Google Git
Sign in
boringssl / boringssl.git / 7a823caf1522e8f0fb453440f222627e76752df7 / . / src / pki / testdata / verify_certificate_chain_unittest / policies-on-root-wrong / chain.pem
blob: c0fb9e06447311e7f62870d93f8ceadd5bdacfeb [file] [log] [blame]
[Created by: ./generate-chains.py]
Certificate chain with policies and requireExplicitPolicy, including
policies on the root which don't match the policies in the rest of the chain.
This should fail to verify if the policies on the root are processed.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:2e:4b:b8:dc:93:ec:5c:c1:45:8e:67:8e:80:9a:6b:e3:aa:78:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b8:21:b3:ab:6b:2d:0c:d8:f5:3c:a1:46:37:cb:
c2:6a:51:e6:07:3f:93:d6:71:fa:5f:e4:86:81:d0:
50:97:aa:81:b7:a9:6d:86:d0:29:5c:00:d3:f3:c8:
01:6c:33:df:7d:b4:1e:dd:c0:12:26:b4:51:3d:2e:
71:37:e6:3c:3d:6d:05:70:75:a1:74:a6:c1:ad:32:
3b:6c:a9:50:d0:c2:a3:31:a1:fc:bd:9f:e2:55:70:
ce:97:79:e0:79:ec:25:c8:0d:38:0e:81:3f:95:36:
bb:cc:68:4b:71:ae:60:f7:d6:1f:6a:70:cc:6d:20:
05:d9:7a:e8:7a:27:c0:da:49:2a:79:64:f8:54:57:
41:96:f1:18:10:c3:47:d4:4e:14:d1:3c:c1:f9:ab:
da:6a:ef:48:eb:21:5b:46:32:04:e4:03:93:1b:5d:
18:17:b3:e9:0f:4f:a3:74:59:c5:a9:92:27:e8:b3:
c1:fc:f0:f1:8d:d4:89:b4:74:83:d3:1d:cb:e0:f8:
1e:4a:93:e8:20:fc:26:1e:70:89:78:1d:c6:ae:de:
50:03:a9:bd:ab:97:f5:2c:58:7e:de:c6:51:24:6b:
80:58:a4:ec:b1:bb:34:6d:92:76:e7:4a:c4:f5:e6:
d3:42:4b:b3:5c:33:85:90:45:51:29:7d:7b:76:b8:
fc:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:A7:DB:3B:5C:A2:AA:2A:20:CA:D6:D5:B1:67:E9:2B:56:46:C7:EF
X509v3 Authority Key Identifier:
B6:D6:AA:A8:03:5C:D8:51:7D:A2:14:39:A2:21:C4:B2:A2:12:39:B5
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies: critical
Policy: 1.2.3.4
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
4b:cb:5c:2f:d3:ff:27:94:fa:a3:33:9a:c5:45:36:6e:52:b9:
dd:32:86:40:77:7a:bb:2b:4d:ba:e7:5a:f4:b1:1f:1b:61:39:
a1:94:38:5b:88:d0:b6:8e:62:fa:7b:cc:71:d2:6c:30:8f:dc:
cb:50:8b:52:64:ce:83:ea:d1:ed:41:81:a4:72:21:b6:73:d8:
8e:c3:87:e8:c8:0c:18:eb:ba:6b:64:3d:eb:c0:ea:ac:e5:4c:
52:d5:9b:b2:fb:9f:26:15:f3:3f:d4:8d:53:1f:af:f7:4e:23:
35:4f:57:61:5a:ba:6d:79:36:1d:74:40:b8:03:40:fa:aa:bf:
4a:25:42:13:a8:82:3d:e1:82:5d:6b:f7:e3:da:72:c4:23:0d:
a3:03:e8:b4:6c:ed:da:9a:40:b1:26:5f:7b:26:ec:67:2d:68:
17:11:32:bc:14:aa:78:eb:90:4b:23:3a:2f:44:ae:69:ef:8c:
12:ff:04:ff:b9:e5:6c:ba:84:10:3f:ac:f1:62:c4:ad:db:bd:
fb:65:f7:89:66:5a:a5:eb:31:af:a7:49:19:f3:22:b9:90:68:
26:b9:f2:b7:3f:ca:87:c6:2d:a1:2d:6f:e1:bb:8b:95:28:c4:
19:a9:f5:ed:f8:be:02:02:d9:d1:23:e3:8b:4d:b4:e0:5e:3b:
b2:e1:cd:43
-----BEGIN CERTIFICATE-----
MIIDtTCCAp2gAwIBAgIUXS5LuNyT7FzBRY5njoCaa+OqeNkwDQYJKoZIhvcNAQEL
BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy
MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAuCGzq2stDNj1PKFGN8vCalHmBz+T1nH6X+SGgdBQl6qB
t6lthtApXADT88gBbDPffbQe3cASJrRRPS5xN+Y8PW0FcHWhdKbBrTI7bKlQ0MKj
MaH8vZ/iVXDOl3ngeewlyA04DoE/lTa7zGhLca5g99YfanDMbSAF2XroeifA2kkq
eWT4VFdBlvEYEMNH1E4U0TzB+avaau9I6yFbRjIE5AOTG10YF7PpD0+jdFnFqZIn
6LPB/PDxjdSJtHSD0x3L4PgeSpPoIPwmHnCJeB3Grt5QA6m9q5f1LFh+3sZRJGuA
WKTssbs0bZJ250rE9ebTQkuzXDOFkEVRKX17drj8XwIDAQABo4H+MIH7MB0GA1Ud
DgQWBBS8p9s7XKKqKiDK1tWxZ+krVkbH7zAfBgNVHSMEGDAWgBS21qqoA1zYUX2i
FDmiIcSyohI5tTA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF
BgMqAwQwDQYJKoZIhvcNAQELBQADggEBAEvLXC/T/yeU+qMzmsVFNm5Sud0yhkB3
ersrTbrnWvSxHxthOaGUOFuI0LaOYvp7zHHSbDCP3MtQi1JkzoPq0e1BgaRyIbZz
2I7Dh+jIDBjrumtkPevA6qzlTFLVm7L7nyYV8z/UjVMfr/dOIzVPV2Faum15Nh10
QLgDQPqqv0olQhOogj3hgl1r9+PacsQjDaMD6LRs7dqaQLEmX3sm7GctaBcRMrwU
qnjrkEsjOi9ErmnvjBL/BP+55Wy6hBA/rPFixK3bvftl94lmWqXrMa+nSRnzIrmQ
aCa58rc/yofGLaEtb+G7i5UoxBmp9e34vgIC2dEj44tNtOBeO7LhzUM=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:db:34:c3:9c:3a:39:ee:a0:8e:aa:23:61:df:f0:1d:e5:84:50:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b1:c3:a1:f6:8c:47:91:b3:e9:57:39:c8:d6:f6:
ed:cf:95:d3:59:45:e4:1f:66:27:30:1a:5e:4b:6e:
26:cf:a1:6d:4a:44:28:88:89:5e:70:48:60:47:f1:
d5:dc:0e:52:e7:21:35:ce:f8:5f:8f:43:7f:ea:67:
d4:a2:86:20:6b:d7:9a:30:3e:0a:c5:15:20:47:ec:
dd:7a:c7:60:35:c7:0c:50:68:fb:e9:8d:75:3a:a1:
47:3e:e6:28:c7:5f:3f:bd:76:60:b6:ff:0d:67:1e:
c1:3e:b5:14:a1:69:38:35:68:8f:b0:8f:d9:d3:7b:
a9:40:ef:db:e8:73:b6:4d:88:5f:bf:2c:98:d9:1b:
fa:9e:a7:51:0a:92:d1:bc:20:bd:03:42:fa:35:60:
0c:d8:a3:b0:84:43:0e:58:59:16:5d:fd:c9:f1:b1:
65:07:28:6a:dd:d9:68:22:6a:6e:c2:b1:94:92:d3:
b9:33:67:bc:a9:a2:8e:2b:12:b9:ef:5a:64:65:73:
66:c9:de:04:4e:b2:3b:23:d9:f9:06:9c:bb:dd:36:
bc:ee:87:e4:58:f5:11:e5:4d:37:4d:4f:bd:0f:01:
99:fc:65:97:0f:b5:17:3f:2f:d9:d3:63:09:f1:47:
bd:c7:0f:96:9b:b2:c5:7c:ee:7d:d6:cb:00:b7:1c:
86:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:D6:AA:A8:03:5C:D8:51:7D:A2:14:39:A2:21:C4:B2:A2:12:39:B5
X509v3 Authority Key Identifier:
43:44:3D:B9:F8:92:0F:2F:82:B2:89:B9:46:B3:51:38:70:00:E1:3D
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Certificate Policies: critical
Policy: 1.2.3.4
X509v3 Policy Constraints: critical
Require Explicit Policy:0
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
96:6b:6d:97:9b:d1:81:4e:a8:a1:30:85:52:73:40:57:a5:09:
c5:ac:af:21:9b:d2:fa:a2:81:00:50:d2:cf:74:76:d1:56:8b:
94:95:09:7e:25:10:53:3c:bc:63:a1:50:1f:b7:9f:84:da:c7:
28:f9:d9:98:02:9e:9d:02:7b:0e:5a:ce:ca:1f:d7:bc:7e:ea:
d5:aa:b6:9d:ef:d0:e4:7b:29:0a:b3:e9:06:d7:af:a6:b1:10:
01:9c:8a:be:b2:91:12:ab:3c:da:22:db:8e:1e:f2:79:6a:b1:
19:58:e1:3f:72:74:d3:17:68:00:af:fc:65:26:11:ec:5f:e6:
27:dc:d8:df:50:f3:ce:95:aa:82:11:d6:cb:5f:90:39:b3:56:
c3:d7:d9:ea:9f:ea:13:e3:98:2e:86:8e:64:ef:94:9b:ba:ff:
78:11:a7:b0:04:d4:f3:7c:7e:3f:f9:ed:25:8a:d8:18:13:23:
e8:5d:18:82:4a:ac:3e:f6:42:74:de:33:c2:52:b8:0b:29:73:
1b:f4:ed:38:20:8b:ee:e9:e0:63:94:54:07:25:fa:a1:81:27:
e0:87:d8:b5:ed:61:34:72:02:d8:35:94:a5:94:5f:28:ea:e3:
49:d6:77:65:93:15:21:e1:65:b4:06:d6:a6:be:ea:e6:3f:26:
ce:a0:c9:d0
-----BEGIN CERTIFICATE-----
MIIDpjCCAo6gAwIBAgIULts0w5w6Oe6gjqojYd/wHeWEUCIwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALHDofaMR5Gz6Vc5yNb27c+V01lF5B9mJzAaXktuJs+hbUpE
KIiJXnBIYEfx1dwOUuchNc74X49Df+pn1KKGIGvXmjA+CsUVIEfs3XrHYDXHDFBo
++mNdTqhRz7mKMdfP712YLb/DWcewT61FKFpODVoj7CP2dN7qUDv2+hztk2IX78s
mNkb+p6nUQqS0bwgvQNC+jVgDNijsIRDDlhZFl39yfGxZQcoat3ZaCJqbsKxlJLT
uTNnvKmijisSue9aZGVzZsneBE6yOyPZ+Qacu902vO6H5Fj1EeVNN01PvQ8Bmfxl
lw+1Fz8v2dNjCfFHvccPlpuyxXzufdbLALcchkcCAwEAAaOB8TCB7jAdBgNVHQ4E
FgQUttaqqANc2FF9ohQ5oiHEsqISObUwHwYDVR0jBBgwFoAUQ0Q9ufiSDy+Csom5
RrNROHAA4T0wNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
MBMGA1UdIAEB/wQJMAcwBQYDKgMEMA8GA1UdJAEB/wQFMAOAAQAwDQYJKoZIhvcN
AQELBQADggEBAJZrbZeb0YFOqKEwhVJzQFelCcWsryGb0vqigQBQ0s90dtFWi5SV
CX4lEFM8vGOhUB+3n4Taxyj52ZgCnp0Cew5azsof17x+6tWqtp3v0OR7KQqz6QbX
r6axEAGcir6ykRKrPNoi244e8nlqsRlY4T9ydNMXaACv/GUmEexf5ifc2N9Q886V
qoIR1stfkDmzVsPX2eqf6hPjmC6GjmTvlJu6/3gRp7AE1PN8fj/57SWK2BgTI+hd
GIJKrD72QnTeM8JSuAspcxv07Tggi+7p4GOUVAcl+qGBJ+CH2LXtYTRyAtg1lKWU
Xyjq40nWd2WTFSHhZbQG1qa+6uY/Js6gydA=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:db:34:c3:9c:3a:39:ee:a0:8e:aa:23:61:df:f0:1d:e5:84:50:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e1:6e:78:ca:b6:dd:31:40:ef:dc:08:cc:9d:7d:
04:a7:e8:5a:43:63:58:ca:2a:8b:01:fd:ea:aa:9a:
2a:c3:7b:86:0e:4a:28:b2:20:50:49:82:84:fc:9e:
1a:90:ab:04:f1:20:89:11:79:b5:18:27:c7:88:f4:
d4:39:7b:6f:f0:26:ae:22:b1:3d:35:f8:78:8f:78:
62:73:d5:80:e8:b2:01:37:1e:14:9d:22:44:87:2e:
25:7f:42:72:7a:61:2e:24:f0:06:ed:c9:fc:da:c6:
11:5a:d7:50:bf:2e:02:8f:1a:f0:32:4f:e9:e2:22:
88:61:81:dd:ce:9f:f2:db:92:5c:e2:38:00:26:b7:
3b:7d:ec:b2:98:b9:1b:23:b7:c4:2d:23:04:4c:0e:
bb:c6:3f:59:13:29:ba:55:ba:84:c8:6c:f8:a9:7c:
f2:bc:1c:ee:cb:d1:5a:dc:44:b8:c3:73:e5:4b:fc:
d1:53:ae:ea:75:b3:73:e9:f6:5c:a6:8c:62:0c:3a:
78:cb:19:0a:a7:ce:a1:70:61:8f:8b:c1:f6:b4:7f:
19:e0:c6:9b:bd:69:eb:36:1f:f6:bd:a1:04:da:2f:
0e:4c:19:d2:ba:53:03:7e:3c:ca:e1:3f:56:0c:bf:
11:ee:a7:a9:87:65:68:b1:22:54:bf:a6:fb:5b:bf:
2a:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:44:3D:B9:F8:92:0F:2F:82:B2:89:B9:46:B3:51:38:70:00:E1:3D
X509v3 Authority Key Identifier:
43:44:3D:B9:F8:92:0F:2F:82:B2:89:B9:46:B3:51:38:70:00:E1:3D
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Certificate Policies: critical
Policy: 1.2.3.5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
dc:37:26:f3:42:d7:1a:10:83:63:d1:85:bb:ae:f4:d4:ac:7b:
e2:55:1a:1b:19:6d:03:1f:e9:c7:94:83:15:ae:49:d3:9e:f4:
4c:b1:69:2a:ad:78:1a:db:50:a8:85:3c:a2:bb:e7:79:05:6d:
2f:21:a1:e2:64:7c:07:35:47:58:8a:df:5a:2c:08:2f:d2:57:
f7:59:bb:d3:38:56:74:fe:e5:c0:55:b2:df:f3:a2:92:95:39:
0b:9d:73:1a:ba:91:c3:07:4d:59:bf:bf:e2:9c:34:33:84:6b:
4f:5e:29:7c:7d:62:ac:ca:ee:6a:02:36:72:bc:7b:04:d0:16:
ff:3f:d0:7f:f8:b3:ca:be:7b:b7:55:2b:16:97:53:06:24:92:
ad:c5:a4:8b:6e:b8:41:85:7f:18:b4:83:b4:7c:5a:6f:62:9f:
6b:33:74:39:b4:60:b7:a5:5d:cf:54:c2:a9:03:85:24:df:e6:
4c:d4:b7:20:9b:fb:be:0c:d4:ff:90:4d:88:a6:b2:0c:3a:a0:
b6:76:60:39:97:2f:f3:5a:6a:6a:b0:ed:5c:69:b5:70:7e:b6:
af:c6:d8:89:76:ce:02:d9:90:9d:6c:51:cc:e3:77:83:d1:a1:
8b:a7:4f:c1:0e:c6:60:04:95:36:03:1f:ca:90:2d:fa:00:f3:
a6:34:fa:cc
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIULts0w5w6Oe6gjqojYd/wHeWEUCEwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDhbnjKtt0xQO/cCMydfQSn6FpDY1jKKosB/eqqmirDe4YOSiiyIFBJgoT8
nhqQqwTxIIkRebUYJ8eI9NQ5e2/wJq4isT01+HiPeGJz1YDosgE3HhSdIkSHLiV/
QnJ6YS4k8AbtyfzaxhFa11C/LgKPGvAyT+niIohhgd3On/LbklziOAAmtzt97LKY
uRsjt8QtIwRMDrvGP1kTKbpVuoTIbPipfPK8HO7L0VrcRLjDc+VL/NFTrup1s3Pp
9lymjGIMOnjLGQqnzqFwYY+Lwfa0fxngxpu9aes2H/a9oQTaLw5MGdK6UwN+PMrh
P1YMvxHup6mHZWixIlS/pvtbvyqZAgMBAAGjgeAwgd0wHQYDVR0OBBYEFENEPbn4
kg8vgrKJuUazUThwAOE9MB8GA1UdIwQYMBaAFENEPbn4kg8vgrKJuUazUThwAOE9
MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSAB
Af8ECTAHMAUGAyoDBTANBgkqhkiG9w0BAQsFAAOCAQEA3Dcm80LXGhCDY9GFu670
1Kx74lUaGxltAx/px5SDFa5J0570TLFpKq14GttQqIU8orvneQVtLyGh4mR8BzVH
WIrfWiwIL9JX91m70zhWdP7lwFWy3/OikpU5C51zGrqRwwdNWb+/4pw0M4RrT14p
fH1irMruagI2crx7BNAW/z/Qf/izyr57t1UrFpdTBiSSrcWki264QYV/GLSDtHxa
b2KfazN0ObRgt6Vdz1TCqQOFJN/mTNS3IJv7vgzU/5BNiKayDDqgtnZgOZcv81pq
arDtXGm1cH62r8bYiXbOAtmQnWxRzON3g9Ghi6dPwQ7GYASVNgMfypAt+gDzpjT6
zA==
-----END CERTIFICATE-----