Google Git
Sign in
boringssl / boringssl.git / 5f924229aa9b85ae74c613081fe27de22384e7ee / . / pki / testdata / verify_certificate_chain_unittest / policies-required-by-root-fail / chain.pem
blob: 58e3ac9e60dcc0d352353935ea944bbd38b0dcfb [file] [log] [blame]
[Created by: ./generate-chains.py]
Certificate chain of length 3 with requireExplicitPolicy=2 on the root,
meaning an explicit policy should be required and the chain should fail to
verify if the root constraints are enforced.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:bb:74:45:42:77:6d:81:39:a3:bb:aa:95:6e:18:9c:71:0d:ce:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c6:80:6c:45:ac:2b:3b:b4:5a:5f:54:06:e7:64:
4b:a6:50:35:bf:f7:1d:be:87:40:a6:49:97:8c:d5:
d1:35:43:74:fc:d1:af:b5:ae:8e:c8:eb:d2:ee:bc:
37:da:08:03:6e:bf:4e:e0:25:7e:91:a8:a4:07:2d:
cf:c1:fb:55:72:52:9a:e7:00:87:62:3f:7c:21:1c:
31:65:56:ad:fe:73:df:94:d5:0f:25:a4:ca:a5:a9:
b4:04:0a:fd:e6:e1:60:9f:9c:85:85:11:65:1c:f1:
38:a5:45:e5:7e:b2:89:8d:09:88:55:3f:29:81:89:
66:20:f9:c1:7d:8e:2d:27:cf:1e:88:73:70:0f:f2:
69:cc:a5:1c:3b:76:18:5a:4d:7a:20:27:c2:7c:68:
91:12:23:1f:9f:e8:44:2c:0a:12:73:e6:c7:32:ec:
d0:bf:6d:9c:c8:da:4f:ec:92:40:7e:ff:75:eb:1e:
cd:89:b7:61:91:e8:a2:26:45:80:0e:40:4a:d4:cb:
a6:bc:c7:ae:1d:eb:d9:f7:6a:89:27:ab:64:69:fa:
3d:f2:5e:28:49:b1:2f:f5:6a:1b:d7:56:1d:88:ab:
5a:c6:42:9d:5b:2a:32:35:92:a2:29:92:05:c2:93:
33:4e:8f:aa:5a:68:db:c5:27:15:19:18:90:2c:c9:
a3:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:95:1E:F9:32:14:D0:49:71:DD:EC:B6:B5:00:5E:2B:7C:BA:F9:3A
X509v3 Authority Key Identifier:
DF:E8:20:E0:84:F1:3D:41:05:B5:77:47:0F:B9:19:C3:AF:43:69:A7
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
7f:7f:af:87:3f:0f:a4:bf:b7:1a:d3:83:c6:cb:d7:94:07:2c:
47:8d:4a:50:71:70:65:87:70:8b:43:76:af:64:76:23:d1:f3:
ff:63:a7:21:20:12:50:f9:ec:c4:a7:15:49:8e:4b:c3:de:a0:
e0:55:05:7b:b8:e5:9c:48:44:ea:94:07:ca:cb:75:7e:17:92:
5a:da:06:ff:09:3d:15:99:ce:bd:19:ec:85:36:a2:fc:fe:56:
00:9e:6d:02:66:8a:fa:cc:e0:34:17:34:d6:af:1e:54:c6:20:
09:cd:f0:a8:72:8d:7b:e5:5a:3b:c0:74:98:c5:e5:37:92:78:
ef:a5:15:8c:5c:b5:5a:2a:ed:5c:d1:73:e0:fb:60:b5:37:ff:
b6:be:9e:a3:92:d5:5a:9b:9c:f1:14:b5:82:e9:5f:56:8f:57:
4f:e0:c1:14:8d:1a:f7:10:2d:2f:cf:20:3b:10:8d:c3:f5:76:
3b:cf:66:f7:6d:52:ca:ae:1f:5b:79:43:0e:62:95:db:e9:70:
e3:d8:54:b1:d7:e6:68:77:55:79:7b:b3:83:79:f9:f4:a8:f7:
5f:e2:bc:4f:44:39:ac:1e:03:8d:0f:57:e9:74:0b:fe:d4:26:
f1:03:7f:1e:7d:3d:64:b7:e9:58:26:d5:37:52:c5:0f:7b:0f:
97:cf:0a:3a
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIUQ7t0RUJ3bYE5o7uqlW4YnHENzsUwDQYJKoZIhvcNAQEL
BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy
MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAxoBsRawrO7RaX1QG52RLplA1v/cdvodApkmXjNXRNUN0
/NGvta6OyOvS7rw32ggDbr9O4CV+kaikBy3PwftVclKa5wCHYj98IRwxZVat/nPf
lNUPJaTKpam0BAr95uFgn5yFhRFlHPE4pUXlfrKJjQmIVT8pgYlmIPnBfY4tJ88e
iHNwD/JpzKUcO3YYWk16ICfCfGiREiMfn+hELAoSc+bHMuzQv22cyNpP7JJAfv91
6x7NibdhkeiiJkWADkBK1MumvMeuHevZ92qJJ6tkafo98l4oSbEv9Wob11YdiKta
xkKdWyoyNZKiKZIFwpMzTo+qWmjbxScVGRiQLMmjAwIDAQABo4HpMIHmMB0GA1Ud
DgQWBBSnlR75MhTQSXHd7La1AF4rfLr5OjAfBgNVHSMEGDAWgBTf6CDghPE9QQW1
d0cPuRnDr0NppzA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQAD
ggEBAH9/r4c/D6S/txrTg8bL15QHLEeNSlBxcGWHcItDdq9kdiPR8/9jpyEgElD5
7MSnFUmOS8PeoOBVBXu45ZxIROqUB8rLdX4XklraBv8JPRWZzr0Z7IU2ovz+VgCe
bQJmivrM4DQXNNavHlTGIAnN8KhyjXvlWjvAdJjF5TeSeO+lFYxctVoq7VzRc+D7
YLU3/7a+nqOS1VqbnPEUtYLpX1aPV0/gwRSNGvcQLS/PIDsQjcP1djvPZvdtUsqu
H1t5Qw5ildvpcOPYVLHX5mh3VXl7s4N5+fSo91/ivE9EOaweA40PV+l0C/7UJvED
fx59PWS36Vgm1TdSxQ97D5fPCjo=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
50:cb:04:8e:6f:ac:67:3d:21:40:7b:93:19:8c:33:4c:dc:00:04:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c1:f1:4f:24:39:36:7a:84:f1:90:2a:ca:28:d7:
46:34:ab:2c:c2:bc:44:69:d2:ee:9c:30:c2:cb:65:
90:d9:b4:93:ca:ea:9b:aa:a8:6c:1a:38:67:3a:59:
87:82:75:b8:57:55:d8:33:76:d1:1f:5d:57:0a:00:
d2:02:aa:97:b3:e0:58:97:68:97:ec:0d:26:15:32:
70:da:db:c9:3b:24:3e:dd:3d:72:2a:b6:57:51:6c:
f6:9a:aa:75:fd:0b:88:84:65:93:d2:1c:27:d3:27:
56:a3:ca:64:5e:44:05:09:5f:83:61:18:d8:69:8b:
33:8e:72:1b:1f:74:09:aa:4c:90:29:a1:28:c4:78:
80:9c:c5:ef:d5:12:be:22:47:f3:9a:02:38:ba:0a:
08:f2:94:7e:65:03:5c:28:7c:09:70:13:0e:6a:a2:
37:8b:53:94:78:f5:32:04:59:aa:fc:7f:b7:d6:34:
96:9d:4e:01:84:7f:89:99:84:0a:51:14:99:ba:ac:
0a:2b:0f:02:e5:4d:f4:db:03:a0:1c:f5:78:b2:76:
be:53:02:86:85:ed:3a:ae:42:ad:0f:85:6d:03:ba:
cd:a2:16:2b:76:a1:2d:77:91:d6:05:2f:5e:d5:f7:
b6:af:e9:86:fc:6f:ca:11:62:15:93:f8:e8:d9:e5:
66:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:E8:20:E0:84:F1:3D:41:05:B5:77:47:0F:B9:19:C3:AF:43:69:A7
X509v3 Authority Key Identifier:
E3:18:38:0F:81:36:AC:9B:8C:05:B1:1C:11:85:A0:86:55:A8:8F:B4
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
a6:be:bb:fc:11:76:e2:44:c3:35:04:4c:ad:28:b6:25:de:40:
2b:e7:1c:f9:39:58:71:93:c0:be:13:45:c1:e0:0a:e8:fd:f5:
34:b4:24:9c:81:ec:bb:6c:c6:7b:18:92:d7:de:42:e3:d9:90:
4c:9a:3a:f5:e0:00:09:4b:10:c5:ca:32:50:cb:77:1b:f5:d7:
11:60:5b:86:d6:c0:22:03:42:6f:13:c4:14:e1:ce:49:b4:2f:
c5:3b:cc:f5:5b:d4:a7:62:bc:63:67:4a:45:68:a1:27:02:a6:
10:ee:7e:64:1a:d6:b5:d9:6e:c8:da:42:cc:6d:df:33:8d:b2:
48:71:ab:70:12:55:f2:53:0a:2a:2c:53:e6:14:27:fb:0c:05:
0b:35:95:7d:0c:1d:b0:7e:fc:c3:39:af:05:1a:f9:c5:52:cc:
a7:5c:27:cd:5a:ea:76:f6:07:8d:2b:32:68:5b:62:3c:cd:88:
e9:2c:a7:f7:63:18:7e:c0:4e:d6:a5:8e:9a:10:54:4c:13:ef:
7a:5f:39:c0:30:fd:8f:44:67:0e:06:88:43:31:6d:40:95:78:
d5:00:b3:93:e3:78:d8:97:f0:51:16:24:34:3c:67:6a:b9:c2:
60:da:cb:c5:c0:09:75:39:3a:96:a7:06:99:c8:47:4e:c8:2e:
b6:9b:a4:80
-----BEGIN CERTIFICATE-----
MIIDgDCCAmigAwIBAgIUUMsEjm+sZz0hQHuTGYwzTNwABB0wDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMHxTyQ5NnqE8ZAqyijXRjSrLMK8RGnS7pwwwstlkNm0k8rq
m6qobBo4ZzpZh4J1uFdV2DN20R9dVwoA0gKql7PgWJdol+wNJhUycNrbyTskPt09
ciq2V1Fs9pqqdf0LiIRlk9IcJ9MnVqPKZF5EBQlfg2EY2GmLM45yGx90CapMkCmh
KMR4gJzF79USviJH85oCOLoKCPKUfmUDXCh8CXATDmqiN4tTlHj1MgRZqvx/t9Y0
lp1OAYR/iZmEClEUmbqsCisPAuVN9NsDoBz1eLJ2vlMChoXtOq5CrQ+FbQO6zaIW
K3ahLXeR1gUvXtX3tq/phvxvyhFiFZP46NnlZvsCAwEAAaOByzCByDAdBgNVHQ4E
FgQU3+gg4ITxPUEFtXdHD7kZw69DaacwHwYDVR0jBBgwFoAU4xg4D4E2rJuMBbEc
EYWghlWoj7QwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
MA0GCSqGSIb3DQEBCwUAA4IBAQCmvrv8EXbiRMM1BEytKLYl3kAr5xz5OVhxk8C+
E0XB4Aro/fU0tCScgey7bMZ7GJLX3kLj2ZBMmjr14AAJSxDFyjJQy3cb9dcRYFuG
1sAiA0JvE8QU4c5JtC/FO8z1W9SnYrxjZ0pFaKEnAqYQ7n5kGta12W7I2kLMbd8z
jbJIcatwElXyUwoqLFPmFCf7DAULNZV9DB2wfvzDOa8FGvnFUsynXCfNWup29geN
KzJoW2I8zYjpLKf3Yxh+wE7WpY6aEFRME+96XznAMP2PRGcOBohDMW1AlXjVALOT
43jYl/BRFiQ0PGdqucJg2svFwAl1OTqWpwaZyEdOyC62m6SA
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
50:cb:04:8e:6f:ac:67:3d:21:40:7b:93:19:8c:33:4c:dc:00:04:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c5:cc:1c:e5:9a:d9:de:85:c0:83:0b:b9:35:56:
b6:65:47:94:ff:b7:ed:00:aa:ca:dd:80:6d:a6:a7:
75:0a:61:57:4e:54:40:25:66:07:33:a7:62:68:ce:
40:0a:65:8a:d5:37:70:b7:b6:75:94:3e:33:e9:66:
27:b7:94:48:94:09:58:91:03:a9:6f:d6:21:72:ce:
97:97:95:8c:71:56:2e:96:03:e6:c0:b7:7d:f6:98:
d0:d0:73:1a:49:dc:55:a4:34:7d:38:62:27:ad:8b:
e4:7a:eb:54:38:3e:93:aa:7a:e6:fc:29:fe:de:1c:
93:bc:4f:d9:de:5a:da:c3:35:a4:0a:e4:8e:82:1d:
99:7d:75:c4:f4:b1:77:60:5c:c0:c8:b9:7c:cb:65:
85:54:18:54:63:fd:66:bd:56:62:1b:d0:d7:33:37:
db:b1:92:96:ad:5c:a6:dd:51:e4:82:18:cd:bd:c4:
3d:6a:f3:af:5e:de:da:5e:5f:e6:d2:f2:66:ee:de:
0c:6a:e5:72:58:0d:f1:21:1a:86:62:80:a1:e7:c3:
e3:eb:19:56:ef:88:a8:a8:c5:37:c6:98:48:f2:7d:
ea:b4:4a:e7:3e:9f:8b:14:6f:55:26:55:c9:ff:71:
bd:60:4a:82:d3:9c:20:10:76:ba:8c:75:c9:64:ad:
14:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:18:38:0F:81:36:AC:9B:8C:05:B1:1C:11:85:A0:86:55:A8:8F:B4
X509v3 Authority Key Identifier:
E3:18:38:0F:81:36:AC:9B:8C:05:B1:1C:11:85:A0:86:55:A8:8F:B4
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Policy Constraints: critical
Require Explicit Policy:2
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
3a:2b:a5:f1:fe:ef:97:5b:90:2a:7c:af:77:fc:b7:e0:3e:6b:
f1:02:a1:a3:f9:e0:87:34:43:8b:52:6e:35:c0:1d:19:44:95:
ad:31:d5:35:85:85:3c:03:2c:98:61:61:3e:64:eb:ac:b3:d5:
6c:85:f4:1c:02:a2:13:4d:42:f9:9c:99:c0:bf:7d:ce:30:fc:
7c:e7:40:21:70:96:13:a9:c3:c2:90:d1:80:60:ea:25:6b:cb:
30:95:46:1b:63:d3:6f:66:8b:f7:16:c1:da:42:de:3e:df:47:
90:24:4d:07:3e:a8:73:38:48:cb:8b:fb:be:de:c3:ae:fd:ed:
ff:b1:99:dc:5c:fa:ef:51:7c:05:66:b6:2c:84:c6:7f:4e:10:
17:7c:54:ac:a8:4d:b1:92:80:1f:c9:9b:95:84:9d:c2:97:b3:
88:c2:ba:21:2c:60:f8:f2:23:8f:a5:b8:e1:5f:08:c3:c1:b7:
86:1f:3f:08:77:df:01:31:80:b7:1e:01:ba:47:fd:25:91:5e:
aa:25:67:bd:cc:e1:4f:ee:74:1a:48:e4:b8:ec:e7:14:79:64:
16:b7:74:9b:c6:30:a9:0f:d7:5e:43:15:c7:b3:32:cc:f5:df:
04:cc:cb:b3:8e:90:ff:ca:d8:c4:ee:d9:9f:fc:ac:59:97:31:
4e:bb:57:3c
-----BEGIN CERTIFICATE-----
MIIDiTCCAnGgAwIBAgIUUMsEjm+sZz0hQHuTGYwzTNwABBwwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDFzBzlmtnehcCDC7k1VrZlR5T/t+0AqsrdgG2mp3UKYVdOVEAlZgczp2Jo
zkAKZYrVN3C3tnWUPjPpZie3lEiUCViRA6lv1iFyzpeXlYxxVi6WA+bAt332mNDQ
cxpJ3FWkNH04Yieti+R661Q4PpOqeub8Kf7eHJO8T9neWtrDNaQK5I6CHZl9dcT0
sXdgXMDIuXzLZYVUGFRj/Wa9VmIb0NczN9uxkpatXKbdUeSCGM29xD1q869e3tpe
X+bS8mbu3gxq5XJYDfEhGoZigKHnw+PrGVbviKioxTfGmEjyfeq0Suc+n4sUb1Um
Vcn/cb1gSoLTnCAQdrqMdclkrRSpAgMBAAGjgdwwgdkwHQYDVR0OBBYEFOMYOA+B
NqybjAWxHBGFoIZVqI+0MB8GA1UdIwQYMBaAFOMYOA+BNqybjAWxHBGFoIZVqI+0
MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHSQB
Af8EBTADgAECMA0GCSqGSIb3DQEBCwUAA4IBAQA6K6Xx/u+XW5AqfK93/LfgPmvx
AqGj+eCHNEOLUm41wB0ZRJWtMdU1hYU8AyyYYWE+ZOuss9VshfQcAqITTUL5nJnA
v33OMPx850AhcJYTqcPCkNGAYOola8swlUYbY9NvZov3FsHaQt4+30eQJE0HPqhz
OEjLi/u+3sOu/e3/sZncXPrvUXwFZrYshMZ/ThAXfFSsqE2xkoAfyZuVhJ3Cl7OI
wrohLGD48iOPpbjhXwjDwbeGHz8Id98BMYC3HgG6R/0lkV6qJWe9zOFP7nQaSOS4
7OcUeWQWt3SbxjCpD9deQxXHszLM9d8EzMuzjpD/ytjE7tmf/KxZlzFOu1c8
-----END CERTIFICATE-----