mbedtls/tests/data_files/dir4
..
cert11.crt
cert12.crt
cert13.crt
cert14.crt
cert21.crt
cert22.crt
cert23.crt
cert31.crt
cert32.crt
cert33.crt
cert34.crt
cert41.crt
cert42.crt
cert43.crt
cert44.crt
cert45.crt
cert51.crt
cert52.crt
cert53.crt
cert54.crt
cert61.crt
cert62.crt
cert63.crt
cert71.crt
cert72.crt
cert73.crt
cert74.crt
cert81.crt
cert82.crt
cert83.crt
cert91.crt
cert92.crt
Readme

This directory contains the certificates for the tests targeting the enforcement of the policy indicated by the *pathLenConstraint* field. All leaf elements were generated with *is_ca* unset and all roots with the *selfsign=1* option. 

1. zero pathlen constraint on an intermediate CA (invalid)
```
cert11.crt -> cert12.crt (max_pathlen=0) -> cert13.crt -> cert14.crt
```

2. zero pathlen constraint on the root CA (invalid)
```
cert21.crt (max_pathlen=0) -> cert22.crt -> cert23.crt
```

3. nonzero pathlen constraint on the root CA (invalid)
```
cert31.crt (max_pathlen=1) -> cert32.crt -> cert33.crt -> cert34.crt
```

4. nonzero pathlen constraint on an intermediate CA (invalid)
```
cert41.crt -> cert42.crt (max_pathlen=1) -> cert43.crt -> cert44.crt -> cert45.crt 
```

5. nonzero pathlen constraint on an intermediate CA with maximum number of elements in the chain (valid)
```
cert51.crt -> cert52.crt (max_pathlen=1) -> cert53.crt -> cert54.crt
```

6. nonzero pathlen constraint on the root CA with maximum number of elements in the chain (valid)
```
cert61.crt (max_pathlen=1) -> cert62.crt -> cert63.crt
```

7. pathlen constraint on the root CA with maximum number of elements and a self signed certificate in the chain (valid) 
(This situation happens for example when a root of some hierarchy gets integrated into another hierarchy. In this case the certificates issued before the integration will have an intermadiate self signed certificate in their chain)
```
cert71.crt (max_pathlen=1) -> cert72.crt -> cert73.crt (self signed) -> cert74.crt -> cert74.crt
```

8. zero pathlen constraint on first intermediate CA (valid)
```
cert81.crt -> cert82.crt (max_pathlen=0) -> cert83.crt
```

9. zero pathlen constraint on trusted root (valid)
```
cert91.crt (max_pathlen=0) -> cert92.crt
```