Google Git
Sign in
boringssl / boringssl / 23824fa0fed94f4660ffafb15aaea8b317f2c8a6 / . / pki / testdata / verify_certificate_chain_unittest / policies-inhibit-anypolicy-by-root-fail / chain.pem
blob: 3db64b80b9fc058b2623c29a092c7a141d81a874 [file] [log] [blame]
[Created by: ./generate-chains.py]
Certificate chain with inhibitAnyPolicy on the root, and an intermediate
that uses anyPolicy. Should fail if the policyConstraints on the root are
enforced.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5a:d9:1e:25:c2:df:a8:d3:08:03:19:0f:58:d0:d7:b7:19:da:11:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Intermediate
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Target
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b1:df:79:78:69:06:41:4f:b2:c1:6a:83:99:da:
2b:0b:0a:e3:a1:99:04:7f:24:50:ce:1a:97:b1:b2:
42:cc:32:80:1b:34:f6:8e:6a:06:a0:46:ab:fb:0f:
1b:a9:b7:01:5a:c3:25:82:6c:00:cd:1d:13:40:a4:
70:88:96:e0:94:79:ed:2a:47:a9:d2:f3:7e:ac:1d:
15:28:d8:88:32:9b:7a:2c:10:09:41:3a:8b:ef:f9:
96:36:cd:27:11:02:f6:76:18:95:fe:4d:d7:e5:35:
41:40:1f:05:46:c8:63:a1:52:45:43:30:54:83:9e:
7c:eb:48:a1:66:ca:4a:21:69:25:d8:29:12:39:f5:
4b:14:97:3b:42:f2:c7:7e:38:cd:2c:57:56:b9:92:
ea:f3:15:c3:33:7f:fe:92:41:a6:d3:b5:72:f6:87:
31:66:bf:a2:5b:0b:66:ed:c8:f0:fe:b7:34:2c:dc:
09:16:d2:54:c1:b6:d1:1c:6e:ff:55:28:29:44:bd:
b7:9f:40:ea:87:88:23:51:a4:23:25:61:25:b6:b9:
db:39:64:03:12:ba:17:86:f5:02:56:07:94:ff:f2:
1c:d0:03:f6:60:19:5d:56:48:c1:0e:a7:2b:79:9b:
8f:f4:0d:d2:eb:44:bb:85:18:64:f6:e4:46:3b:9c:
68:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:FA:9C:59:69:9E:9A:82:47:3A:65:24:E7:00:9E:DC:54:53:54:5C
X509v3 Authority Key Identifier:
48:8C:E1:C6:32:0E:AB:6E:B3:7B:4B:CB:28:2A:AF:69:BE:BC:96:E0
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Intermediate.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Intermediate.crl
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies: critical
Policy: 1.2.3.5
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
05:38:45:d0:f2:65:e1:0a:b8:35:e2:d0:5d:b0:e4:53:20:aa:
0f:7e:2b:4c:74:b1:49:a3:04:88:89:58:1b:ac:f8:e7:03:ce:
d9:82:82:67:f2:6f:12:53:5e:7b:e4:d6:6c:a9:3d:c9:c4:12:
18:d3:8b:29:ea:c7:9b:66:39:39:6e:dc:25:de:a4:f4:1d:34:
d3:50:50:7d:ff:7d:4a:5c:85:3f:30:d1:dd:14:9f:42:42:b5:
4d:1a:47:66:f6:87:c6:fa:43:91:f0:3c:77:b0:79:71:94:06:
14:da:a8:9e:02:6c:d2:d0:2b:af:72:d3:15:20:40:ca:2c:7a:
8f:6e:58:d6:10:e5:fa:51:d4:80:00:eb:9b:b5:9d:43:d3:ff:
78:7a:45:da:4f:e5:6a:80:87:e4:85:18:c2:8e:f2:cb:0f:ba:
fe:e5:95:b2:d6:bc:a2:bc:5c:66:b6:59:16:44:bd:da:d3:52:
24:ea:31:cf:e7:2a:65:98:95:df:19:23:70:b4:45:ae:fb:6c:
3a:f7:ce:ad:fd:76:97:89:59:b0:1e:e0:d5:08:0a:f4:0d:47:
b9:d8:eb:86:12:41:c8:25:7c:0d:ad:a9:59:c9:de:79:e7:4e:
ab:ce:18:91:a3:34:07:6f:09:a6:ff:fd:aa:43:15:4f:0d:1a:
c1:8d:ff:2a
-----BEGIN CERTIFICATE-----
MIIDtTCCAp2gAwIBAgIUWtkeJcLfqNMIAxkPWNDXtxnaEaEwDQYJKoZIhvcNAQEL
BQAwFzEVMBMGA1UEAwwMSW50ZXJtZWRpYXRlMB4XDTIxMTAwNTEyMDAwMFoXDTIy
MTAwNTEyMDAwMFowETEPMA0GA1UEAwwGVGFyZ2V0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsd95eGkGQU+ywWqDmdorCwrjoZkEfyRQzhqXsbJCzDKA
GzT2jmoGoEar+w8bqbcBWsMlgmwAzR0TQKRwiJbglHntKkep0vN+rB0VKNiIMpt6
LBAJQTqL7/mWNs0nEQL2dhiV/k3X5TVBQB8FRshjoVJFQzBUg55860ihZspKIWkl
2CkSOfVLFJc7QvLHfjjNLFdWuZLq8xXDM3/+kkGm07Vy9ocxZr+iWwtm7cjw/rc0
LNwJFtJUwbbRHG7/VSgpRL23n0Dqh4gjUaQjJWEltrnbOWQDEroXhvUCVgeU//Ic
0AP2YBldVkjBDqcreZuP9A3S60S7hRhk9uRGO5xotQIDAQABo4H+MIH7MB0GA1Ud
DgQWBBSA+pxZaZ6agkc6ZSTnAJ7cVFNUXDAfBgNVHSMEGDAWgBRIjOHGMg6rbrN7
S8soKq9pvryW4DA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKGI2h0dHA6Ly91
cmwtZm9yLWFpYS9JbnRlcm1lZGlhdGUuY2VyMDQGA1UdHwQtMCswKaAnoCWGI2h0
dHA6Ly91cmwtZm9yLWNybC9JbnRlcm1lZGlhdGUuY3JsMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEwYDVR0gAQH/BAkwBzAF
BgMqAwUwDQYJKoZIhvcNAQELBQADggEBAAU4RdDyZeEKuDXi0F2w5FMgqg9+K0x0
sUmjBIiJWBus+OcDztmCgmfybxJTXnvk1mypPcnEEhjTiynqx5tmOTlu3CXepPQd
NNNQUH3/fUpchT8w0d0Un0JCtU0aR2b2h8b6Q5HwPHeweXGUBhTaqJ4CbNLQK69y
0xUgQMoseo9uWNYQ5fpR1IAA65u1nUPT/3h6RdpP5WqAh+SFGMKO8ssPuv7llbLW
vKK8XGa2WRZEvdrTUiTqMc/nKmWYld8ZI3C0Ra77bDr3zq39dpeJWbAe4NUICvQN
R7nY64YSQcglfA2tqVnJ3nnnTqvOGJGjNAdvCab//apDFU8NGsGN/yo=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:31:77:a6:0a:3a:73:f3:ea:47:c4:6a:4b:cb:b8:a6:ba:0c:4b:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Intermediate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c2:1d:00:3e:0c:67:5d:f7:ff:70:1e:a1:33:e9:
b3:28:7a:3c:3f:5e:ab:a7:8d:b5:91:c2:02:8e:2c:
b1:93:90:43:4e:2a:d4:1b:80:bd:1c:8b:4c:5d:74:
16:8a:fa:6f:88:2e:87:39:e0:11:c4:7c:4b:76:fd:
87:f0:1f:38:0e:5c:6d:33:2d:16:00:3d:15:dc:14:
fb:ee:5f:bf:49:41:3c:ec:e7:43:74:1c:71:fb:bc:
6b:ae:54:5f:5e:90:fb:5b:b0:93:8c:72:79:6a:d2:
8e:c6:7b:1f:ac:d9:c1:d7:30:ee:d2:b1:39:cb:7d:
44:96:9d:eb:31:d1:28:74:f8:b5:80:e3:62:86:73:
28:02:62:83:12:32:e9:42:6a:ed:75:5b:ec:ba:7d:
30:62:74:a0:2c:1e:1e:9b:10:85:22:1a:af:bf:f0:
0c:4d:9b:bd:1e:fb:fd:a5:dc:e9:98:fb:35:61:4a:
ca:cb:6c:e0:4d:10:f4:fe:b8:17:ad:30:91:30:db:
9a:53:6b:2f:1c:d9:ec:f2:28:d7:42:b9:b5:02:0d:
5f:52:ed:9f:16:b6:14:7b:cf:28:d7:f7:5e:02:38:
df:0e:bc:60:40:6a:6f:65:64:a6:4a:ae:fd:d0:b7:
aa:5f:40:c6:e1:17:c1:dc:9a:25:1f:4e:56:90:9e:
ab:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:8C:E1:C6:32:0E:AB:6E:B3:7B:4B:CB:28:2A:AF:69:BE:BC:96:E0
X509v3 Authority Key Identifier:
99:59:00:A4:21:DA:73:35:FA:D0:46:7C:5E:3A:64:E7:C1:CA:C4:71
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Policy Constraints: critical
Require Explicit Policy:0
X509v3 Certificate Policies: critical
Policy: X509v3 Any Policy
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
88:09:58:2d:a5:73:dc:dd:1b:fd:8a:e2:31:38:5e:9a:b9:f8:
5d:68:db:00:a5:48:92:8e:28:6e:51:f0:9a:7b:ad:ac:d3:05:
b2:30:5c:45:e0:5d:9e:e5:47:c5:96:d0:5e:87:66:ee:8c:96:
4b:ab:cb:71:63:41:83:93:30:86:e9:a2:4b:27:fa:7d:0f:28:
52:9a:a1:ad:82:79:ca:c7:b6:c0:26:9c:bb:9e:b7:17:98:11:
9d:d0:6b:e3:de:0c:88:08:0d:17:68:77:4a:c9:62:0f:f2:c0:
76:04:40:d6:8e:c1:14:39:50:be:63:09:cd:a7:38:06:8e:aa:
3a:ee:9c:39:1f:bb:1d:fc:c2:09:e9:69:d3:91:b4:58:8f:e1:
d6:b3:fa:34:fa:b4:ef:45:e8:c5:fc:8b:10:57:a9:74:fc:6e:
3f:37:2f:37:24:c4:e1:19:84:71:f1:27:aa:cf:f0:1f:37:33:
20:f9:11:14:14:ad:21:f7:8b:59:51:af:a2:16:86:61:cc:df:
a2:5d:d0:1d:42:4a:6f:44:b8:78:ec:d7:98:2f:55:f7:78:42:
ec:21:0c:ba:ee:36:5f:d7:e5:d6:91:e0:63:cc:d2:ea:31:bd:
ce:09:ec:44:be:d9:0b:ed:d0:43:68:24:02:27:88:0a:4d:62:
f1:c0:2c:b5
-----BEGIN CERTIFICATE-----
MIIDpzCCAo+gAwIBAgIUJzF3pgo6c/PqR8RqS8u4proMS/0wDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
MDBaMBcxFTATBgNVBAMMDEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMIdAD4MZ133/3AeoTPpsyh6PD9eq6eNtZHCAo4ssZOQQ04q
1BuAvRyLTF10For6b4guhzngEcR8S3b9h/AfOA5cbTMtFgA9FdwU++5fv0lBPOzn
Q3Qccfu8a65UX16Q+1uwk4xyeWrSjsZ7H6zZwdcw7tKxOct9RJad6zHRKHT4tYDj
YoZzKAJigxIy6UJq7XVb7Lp9MGJ0oCweHpsQhSIar7/wDE2bvR77/aXc6Zj7NWFK
ysts4E0Q9P64F60wkTDbmlNrLxzZ7PIo10K5tQINX1Ltnxa2FHvPKNf3XgI43w68
YEBqb2Vkpkqu/dC3ql9AxuEXwdyaJR9OVpCeq2MCAwEAAaOB8jCB7zAdBgNVHQ4E
FgQUSIzhxjIOq26ze0vLKCqvab68luAwHwYDVR0jBBgwFoAUmVkApCHaczX60EZ8
Xjpk58HKxHEwNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzAChhtodHRwOi8vdXJs
LWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL3VybC1m
b3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
MA8GA1UdJAEB/wQFMAOAAQAwFAYDVR0gAQH/BAowCDAGBgRVHSAAMA0GCSqGSIb3
DQEBCwUAA4IBAQCICVgtpXPc3Rv9iuIxOF6aufhdaNsApUiSjihuUfCae62s0wWy
MFxF4F2e5UfFltBeh2bujJZLq8txY0GDkzCG6aJLJ/p9DyhSmqGtgnnKx7bAJpy7
nrcXmBGd0Gvj3gyICA0XaHdKyWIP8sB2BEDWjsEUOVC+YwnNpzgGjqo67pw5H7sd
/MIJ6WnTkbRYj+HWs/o0+rTvRejF/IsQV6l0/G4/Ny83JMThGYRx8Seqz/AfNzMg
+REUFK0h94tZUa+iFoZhzN+iXdAdQkpvRLh47NeYL1X3eELsIQy67jZf1+XWkeBj
zNLqMb3OCexEvtkL7dBDaCQCJ4gKTWLxwCy1
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:31:77:a6:0a:3a:73:f3:ea:47:c4:6a:4b:cb:b8:a6:ba:0c:4b:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Root
Validity
Not Before: Oct 5 12:00:00 2021 GMT
Not After : Oct 5 12:00:00 2022 GMT
Subject: CN=Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:98:98:3f:4c:87:cb:65:52:40:92:de:70:8f:fe:
49:25:11:9f:7b:10:6b:64:a6:04:81:89:5d:df:f9:
01:1f:a8:f7:5a:a8:bf:36:f8:0f:37:bc:f6:8b:03:
90:f9:cf:09:b4:9b:8b:7a:ee:1d:80:ad:fc:29:92:
d9:7e:51:f6:18:43:df:26:cb:1a:e2:43:d7:c4:bd:
bb:f8:95:7a:e4:54:3d:9c:7e:c3:31:d6:20:d5:13:
84:ee:9c:a3:83:1d:70:27:e0:48:aa:62:df:81:1a:
ef:6c:5f:f6:69:7a:3a:e6:eb:86:22:37:3e:73:ee:
cf:b3:5f:7f:c5:fe:64:61:35:79:04:0f:3b:48:83:
c0:99:65:39:41:8f:b7:b4:6a:aa:ee:c9:e8:84:36:
4e:5d:77:37:dd:0f:ff:20:5e:e2:a0:d8:45:48:36:
1b:c5:89:40:71:0f:83:e8:de:90:7d:22:e1:e5:64:
9a:35:77:31:8b:e1:3e:95:25:4a:03:d4:b4:30:ce:
b4:06:29:d7:8f:3a:03:2a:f0:fa:9a:9b:7d:45:b3:
7d:81:4c:c8:ae:45:64:de:28:6c:d5:53:11:2d:03:
37:35:45:88:7f:51:51:e3:36:c3:10:3e:71:d0:e6:
78:5d:87:ae:39:2a:dd:2f:29:13:18:af:00:5c:71:
1b:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:59:00:A4:21:DA:73:35:FA:D0:46:7C:5E:3A:64:E7:C1:CA:C4:71
X509v3 Authority Key Identifier:
99:59:00:A4:21:DA:73:35:FA:D0:46:7C:5E:3A:64:E7:C1:CA:C4:71
Authority Information Access:
CA Issuers - URI:http://url-for-aia/Root.cer
X509v3 CRL Distribution Points:
Full Name:
URI:http://url-for-crl/Root.crl
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Inhibit Any Policy: critical
0
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
84:91:b6:14:f8:76:93:b3:61:fc:65:c1:09:72:81:f9:a8:d4:
cb:b2:45:f6:15:a5:7b:6c:e0:c0:a6:b4:23:05:ed:c9:a0:ab:
1a:bd:e4:1e:a0:2d:b9:5f:6a:64:8c:0c:00:be:87:85:55:ae:
a9:55:db:03:db:f9:76:0f:f7:44:a9:3a:f0:af:82:78:ea:aa:
97:63:e3:99:d0:8e:36:29:4b:09:8d:85:75:9e:85:10:47:37:
48:31:6e:7c:7c:3d:03:17:b5:52:f3:90:05:d9:93:81:0d:72:
d8:5f:6f:64:f5:3e:cc:15:a2:e2:18:15:4a:b4:6a:7a:ff:d5:
d6:9b:e2:ad:87:74:36:ec:2c:54:c7:79:86:14:a0:f0:26:e4:
86:ae:62:45:6c:0f:69:e2:d9:05:9e:55:60:8d:ed:f8:de:6c:
4d:ac:23:a2:94:2b:95:a3:e8:7c:c1:40:5e:c5:63:b4:4d:53:
20:10:98:09:98:dd:ad:64:fe:dc:95:a0:c7:ca:3d:7a:f8:96:
45:f1:96:07:ba:4f:13:22:7d:45:5f:89:1c:3f:e6:6c:78:67:
54:69:6f:5f:c7:d9:d4:bb:34:27:6f:f4:e3:26:55:e6:79:14:
76:64:c8:7e:e8:9d:de:7f:6a:85:a3:8f:d0:88:6c:ab:3f:5c:
55:4b:88:38
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIUJzF3pgo6c/PqR8RqS8u4proMS/wwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEUm9vdDAeFw0yMTEwMDUxMjAwMDBaFw0yMjEwMDUxMjAw
MDBaMA8xDTALBgNVBAMMBFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCYmD9Mh8tlUkCS3nCP/kklEZ97EGtkpgSBiV3f+QEfqPdaqL82+A83vPaL
A5D5zwm0m4t67h2Arfwpktl+UfYYQ98myxriQ9fEvbv4lXrkVD2cfsMx1iDVE4Tu
nKODHXAn4EiqYt+BGu9sX/Zpejrm64YiNz5z7s+zX3/F/mRhNXkEDztIg8CZZTlB
j7e0aqruyeiENk5ddzfdD/8gXuKg2EVINhvFiUBxD4Po3pB9IuHlZJo1dzGL4T6V
JUoD1LQwzrQGKdePOgMq8Pqam31Fs32BTMiuRWTeKGzVUxEtAzc1RYh/UVHjNsMQ
PnHQ5nhdh645Kt0vKRMYrwBccRtrAgMBAAGjgdowgdcwHQYDVR0OBBYEFJlZAKQh
2nM1+tBGfF46ZOfBysRxMB8GA1UdIwQYMBaAFJlZAKQh2nM1+tBGfF46ZOfBysRx
MDcGCCsGAQUFBwEBBCswKTAnBggrBgEFBQcwAoYbaHR0cDovL3VybC1mb3ItYWlh
L1Jvb3QuY2VyMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly91cmwtZm9yLWNybC9S
b290LmNybDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgNVHTYB
Af8EAwIBADANBgkqhkiG9w0BAQsFAAOCAQEAhJG2FPh2k7Nh/GXBCXKB+ajUy7JF
9hWle2zgwKa0IwXtyaCrGr3kHqAtuV9qZIwMAL6HhVWuqVXbA9v5dg/3RKk68K+C
eOqql2PjmdCONilLCY2FdZ6FEEc3SDFufHw9Axe1UvOQBdmTgQ1y2F9vZPU+zBWi
4hgVSrRqev/V1pvirYd0NuwsVMd5hhSg8Cbkhq5iRWwPaeLZBZ5VYI3t+N5sTawj
opQrlaPofMFAXsVjtE1TIBCYCZjdrWT+3JWgx8o9eviWRfGWB7pPEyJ9RV+JHD/m
bHhnVGlvX8fZ1Ls0J2/04yZV5nkUdmTIfuid3n9qhaOP0Ihsqz9cVUuIOA==
-----END CERTIFICATE-----