mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-11 13:14:17 +01:00
3d98a7eee3
backport of ef4f258
39 lines
1.5 KiB
Plaintext
39 lines
1.5 KiB
Plaintext
This directory contains the certificates for the tests targeting the enforcement of the policy indicated by the *pathLenConstraint* field. All leaf elements were generated with *is_ca* unset and all roots with the *selfsign=1* option.
|
|
|
|
1. zero pathlen constraint on an intermediate CA (invalid)
|
|
```
|
|
cert11.crt -> cert12.crt (max_pathlen=0) -> cert13.crt -> cert14.crt
|
|
```
|
|
|
|
2. zero pathlen constraint on the root CA (invalid)
|
|
```
|
|
cert21.crt (max_pathlen=0) -> cert22.crt -> cert23.crt
|
|
```
|
|
|
|
3. nonzero pathlen constraint on the root CA (invalid)
|
|
```
|
|
cert31.crt (max_pathlen=1) -> cert32.crt -> cert33.crt -> cert34.crt
|
|
```
|
|
|
|
4. nonzero pathlen constraint on an intermediate CA (invalid)
|
|
```
|
|
cert41.crt -> cert42.crt (max_pathlen=1) -> cert43.crt -> cert44.crt -> cert45.crt
|
|
```
|
|
|
|
5. nonzero pathlen constraint on an intermediate CA with maximum number of elements in the chain (valid)
|
|
```
|
|
cert51.crt -> cert52.crt (max_pathlen=1) -> cert53.crt -> cert54.crt
|
|
```
|
|
|
|
6. nonzero pathlen constraint on the root CA with maximum number of elements in the chain (valid)
|
|
```
|
|
cert61.crt (max_pathlen=1) -> cert62.crt -> cert63.crt
|
|
```
|
|
|
|
7. pathlen constraint on the root CA with maximum number of elements and a self signed certificate in the chain (valid)
|
|
(This situation happens for example when a root of some hierarchy gets integrated into another hierarchy. In this case the certificates issued before the integration will have an intermadiate self signed certificate in their chain)
|
|
```
|
|
cert71.crt (max_pathlen=1) -> cert72.crt -> cert73.crt (self signed) -> cert74.crt -> cert74.crt
|
|
```
|
|
|