Misissued certificates - pathLenConstraint with CA:FALSE

Hi,

The following certificates appear to be misissued:

https://crt.sh/?id=77893170&opt=cablint
https://crt.sh/?id=77947625&opt=cablint
https://crt.sh/?id=78102129&opt=cablint
https://crt.sh/?id=92235995&opt=cablint
https://crt.sh/?id=92235998&opt=cablint

All of these certificates have a pathLenConstraint value with CA:FALSE,
this violates 4.2.1.9 of RFC 5280: CAs MUST NOT include the
pathLenConstraint field unless the cA boolean is asserted and the key usage
extension asserts the keyCertSign bit.

Alex

-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6
0
Alex
8/9/2017 11:25:31 PM
mozilla.dev.security 618 articles. 0 followers. Post Follow

0 Replies
33 Views

Similar Articles

[PageSpeed] 17

Reply: