:

root -> EE

The EE cert conveys a P-192 key, which is not one of the permitted public keys under CABF.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A pedantic-webpki-subscriber-key undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain uses insecure algorithm.
openssl-3.0.15 βœ… EE certificate key too weak
openssl-3.3.2 βœ… EE certificate key too weak
openssl-3.2.3 βœ… EE certificate key too weak
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 βœ… EE certificate key too weak
pyca-cryptography-44.0.0 🚧 testcase skipped (explicit unsupported feature)
openssl-3.1.7 βœ… EE certificate key too weak
openssl-1.1 βœ… EE certificate key too weak
rust-webpki ❌ (unexpected success) N/A

webpki::forbidden-dsa-rootπŸ”—

Produces the following invalid chain:

root -> EE

The root cert conveys a DSA-30272 key and signs for the EE with it, which is not permitted under the CABF's key or signature types.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki βœ… UnsupportedSignatureAlgorithm
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 βœ… validation failed: candidates exhausted: Forbidden public key algorithm: AlgorithmIdentifier { oid: DefinedByMarker(PhantomData), params: Dsa(DssParams { p: BigUint { data: [0, 161, 112, 25, 170, 155, 37, 154, 196, 133, 90, 90, 215, 77, 23, 218, 181, 83, 210, 166, 133, 110, 59, 54, 97, 202, 19, 63, 58, 182, 198, 47, 154, 172, 3, 215, 132, 106, 227, 74, 121, 19, 251, 54, 210, 119, 196, 228, 162, 217, 253, 15, 174, 24, 193, 170, 145, 228, 43, 239, 63, 23, 231, 55, 131, 70, 240, 16, 58, 39, 68, 201, 254, 69, 150, 120, 8, 172, 140, 39, 66, 173, 227, 173, 73, 192, 215, 114, 44, 53, 189, 6, 225, 192, 254, 200, 113, 251, 137, 229, 10, 77, 107, 184, 99, 249, 172, 59, 38, 7, 36, 65, 200, 195, 6, 50, 15, 99, 120, 115, 114, 220, 77, 51, 128, 175, 31, 92, 251, 2, 228, 72, 218, 137, 12, 67, 188, 6, 49, 94, 134, 229, 127, 173, 181, 186, 118, 209, 161, 157, 110, 186, 192, 83, 92, 173, 82, 15, 195, 214, 7, 129, 208, 33, 166, 19, 176, 174, 164, 85, 239, 79, 59, 173, 164, 8, 131, 178, 68, 129, 81, 76, 187, 217, 32, 37, 61, 85, 62, 87, 25, 18, 147, 168, 154, 145, 229, 247, 119, 131, 244, 164, 177, 49, 176, 10, 44, 92, 131, 22, 45, 142, 173, 239, 200, 87, 177, 113, 11, 113, 22, 80, 171, 77, 59, 44, 223, 183, 33, 60, 151, 10, 172, 145, 160, 56, 46, 91, 82, 252, 13, 27, 148, 218, 62, 210, 2, 11, 114, 151, 159, 253, 162, 110, 123, 20, 214, 14, 145, 188, 148, 245, 201, 61, 44, 47, 193, 167, 47, 149, 255, 188, 218, 185, 32, 140, 74, 198, 85, 25, 87, 55, 87, 147, 233, 173, 8, 6, 43, 214, 255, 213, 66, 85, 86, 136, 224, 19, 58, 42, 89, 37, 119, 159, 41, 12, 249, 182, 59, 38, 137, 251, 199, 47, 158, 147, 236, 208, 72, 176, 101, 184, 60, 199, 249, 238, 58, 14, 147, 56, 24, 129, 9, 117, 92, 78, 35, 55, 78, 246, 210, 192, 15, 201, 90, 107, 240, 186, 208, 237, 165, 99, 156, 92, 161, 160, 242, 212, 176, 137, 92, 219, 253, 228, 74, 43, 250, 118, 137, 13, 103, 222, 149, 178, 133, 222, 153, 114, 144, 55, 225, 103, 199, 87, 201] }, q: BigUint { data: [0, 131, 204, 243, 255, 221, 176, 186, 8, 6, 244, 38, 237, 17, 73, 248, 169, 215, 233, 206, 13, 61, 107, 84, 31, 123, 156, 42, 213, 139, 158, 132, 157] }, g: BigUint { data: [122, 61, 229, 249, 5, 219, 29, 57, 27, 225, 6, 122, 219, 25, 75, 41, 211, 72, 225, 169, 78, 19, 142, 12, 171, 219, 33, 29, 160, 217, 74, 58, 92, 1, 91, 69, 151, 175, 165, 145, 5, 65, 156, 64, 99, 181, 152, 159, 64, 201, 99, 34, 45, 53, 221, 174, 205, 104, 152, 202, 219, 100, 162, 48, 117, 2, 13, 0, 239, 202, 20, 173, 64, 87, 111, 179, 148, 42, 168, 224, 174, 224, 63, 224, 175, 145, 157, 107, 35, 88, 116, 210, 180, 33, 66, 21, 145, 9, 126, 82, 8, 92, 131, 54, 80, 35, 216, 90, 111, 67, 92, 180, 37, 27, 94, 158, 192, 38, 227, 125, 13, 10, 217, 79, 251, 195, 237, 147, 129, 77, 112, 132, 87, 161, 103, 129, 106, 169, 212, 239, 147, 228, 255, 127, 209, 116, 210, 200, 31, 91, 52, 27, 159, 207, 35, 87, 113, 118, 120, 37, 113, 159, 102, 114, 187, 114, 137, 227, 90, 228, 197, 90, 116, 141, 188, 46, 130, 29, 237, 245, 110, 133, 2, 189, 191, 82, 178, 164, 51, 33, 82, 118, 132, 23, 184, 225, 8, 92, 5, 168, 80, 21, 21, 124, 171, 140, 138, 63, 164, 176, 28, 110, 75, 214, 13, 243, 23, 214, 140, 115, 230, 177, 52, 151, 108, 211, 66, 227, 122, 238, 23, 135, 146, 107, 28, 31, 13, 125, 18, 96, 142, 152, 228, 193, 209, 156, 237, 133, 67, 20, 33, 159, 167, 48, 246, 46, 249, 69, 97, 43, 95, 184, 29, 237, 156, 16, 155, 212, 159, 206, 159, 208, 154, 142, 74, 139, 210, 253, 60, 21, 0, 228, 250, 228, 65, 94, 186, 238, 179, 221, 189, 137, 63, 47, 214, 25, 222, 37, 212, 165, 164, 40, 177, 215, 32, 35, 71, 121, 164, 80, 152, 254, 4, 237, 181, 108, 8, 162, 119, 165, 202, 127, 153, 207, 46, 138, 113, 87, 208, 245, 194, 209, 10, 54, 113, 56, 157, 95, 74, 141, 170, 126, 64, 68, 84, 3, 223, 29, 2, 32, 16, 192, 58, 173, 103, 177, 37, 228, 150, 143, 168, 196, 11, 81, 78, 72, 167, 140, 86, 247, 72, 166, 29, 191, 62, 108, 18, 35, 209, 230, 144, 36, 147, 86] } }) }
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki βœ… UnknownIssuer

webpki::forbidden-dsa-leafπŸ”—

Produces the following invalid chain:

root -> EE

The EE cert conveys a DSA key, which is not one of the permitted public keys under CABF.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A pedantic-webpki-subscriber-key undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 🚧 testcase skipped (explicit unsupported feature)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::forbidden-weak-rsa-key-in-rootπŸ”—

Produces the following invalid chain:

root -> EE

The root cert is signed with and conveys an RSA-1024 key, which is below the security margin (2048) required under CABF 6.1.5.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain uses insecure algorithm.
openssl-3.0.15 βœ… CA certificate key too weak
openssl-3.3.2 βœ… CA certificate key too weak
openssl-3.2.3 βœ… CA certificate key too weak
rustls-webpki βœ… InvalidSignatureForPublicKey
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 βœ… CA certificate key too weak
pyca-cryptography-44.0.0 βœ… validation failed: candidates exhausted: RSA key is too weak
openssl-3.1.7 βœ… CA certificate key too weak
openssl-1.1 βœ… CA certificate key too weak
rust-webpki βœ… UnknownIssuer

webpki::forbidden-weak-rsa-in-leafπŸ”—

Produces the following invalid chain:

root -> EE

The EE cert conveys an RSA 1024 key, which is below the security margin (2048) required under CABF 6.1.5.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A pedantic-webpki-subscriber-key undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain uses insecure algorithm.
openssl-3.0.15 βœ… EE certificate key too weak
openssl-3.3.2 βœ… EE certificate key too weak
openssl-3.2.3 βœ… EE certificate key too weak
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 βœ… EE certificate key too weak
pyca-cryptography-44.0.0 🚧 testcase skipped (explicit unsupported feature)
openssl-3.1.7 βœ… EE certificate key too weak
openssl-1.1 βœ… EE certificate key too weak
rust-webpki ❌ (unexpected success) N/A

webpki::forbidden-rsa-not-divisable-by-8-in-rootπŸ”—

Produces the following invalid chain:

root -> EE

The root cert is signed with and conveys an RSA-2052 key, which is above the security margin (2048) but not divisible by 8, as is required under CABF 6.1.5.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain uses insecure algorithm.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 🚧 testcase skipped (explicitly unsupported case)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::forbidden-rsa-key-not-divisable-by-8-in-leafπŸ”—

Produces the following invalid chain:

root -> EE

The EE cert conveys an RSA-2052 key, which is above the security margin (2048) but not divisible by 8, as is required under CABF 6.1.5.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A pedantic-webpki-subscriber-key undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 βœ… Chain verification output: Not verified. The certificate is NOT trusted. The certificate chain uses insecure algorithm.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki ❌ (unexpected success) N/A
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 🚧 testcase skipped (explicit unsupported feature)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki ❌ (unexpected success) N/A

webpki::v1-certπŸ”—

Produces the following invalid chain:

root -> EE

This chain is correctly constructed, but the EE cert is marked with version 2 (ordinal 1) rather than version 3 (ordinal 2). This is invalid, per CABF 7.1.1:

Certificates MUST be of type X.509 v3.

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki βœ… leaf cert: X.509 parse failed
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 βœ… N/A
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 βœ… validation failed: certificate must be an X509v3 certificate (encountered processing , ...)>)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki βœ… leaf cert: X.509 parse failed

webpki::ee-basicconstraints-caπŸ”—

Produces the following invalid chain:

root -> EE

The EE certificate has keyUsage.keyCertSign=FALSE but basicConstraints.cA=TRUE, which is explicitly forbidden under CABF 7.1.2.7.8:

cA MUST be FALSE

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined N/A PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki βœ… CaUsedAsEndEntity
certvalidator-0.11.1 ❌ (unexpected success) N/A
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 βœ… validation failed: basicConstraints.cA must not be asserted in an EE certificate (encountered processing , ...)>)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki βœ… CaUsedAsEndEntity

webpki::ca-as-leafπŸ”—

Produces the following invalid chain:

root -> ICA

The ICA is in leaf position, despite being a CA certificate, which is explicitly forbidden under CABF 7.1.2.7.11 (keyUsage.keyCertSign must NOT be permitted) and 7.1.2.7.8 (basicConstraints.cA MUST be false`).

Expected result Validation kind Validation time Features Importance Conflicts Download
FAILURE SERVER N/A N/A undetermined rfc5280::ca-as-leaf PEM bundle
Harness Result Context
gnutls-certtool-3.7.3 ❌ (unexpected success) Chain verification output: Verified. The certificate is trusted.
openssl-3.0.15 ❌ (unexpected success) N/A
openssl-3.3.2 ❌ (unexpected success) N/A
openssl-3.2.3 ❌ (unexpected success) N/A
rustls-webpki βœ… CaUsedAsEndEntity
certvalidator-0.11.1 βœ… The X.509 certificate provided is not valid for securing TLS connections
gocryptox509-go1.23.3 ❌ (unexpected success) validation: chain built
openssl-3.4.0 ❌ (unexpected success) N/A
pyca-cryptography-44.0.0 βœ… validation failed: basicConstraints.cA must not be asserted in an EE certificate (encountered processing , ...)>)
openssl-3.1.7 ❌ (unexpected success) N/A
openssl-1.1 ❌ (unexpected success) N/A
rust-webpki βœ… CaUsedAsEndEntity