Readme (1806B)
1 This directory contains the certificates for the tests targeting the enforcement of the policy indicated by the *pathLenConstraint* field. All leaf elements were generated with *is_ca* unset and all roots with the *selfsign=1* option. 2 3 1. zero pathlen constraint on an intermediate CA (invalid) 4 ``` 5 cert11.crt -> cert12.crt (max_pathlen=0) -> cert13.crt -> cert14.crt 6 ``` 7 8 2. zero pathlen constraint on the root CA (invalid) 9 ``` 10 cert21.crt (max_pathlen=0) -> cert22.crt -> cert23.crt 11 ``` 12 13 3. nonzero pathlen constraint on the root CA (invalid) 14 ``` 15 cert31.crt (max_pathlen=1) -> cert32.crt -> cert33.crt -> cert34.crt 16 ``` 17 18 4. nonzero pathlen constraint on an intermediate CA (invalid) 19 ``` 20 cert41.crt -> cert42.crt (max_pathlen=1) -> cert43.crt -> cert44.crt -> cert45.crt 21 ``` 22 23 5. nonzero pathlen constraint on an intermediate CA with maximum number of elements in the chain (valid) 24 ``` 25 cert51.crt -> cert52.crt (max_pathlen=1) -> cert53.crt -> cert54.crt 26 ``` 27 28 6. nonzero pathlen constraint on the root CA with maximum number of elements in the chain (valid) 29 ``` 30 cert61.crt (max_pathlen=1) -> cert62.crt -> cert63.crt 31 ``` 32 33 7. pathlen constraint on the root CA with maximum number of elements and a self signed certificate in the chain (valid) 34 (This situation happens for example when a root of some hierarchy gets integrated into another hierarchy. In this case the certificates issued before the integration will have an intermadiate self signed certificate in their chain) 35 ``` 36 cert71.crt (max_pathlen=1) -> cert72.crt -> cert73.crt (self signed) -> cert74.crt -> cert74.crt 37 ``` 38 39 8. zero pathlen constraint on first intermediate CA (valid) 40 ``` 41 cert81.crt -> cert82.crt (max_pathlen=0) -> cert83.crt 42 ``` 43 44 9. zero pathlen constraint on trusted root (valid) 45 ``` 46 cert91.crt (max_pathlen=0) -> cert92.crt 47 ```