2 * Copyright (C) 2008-2014 Free Software Foundation, Inc.
4 * Author: Simon Josefsson, Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * GnuTLS is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuTLS is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with GnuTLS; if not, write to the Free Software Foundation,
20 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
27 /* the key purpose in the intermediate certificate is not the expected one */
28 static const char *kp_fail1[] = {
29 "-----BEGIN CERTIFICATE-----\n"
30 "MIIDOjCCAiKgAwIBAgIMVB/VrzLxJphTIbssMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
31 "BgNVBAMTBENBLTEwIhgPMjAxNDA5MjIwNzU0MjNaGA85OTk5MTIzMTIzNTk1OVow\n"
32 "EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
33 "AoIBAQCjtW076msqq69wke2Nc8NMD6UpxVQ1oteCh91lhIgGS+KBunt+C1Hfnipr\n"
34 "iTEC0A7/DWGynWZBcK8LHbVyG32fP45S7BcR1SimbE0HD1aWFSboQegghrF+NISG\n"
35 "HJgUTvTvUKn8pEUxowHfU3eGM3er4QZ7hyerijOb8/W2PFqkDjEZse6uPzKOoawL\n"
36 "Trm88cCuzSwKuE3Fftvc6tfzorXVKiFIGlbNBw+bpCVUMpjx4w5Ug4BbJpD/e7Hf\n"
37 "U+BCkjfKzWMDJ54rUQLbYUTh4QknHUoZ0W+RMKpeEM4esHt7HdJtZYKh/Lzi5GjB\n"
38 "VRAfAA+5khCRwC2uJv1cpzqVjDOHAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAU\n"
39 "BgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0P\n"
40 "AQH/BAUDAwegADAdBgNVHQ4EFgQU7Vhq5oDQ/UgzdS+yRZGbBuD5GxcwHwYDVR0j\n"
41 "BBgwFoAUWXJAO7Nmy8yMdi66LZQGgaO+plkwDQYJKoZIhvcNAQELBQADggEBABSD\n"
42 "xzc5ZeUpD+6dvIwptMYLLL5qMI5/GmhSHRuI7pPkf7JMOrfOfPaDRKJY2HIoHRB+\n"
43 "68iUeE+C3I17lpuXcTGU4OvLrqBQ19orSfWvaQMl8yOR0Uzjn98jc4wuA2nMOnBu\n"
44 "nV8Yx/rJvBK/uJYBjDaMdKtddBvdUoaOco8tflOLDBz7aBKTO31qynKGWgtPDasG\n"
45 "DsshOcDgstMwhcBXbIrliDvDhBeWZnjG6E+9yf1ppUoVMp8UU6H12lA3en1GzI3v\n"
46 "E9NHhkJkFk6uUIp09sWLfw/MGiU/rIb9Kj7qjOoE0RAirOJdqSnb+XRwtD5U8u2Y\n"
47 "JcxB7MEBdJsNPbxRVtc=\n"
48 "-----END CERTIFICATE-----\n",
49 "-----BEGIN CERTIFICATE-----\n"
50 "MIIDFjCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
51 "MCIYDzIwMTQwOTIyMDc1NDIzWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
52 "BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxSDH68ZW2CHV\n"
53 "6aozE8LMXnOZXDOuli49867VsS7SLr49jxL6jzLx/oJN3JfITcn+ohYNifnA7TBa\n"
54 "VeDSXMTG9tJrU8FlOTCk2Vsc939YiJ9tKNX4rPD+OeSbWgxOnVlkI5zZYnq/+i1E\n"
55 "UvahCHyP93GXl0zR9hsSptJPD27mX653clPqPoTNBA+qSDTb/GK0Yvgfioaqk0PO\n"
56 "q8pcKjZ2N+qg7st+y5Rj/92g9E6vpdHt9DBfL1THkeaJ0VKfvsea8fj1y1AwwWvT\n"
57 "9TWIYCLCiYYtMv2Oqsf3lMMU+Zs5DO1FqHglXrnwjGMN6tf57OYol72Pih3enejM\n"
58 "Syb2U2z3AgMBAAGjeTB3MA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n"
59 "BQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUWXJAO7Nmy8yMdi66LZQG\n"
60 "gaO+plkwHwYDVR0jBBgwFoAU8DKVyOiO2uYcwEgw+8kRGgRXCPYwDQYJKoZIhvcN\n"
61 "AQELBQADggEBAHudcSXdtTdRoMkxRZUxPu3RaJFaFJr+y0SU+3gBBjbMuYIUD5b5\n"
62 "neTl5NDwtgPQS41ldf7oMVWaFGdV6OZzkfPqWgNCsDPy7xSGHXLQ11SSNsw+J9mW\n"
63 "zVdiM+BQOWvd4WJ0FKJ+pO1WVyTiIaqnSmETzgviX93YueV53h7Z02sGifp4X2Xh\n"
64 "aauF8xrG62ELNBC5kYFkAWrnNtSMuykbpfZT+l4nFI9ytxHLRFMaH2jpbfdL0pmQ\n"
65 "oktFJ1fln6N0S71doSUTvfy2iPcvVqjIKW6YD/Pyrr6ThEbVSGzY4FogzUMQf3fN\n"
66 "J2Q6Eb+S3ZB28Sm377QU5XKQ1ANpOa4ozHk=\n"
67 "-----END CERTIFICATE-----\n",
69 "-----BEGIN CERTIFICATE-----\n"
70 "MIIC9TCCAd2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
71 "MCIYDzIwMTQwOTIyMDc1NDIzWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
72 "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYp4Ek815xc7wy\n"
73 "5AEJ2AzJSyTnVWR4HTsaWBOVGCpE7Jrz3hHPUzE/9gRM1Oq5ROWJ7DUVFoD9pP8A\n"
74 "if2hRYwSqCNaMswMj3ReDLm2iKROrFhYR9Rr6kcucmRDcrN1SqmmIvZT80uxPXhT\n"
75 "TRVWYHc9kjGvgC3U16O+265d44mgxGw2UMwMirh5X5u6JFrfTShBXj08UJoNsj+1\n"
76 "6Tp/x6+vO8iaGWcRPetAWzwMGNSH4CanWuHZBdL7jLV/OamfvKhBHhEGF/JN1KDn\n"
77 "MSLrQJib8T2WVfVdmLWM6FbDiw2i1KeleCij354MNuI+Azr8aTJma5cI1BWU5Ndq\n"
78 "tbHShdCxAgMBAAGjWDBWMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n"
79 "BQUHAwEwDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQU8DKVyOiO2uYcwEgw+8kR\n"
80 "GgRXCPYwDQYJKoZIhvcNAQELBQADggEBAD4RUNg3EQ5yJ1LfXWKFTXIhSg6B92Y8\n"
81 "QTSq+1RWEDP51J7i60A0yTDZi0XZUrfNIv+0gzw8F9l/QEWM+IXXnHUhhluZW/xf\n"
82 "PiQPtz3Tv5uMIxs24vMIZYeMzXJ+N1rY2JbYsEWhkfSsJA8LD08gw0azlPKx/wXy\n"
83 "aBlknDfeCcrpXhnJdpMxj/N7nLPTQuPe7/VmZjYc8VkopjKMrZS+3KcEoXbr5Zjr\n"
84 "zm2mY/IHu6AZgtsWMhakONbH6I9rsZt5VlTPO72VmkjYtHhFfvjs2fPH1Gdu52y7\n"
85 "P4gcTXWeMficO8uzeHv17J0+qBBYxRe5Fkri1i1JRjJcBqVaK3JPUzQ=\n"
86 "-----END CERTIFICATE-----\n"};
88 /* the key purpose in the anchor certificate is not the expected one */
89 static const char *kp_fail2[] = {
90 "-----BEGIN CERTIFICATE-----\n"
91 "MIIDIzCCAgugAwIBAgIMVB/V7wN6fXUuqVU3MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
92 "BgNVBAMTBENBLTEwIhgPMjAxNDA5MjIwNzU1MjdaGA85OTk5MTIzMTIzNTk1OVow\n"
93 "EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
94 "AoIBAQDlUn8aFZ8w0fXI0ewO8+UQ0KKw1hUbH9A7DLJKj/bEyFepKh7JKnBTugs8\n"
95 "LEE0BKxMjC2smx5sbIKPGRljva6qST6j52HjWQfVMjL4u3M8eH9y+t/ltatMUZ6a\n"
96 "GFpchgNNp66/PW5F2aar73H+KpIBT+Lz0mfpjY48LS+c/ZaLfufbbJ49eNPIZPgk\n"
97 "nsrX+41YCC3axlUCXeBxdAkCaE3ff5G/pWBPKg+Mx7iS4bjvOAPgjX8cM/ZqLfP5\n"
98 "5o+AQqocXw1/uouvpO7rsww+0PgVQnZxoVX2QK3i8l2kIoIBLNaSLTx617tlKZgL\n"
99 "6KW+6B4BJePzNN5UsOgWMo4ZIq9pAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYD\n"
100 "VR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJBE\n"
101 "Ci49lpyQRB7rCapUONuivibPMB8GA1UdIwQYMBaAFOjA+VXcj2Ujv5sKm7aczyNr\n"
102 "bTvOMA0GCSqGSIb3DQEBCwUAA4IBAQAUnlwhZzSUkD4IZ3g4HgfGD0Tlf7ZMZbUw\n"
103 "wtdM9sGzYS9n4r2Wn1pVHEzlzqyI1UCnZq2cqYcDfLUncIBYTOveGyrkzq791Mnx\n"
104 "1HbmcsjQbEWr/ywCEX55ZWGiDrLkK85TRS+BYNVA4sZnAzvzKwwKOMOGfiKcj7rq\n"
105 "XBWpUSbRua29uQOk+P1US10bxiD777OZtp+woJlAUPaB3U4XZsbCCbl/ln2BgpoP\n"
106 "61Qn3BdnfSrl+BsjlpDBUItnyVICCRRH109XpHmvXC0SnceGnl0S0rZhFXMZ5uhK\n"
107 "icfV5FLumEOPw+pmFIY9z1B/e/EQfbWuhycQT2J5R1RfrwMbRI8D\n"
108 "-----END CERTIFICATE-----\n",
109 "-----BEGIN CERTIFICATE-----\n"
110 "MIIDFjCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
111 "MCIYDzIwMTQwOTIyMDc1NTI2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
112 "BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvp14uRd38IoFu\n"
113 "CW+O/T5k4eLDbll8hZkoJkV6fm7oGQ0LcZRvhvQaHRxO50QzzNYoLMpDVw9cMMJr\n"
114 "cyy0C7jehOOLX4JVTWPyoynOycHTmqs9BZmjx5H/cFZRxYg9MQFmIDVj7jjaLf6u\n"
115 "vqDR02ab+tHesT9Zc/r/0THAqPoFio3rVXNyQpMQbsywxFRqhG0X0JkQ63xBKJQ/\n"
116 "ZvlfNyLnM6D1cG2Kjq1hbjyTNdofGUHY+CGuuoEAqIRnKR80rpUw5cdxy2bAjBgN\n"
117 "ubCD7QQlxMUmARjwAgM6lhWB+EXhbcMqZ+dmL0elmST8E8Y5sY/UkEorzigIHjr2\n"
118 "Tyl0/LSzAgMBAAGjeTB3MA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n"
119 "BQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU6MD5VdyPZSO/mwqbtpzP\n"
120 "I2ttO84wHwYDVR0jBBgwFoAUEjFgu7hCgPDa1wiPd0d1kW33LNIwDQYJKoZIhvcN\n"
121 "AQELBQADggEBALB1rjTwAzC0ZFSTyGg6wYo0S/zo+RKFbezHQf+TVQ6mUjbAs6Zs\n"
122 "KdTm5rvWXd669RqN9pVWZhlP4gBHAe/0koIjZQ92LOkqosEGsfWbzKfy0Ey3+MWs\n"
123 "2d5Qwunzm7D/PnsrYCtZoNIIr0KiAMjyfW3cBB/n1vcaZDAnHnkoUWLUfsgoBFxq\n"
124 "yGHJU966soKKl6yMAz8+pn8SDkXFjGXNCJSEcLFq2mwSVTJO2bLDKsnknAdkJr2A\n"
125 "1n3vudMERHj4IjXo798Qj/qGozYECDgKLBzBN6+8HUA2r+qelNl04EI+neFaQ5bb\n"
126 "nU6OfwULZEc+I9iucS+6I1hXmqqI/jcBIRM=\n"
127 "-----END CERTIFICATE-----\n",
129 "-----BEGIN CERTIFICATE-----\n"
130 "MIIC9TCCAd2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
131 "MCIYDzIwMTQwOTIyMDc1NTI2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
132 "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW9zXIvd+4Qf7Q\n"
133 "dzGbDAR+tc8rOac7FE+YJkWTx+fcIjtaiXaPRA5r7xCUawBAPaH4DvRqmqxwG+Js\n"
134 "CD3YMERMh184XHkPWX/s8P14lwmzm/k65GF7PLTcGEwQN67PgRkvV9l9iXq2Krgk\n"
135 "syfAd+7mTqkx63PPJgVqIa8Sk9Ljdp/GBlvAaFRpm8fvsKmRwDO+AjLTLw7Ou4kN\n"
136 "XQwPejnoreUb19dK5naA5ODrliv7mPc082g9o8NGULMcidGndBry5D/hYSY2zvUJ\n"
137 "lxy8M0LHQxdx1d3UIAY5i+sT5OUQBRvoXETZup7Ve6aoKfBc63PWiNAe7wuyGpWR\n"
138 "4dLskuZjAgMBAAGjWDBWMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n"
139 "BQUHAwEwDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUEjFgu7hCgPDa1wiPd0d1\n"
140 "kW33LNIwDQYJKoZIhvcNAQELBQADggEBAFePqEhyTZeZhm+1l10cre94O/0awOTk\n"
141 "mDLhJJY2AI9zqAgnaWXg7YAf7nz3Z1Jez02fu7F8c9r7E010YE1W+2kECuM4uN6r\n"
142 "9X7VnUW9VRXgiLFIi7mLFtqh+VnwR3xvnKYRFM12pXDFoWhyYfFWVUeNnXdKSN6E\n"
143 "4sMPBoyuSB47yit4BUkEanbnGbZG74G7ldRg9HXJqmkOJl+1HALpAstBE/MCM7TF\n"
144 "lXgkj8eCaQwOKcK6bl+BM7dExwmYbOY/ILsDHx3/AB/eT7K8kKwE+pAzmHPobX4A\n"
145 "np3FeZ2muHFtNx32NuatbIk1VI2pbskc0iQLwBl06SLDR/5Hq848MDM=\n"
146 "-----END CERTIFICATE-----\n"};
148 /* the key purposes in all certificates match */
149 static const char *kp_ok[] = {
150 "-----BEGIN CERTIFICATE-----\n"
151 "MIIDIzCCAgugAwIBAgIMVB/WCA0b8cgGIwgHMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
152 "BgNVBAMTBENBLTEwIhgPMjAxNDA5MjIwNzU1NTJaGA85OTk5MTIzMTIzNTk1OVow\n"
153 "EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
154 "AoIBAQDACAXnEalw36OPk35Kv8Goj7xRaeaAz4W4w1vUZ6IJCiNIzIknvlnU5vi8\n"
155 "MigzloHYXmhHRyfHGggoPZyGtDNiKIeZLRE81CVS9UzM4Uu5naKmU4zBMmmqEvvh\n"
156 "/IHHDXd+Ky89WXcI4rTFjzGzvViQinN+1E7BViFplOBvGHB0qa/v2saqyoD9HRJL\n"
157 "RKYbSGG85T1u8B7M7mdnBuQyk12r6lsxsNfScnkNH04jUtgL1i+Susd7zo1waqi+\n"
158 "lXvvW5P8gB9cfa32cXsBNGReOZoVk7G60JjLDmB+fWetVn7o42wG0gZ6TsSTsrqn\n"
159 "WLNMOxw3W8WLapR4vwU2BzjTZfRjAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYD\n"
160 "VR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFDL9\n"
161 "2DAwMqU6DnAE8/MOefs0AFO8MB8GA1UdIwQYMBaAFO47x5DoYJnwbtfPj/PIxKmH\n"
162 "JZQqMA0GCSqGSIb3DQEBCwUAA4IBAQBv3kR0R0VIu4mJ7oERxCPosJafnJPOGRMz\n"
163 "7F4zk3j7kwaP6OGHRJwcvxNLRAr+YIXheFDEJTwkEtA5pbir9wIG0fb+FT/o4ggs\n"
164 "4r2DqEZo9rZNatPMTKswbA3kmeKxRUe/AVsqeSz5Na5HNrHAGFZplUpyGMHT09f1\n"
165 "rHfOTlsq8dorGtE14UyJc9CY1GhHZVNFSPgyaKxSTVBr4qsD1WVKPcARWjL9Qp7E\n"
166 "0Gnh/O+eLdC4V7izmAfaS7kwyYiyJoWSvce4hMweEfWytOaBJMDg4pFDLabhfJpo\n"
167 "IZXCSc3/qHmf03lU+ntppPOXdl5niZ0YnwRmf8uYJb13EAepaiyQ\n"
168 "-----END CERTIFICATE-----\n",
169 "-----BEGIN CERTIFICATE-----\n"
170 "MIIDFjCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
171 "MCIYDzIwMTQwOTIyMDc1NTUyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
172 "BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp39LwuWEO/TO7\n"
173 "0X9G8P3+EoWL8TDyGmAGST3+qM9pSunLkIeYnY9RtiT8/W5Tt1G7GD7RaU1J+IoL\n"
174 "UsEOpT/Apx2Pl3AcXLQlhrtSSZj+yBBWSvY2C+Affhr34sIEYXlE85DseSvotJb/\n"
175 "ebHoOFPziji95gR+l9L7aQe7RKaebTfNGbSuTzn1e1YYmnJqtNmfLcrgALblCYBm\n"
176 "XMlJRy5NCiWk1D/BNIGsp7Qqtx5yE/h+92bY7js7s/Vzmbhs3LmFYoKMvBOWqbrc\n"
177 "OQCFZxLX4jaNg64OEVOX+OqbAy+bssoMWiXAZfBz3018Xnf88lrsYVL1ZH6QDQL7\n"
178 "sEIZ/IBPAgMBAAGjeTB3MA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n"
179 "BQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU7jvHkOhgmfBu18+P88jE\n"
180 "qYcllCowHwYDVR0jBBgwFoAU1fwQDT/4ciYUpHQqev0LK+2shjswDQYJKoZIhvcN\n"
181 "AQELBQADggEBABjGLC1H8oL/TjwBBbrFSwRtmbY1ElLO6lZvniWnfsOk7R/DdoBb\n"
182 "rzNcdUOcXoH6RbuZ4XA2ROqLb9RAor/V+A4CWHLLfToHKTYFE4vH7iN99gk+OEy6\n"
183 "G7CR2jYNHVikrX3eEUqdMby9+mY1K9GAz8+MojBUTPllc7Gzp0TsLzWXxvhSR84Z\n"
184 "zVJAS7bE605pKeABTD3b4aSskn0yt4UYEgVfw2hOnXDaZMfQLgp46z2PBuKXo+Xq\n"
185 "JpqbTJMuWA96J4A51RloNWBESzYhBCppeGIlGOhryqMDreVJ+MxZiuqgcbvm/7qc\n"
186 "QTLpHAc7dU1/X8/QgqKZIVnpWbmGRNsnTuU=\n"
187 "-----END CERTIFICATE-----\n",
189 "-----BEGIN CERTIFICATE-----\n"
190 "MIIC9TCCAd2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
191 "MCIYDzIwMTQwOTIyMDc1NTUyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
192 "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoyMH9n/NaDPOx\n"
193 "+LFRDvrIPyCpc1cCfq/CLjdcUYll6IYCDn/p2XTSFFCzeLY37yyAX7VuHcbfAQWD\n"
194 "0Ax8IL5EUBdQ0BVEkw5ck5pOsqbnLU991zAvUpN1C+u7ogB92atTaeDR9TUE4bMX\n"
195 "EW+k6us9WQQe9A/w5rnOr9baR+lvndQW6Mun+7bhhX0KdezUosTd6xfW9tOXSOso\n"
196 "jkk9wW+PKdRCmfmqENNLMAIkQ6RES5LTO9KFGlbaCfJjxPVmT7V53nRsY4j+v1rT\n"
197 "nNMK6JshtbjQCaVM3nvXXQCJ0nRtUGUcS2JeRpc1C6h+TsHPDo7kNPKGYLDi5Zps\n"
198 "9WOArkLVAgMBAAGjWDBWMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n"
199 "BQUHAwkwDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQU1fwQDT/4ciYUpHQqev0L\n"
200 "K+2shjswDQYJKoZIhvcNAQELBQADggEBABoD6Zl+A3DU4KTa4n+002J4ddl85O4+\n"
201 "Qj1NOFfGZ8qP8S5SuzlUIUzRMvIacCSXOwcBFer4UtKe5x/O5i9F1G4eKt09vGGF\n"
202 "+XZNjhBOOqqEVUEcwCMecdU5aDaFWx3g7ixrzOlA17Ida/j/QtJZVyhJJBm9wxfW\n"
203 "peFcl/aR3/PPn3eULbTTMK+mUe96PwW2FrEA7ecNBxhCkcIvt42IWqkqTD/1Mg6B\n"
204 "BukSgD3VAQumnglSuu+G+F+KJ0zFPdmu6IaudpQ92hM6NeK1vJiiP1Mv0ALsk04C\n"
205 "Byazcl/VWffXsBIE8OI3k25rFXGn5IAVxzLNGpRFhWfKXbREXICC868=\n"
206 "-----END CERTIFICATE-----\n"};
208 /* This is the same chain as modified1 but with no modification */
209 static const char *modified2[] = {
210 "-----BEGIN CERTIFICATE-----\n"
211 "MIIFXjCCBEagAwIBAgIQHYWDpKNVUzEFx4Pq8yjxbTANBgkqhkiG9w0BAQUFADCB\n"
212 "tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
213 "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
214 "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm\n"
215 "VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTQwMjI3\n"
216 "MDAwMDAwWhcNMTUwMjI4MjM1OTU5WjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMK\n"
217 "V2FzaGluZ3RvbjEQMA4GA1UEBxQHU2VhdHRsZTEYMBYGA1UEChQPQW1hem9uLmNv\n"
218 "bSBJbmMuMRcwFQYDVQQDFA53d3cuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEB\n"
219 "BQADggEPADCCAQoCggEBAJdfieOPrf4Arf1Iled/ii97407ZnjpaB5xxm49Q4Pz3\n"
220 "+5xmD0LYre7Cjn1A7W3ZlHki5zFVZpW9Jb/3PfSEDY5slyjkLD2jdl2gVefSthSZ\n"
221 "tYxb5eYv79tIEN0U9AZ8/VaGwUokl8n1MitcECxNLMe4LqoVmS29nXITTTzX5t3I\n"
222 "4dUeMBDNI+xgVpJSpxwzA+/L+wxoj5Sb4YJ/Y+iUknCkjX6PpaZMRWBEE0dqvG02\n"
223 "qlxXesAV0nmKYvjbtqAyoW6vgjP85h6gJEESIqTTZy1HOgFpO8XT05CpGDcjhP1s\n"
224 "TvXF7Vx1aj+xDidGLLW188G35oFKIhEyHQV2V7vzRAUCAwEAAaOCAbUwggGxMFAG\n"
225 "A1UdEQRJMEeCEXVlZGF0YS5hbWF6b24uY29tggphbWF6b24uY29tgghhbXpuLmNv\n"
226 "bYIMd3d3LmFtem4uY29tgg53d3cuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1Ud\n"
227 "DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0g\n"
228 "BDwwOjA4BgpghkgBhvhFAQc2MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZl\n"
229 "cmlzaWduLmNvbS9jcHMwHwYDVR0jBBgwFoAUDURcFlNEwYJ+HSCrJfQBY9i+eaUw\n"
230 "RQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwudmVyaXNp\n"
231 "Z24uY29tL1NWUlNlY3VyZUczLmNybDB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUH\n"
232 "MAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTBABggrBgEFBQcwAoY0aHR0cDov\n"
233 "L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN\n"
234 "BgkqhkiG9w0BAQUFAAOCAQEAOeZfjkI0yR/nutCMHp5/uB/evkB8qIYxh1KKbhPB\n"
235 "TmpykmJxiLKrBBcBBu9kW5lMbNPSNclE4sCyN0dxCJHwPm7ubNUxsmDSTPTJOx0M\n"
236 "zl0WZVaZ7eX3nw1kj8jSoK0f5n87RzKK85MwBFsEn73Z2pDvxTcd72BE0T1UJLcU\n"
237 "2A5uHAJyvm2QpOWBIRKlJHIHCcu5xjj5yLnGO9id0cjOjEgj9f1Mo4hzawL5vQfk\n"
238 "o/xFxAsA70bk2trv54kgLvhmAW+B6OpN3Z/xB4mWNOw3G8bg/u+pCLvd8KRO5V8K\n"
239 "TlgO1NTaOgYC6OAF3USNMhuNZh6h5tWA3mA8rFr8ZsayhA==\n"
240 "-----END CERTIFICATE-----\n",
241 "-----BEGIN CERTIFICATE-----\n"
242 "MIIF7DCCBNSgAwIBAgIQbsx6pacDIAm4zrz06VLUkTANBgkqhkiG9w0BAQUFADCB\n"
243 "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
244 "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
245 "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
246 "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
247 "aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtTEL\n"
248 "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
249 "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
250 "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVy\n"
251 "aVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3\n"
252 "DQEBAQUAA4IBDwAwggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG\n"
253 "5btljkRPTc5v7QlK1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8\n"
254 "f0MmV1gzgzszChew0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDK\n"
255 "tpo9yus3nABINYYpUHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAbo\n"
256 "GLSa6Dxugf3kzTU2s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RV\n"
257 "M5l/JJs/U0V/hhrzPPptf4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggHfMIIB\n"
258 "2zA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlz\n"
259 "aWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4\n"
260 "RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nw\n"
261 "czAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQG\n"
262 "A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUu\n"
263 "Y3JsMA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglp\n"
264 "bWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNo\n"
265 "dHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAoBgNVHREEITAfpB0w\n"
266 "GzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+\n"
267 "HSCrJfQBY9i+eaUwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJ\n"
268 "KoZIhvcNAQEFBQADggEBAAyDJO/dwwzZWJz+NrbrioBL0aP3nfPMU++CnqOh5pfB\n"
269 "WJ11bOAdG0z60cEtBcDqbrIicFXZIDNAMwfCZYP6j0M3m+oOmmxw7vacgDvZN/R6\n"
270 "bezQGH1JSsqZxxkoor7YdyT3hSaGbYcFQEFn0Sc67dxIHSLNCwuLvPSxe/20majp\n"
271 "dirhGi2HbnTTiN0eIsbfFrYrghQKlFzyUOyvzv9iNw2tZdMGQVPtAhTItVgooazg\n"
272 "W+yzf5VK+wPIrSbb5mZ4EkrZn0L74ZjmQoObj49nJOhhGbXdzbULJgWOw27EyHW4\n"
273 "Rs/iGAZeqa6ogZpHFt4MKGwlJ7net4RYxh84HqTEy2Y=\n"
274 "-----END CERTIFICATE-----\n",
276 "-----BEGIN CERTIFICATE-----\n"
277 "MIIExjCCBC+gAwIBAgIQNZcxh/OHOgcyfs5YDJt+2jANBgkqhkiG9w0BAQUFADBf\n"
278 "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
279 "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
280 "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n"
281 "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
282 "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n"
283 "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n"
284 "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n"
285 "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n"
286 "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n"
287 "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n"
288 "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n"
289 "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n"
290 "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n"
291 "AAGjggGRMIIBjTAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n"
292 "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9\n"
293 "BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy\n"
294 "aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwNAYD\n"
295 "VR0lBC0wKwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBBggrBgEFBQcDAQYIKwYBBQUH\n"
296 "AwIwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUr\n"
297 "DgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNp\n"
298 "Z24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhho\n"
299 "dHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEADyWuSO0b\n"
300 "M4VMDLXC1/5N1oMoTEFlYAALd0hxgv5/21oOIMzS6ke8ZEJhRDR0MIGBJopK90Rd\n"
301 "fjSAqLiD4gnXbSPdie0oCL1jWhFXCMSe2uJoKK/dUDzsgiHYAMJVRFBwQa2DF3m6\n"
302 "CPMr3u00HUSe0gST9MsFFy0JLS1j7/YmC3s=\n"
303 "-----END CERTIFICATE-----\n"
306 static const char *nc_bad1[] = {
307 /* DNSname: localhost
308 DNSname: www.example.com */
309 "-----BEGIN CERTIFICATE-----\n"
310 "MIIDSzCCAjOgAwIBAgIMU/xqxDpxZ3J5cUcrMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
311 "BgNVBAMTBENBLTEwIhgPMjAxNDA4MjYxMTA4NTJaGA85OTk5MTIzMTIzNTk1OVow\n"
312 "EzERMA8GA1UEChMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
313 "AoIBAQDP3GV/JSLCCmx09hJINJZC8fSUBE1IVbZsY/q00rZOw5KwPioLiMOIup7W\n"
314 "na8YJ2ama0GJjU86PlJDhBH6soaY24ZCW5kKhvfnSw2TkpW6umL7psvuBslRoMxA\n"
315 "t12MpapZDFZixZjV44Bstuyt9sI1ze3au+5C7E4+z40o/3uvbIiN2iz4bPgwPIMu\n"
316 "5V/bVTei6uAcu4fNHh/AGnAUJa201QsUhM4+VRFc0XmanjSulySD3obwERDneqab\n"
317 "77gnIP6zwuFXxHgucbmzU8DIgVhes2k4v6AB1nPxlpUL5+E+W4XDg4ckGGkfxgcn\n"
318 "dGYvuv3pwIyHvb7Z0A8D6bE435cnAgMBAAGjgZ4wgZswDAYDVR0TAQH/BAIwADAl\n"
319 "BgNVHREEHjAcgglsb2NhbGhvc3SCD3d3dy5leGFtcGxlLmNvbTATBgNVHSUEDDAK\n"
320 "BggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBS5dbTqiPbhe7Fg\n"
321 "e/Bs92qsNgWSzjAfBgNVHSMEGDAWgBSgAJcc9Q5KDpAhkrMORPJSboq3vzANBgkq\n"
322 "hkiG9w0BAQsFAAOCAQEAdkVCQQ5mCuV5WTqCeH7AtXxYM7IV7q6O7uqirKwDUzGD\n"
323 "wB5shurAPMn9IG46O68P+BPLMfwszFDgszNrjuMsKb7hLT5+pVsd6XRQeimPJ5rN\n"
324 "/szMfALLAcw8Yxt+1YbxlgUgybFsiK2zdBpAshU+FzMRvFfq9rnqW/VXM0J6ghz3\n"
325 "VqLbviOY5KpCLzfG0yM+CTcKXVFau9QZK962AfXzUwaCymw1cRHzQlpdMQtTtcIp\n"
326 "nci6MKXViEdeHbPLcZe9+vzSSpFh5u/l47w+2B1oz7mndFFpxkw37zDaVH5yAFxK\n"
327 "+5VijiKxH6nmniLUX8Zsv82YBaO0liNb2fOZopxQGQ==\n"
328 "-----END CERTIFICATE-----\n",
329 /* Name Constraints (critical): (empty) */
330 "-----BEGIN CERTIFICATE-----\n"
331 "MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
332 "MCIYDzIwMTQwODI2MTEwODUyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
333 "BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+iPUnEs+qmj2U\n"
334 "Rz8plNAE/CpeUxUfNNVonluu4DzulsxAJMN78g+Oqx+ggdkECZxHLISkzErMgiuv\n"
335 "bG+nr9yxjyHH2YoOAgzgknar5JkOBkKp1bIvyA950ZSygMFEHX1qoaM+F/1/DKjG\n"
336 "NmMCNUpR0c4m+K22s72LnrpMLMmCZU0fnqngb1+F+iZE6emhcX5Z5D0QTJTAeiYK\n"
337 "ArnO0rpVEvU0o3nwe3dDrT0YyoCYrzCsCOKUa2wFtkOzLZKJbMBRMflL+fBmtj/Q\n"
338 "7xUe7ox62ZEqSD7W+Po48/mIuSOhx7u+yToBZ60wKGz9OkQ/JwykkK5ZgI+nPWGT\n"
339 "1au1K4V7AgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0eAQH/BAgwBqEE\n"
340 "MAKCADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBSgAJcc9Q5KDpAhkrMORPJS\n"
341 "boq3vzAfBgNVHSMEGDAWgBQ/lKQpHoyEFz7J+Wn6eT5qxgYQpjANBgkqhkiG9w0B\n"
342 "AQsFAAOCAQEAoMeZ0cnHes8bWRHLvrGc6wpwVnxYx2CBF9Xd3k4YMNunwBF9oM+T\n"
343 "ZYSMo4k7C1XZ154avBIyiCne3eU7/oHG1nkqY9ndN5LMyL8KFOniETBY3BdKtlGA\n"
344 "N+pDiQsrWG6mtqQ+kHFJICnGEDDByGB2eH+oAS+8gNtSfamLuTWYMI6ANjA9OWan\n"
345 "rkIA7ta97UiH2flvKRctqvZ0n6Vp3n3aUc53FkAbTnxOCBNCBx/veCgD/r74WbcY\n"
346 "jiwh2RE//3D3Oo7zhUlwQEWQSa/7poG5e6bl7oj4JYjpwSmESCYokT83Iqeb9lwO\n"
347 "D+dr9zs1tCudW9xz3sUg6IBXhZ4UvegTNg==\n"
348 "-----END CERTIFICATE-----\n",
349 "-----BEGIN CERTIFICATE-----\n"
350 "MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
351 "MCIYDzIwMTQwODI2MTEwODUyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
352 "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2cd2vlg/9nuzi\n"
353 "6S6/qyJRnaUoFutajTwGqfQKZpbqXI7TcFZwKidzAZlZiU+sAvkY8d/9cadlbrde\n"
354 "S9HGv31QmexWjgWAMGNpeyiPlXIN8xGzIbZRM3FCih0bnIyibdwgAuU14dUrChGD\n"
355 "sQ4SAmRUpThkB8anvC10PIsxfnifBwJI6dGQZb1KOxVOIWg7Gb5tNFkZILBGv8wk\n"
356 "cbycIBYC3lRX8svUj9mMiro53f+4ZGbi4DcSLIdw4ebAczfBd+uHM2jkHFZUNuAY\n"
357 "7rGZAAuqEh5IE0QHS9CV6mg6Pf9+sLGMBZUbix2sxRntAEyz8+kO7W2zgmKPla4+\n"
358 "y54cIUmBAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n"
359 "ADAdBgNVHQ4EFgQUP5SkKR6MhBc+yflp+nk+asYGEKYwDQYJKoZIhvcNAQELBQAD\n"
360 "ggEBAC4N4dUoGDTGf93DtjEcZzqGoAd6TsCYy6k5zeYMZFwogfArg0IMurcFDLeN\n"
361 "PXe3xl9RiUjbiZMaHWju81kIO34z0NLd705XR9QFEc+xiuZOMmm4SxciAF5xo+Hh\n"
362 "Fhc9cVa8Icm2ju86Q4yhJziYrElH8VwHTBE0k+RE1cK65F5PQFGGBlpGm9EMcYTv\n"
363 "EQQATPLuWwKRAFNJBx2t3DAeMseo/Iq6Snd/UfdqgLkV61YtbzqL8bu+a8rgMAYz\n"
364 "ovgORsI48TlbU4H7YI+vzPO33tRV2m4dOxppMHzv8Ie2LIIfqYn0HRd87c06djEA\n"
365 "EpXfXGqxjX5vAtNPO5fGGzghol4=\n"
366 "-----END CERTIFICATE-----",
370 static const char *nc_bad2[] = {
371 /* DNSname: www.example.com */
372 "-----BEGIN CERTIFICATE-----\n"
373 "MIIDQDCCAiigAwIBAgIMU/x5DBI1pGSO2eYZMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
374 "BgNVBAMTBENBLTMwIhgPMjAxNDA4MjYxMjA5NDhaGA85OTk5MTIzMTIzNTk1OVow\n"
375 "EzERMA8GA1UEChMIc2VydmVyLTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
376 "AoIBAQDL/hbj+RVDQ5sA4VR2FZ+P+/jju7jkUFUovwhCrWpGXFs0WDokcOkcXc3f\n"
377 "0yturFWazVEKaaZECiDpGf6iXmNoJA6fPT+G0gPlIL6wh4wKQG+vwVYsX5ZkXOMR\n"
378 "sl7BqCpeCChkth54mClEwOYW3WohdXqiJfxoFVdgnisbqkxYtz9aXzYE71cZIFAx\n"
379 "nL7V/gY+G/m0iZCdfh7YEDlT+qtLkGyHsyyTxwUH4yyqcsFl4WWG6wAdKF5U69yw\n"
380 "uo61J5wpE+yDyS0u4Cjw67d29OIHsT7GAq+fP69vMoEHPvPUM/aA68AycybV2OYt\n"
381 "8OJAyZqf/6zvnlrbLuk08kWf1TD3AgMBAAGjgZMwgZAwDAYDVR0TAQH/BAIwADAa\n"
382 "BgNVHREEEzARgg93d3cuZXhhbXBsZS5jb20wEwYDVR0lBAwwCgYIKwYBBQUHAwEw\n"
383 "DwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUz+XUeM8bwvK3BD7NVRRYSeZSlA0w\n"
384 "HwYDVR0jBBgwFoAU/n2NeCCnwHQwFpKwi42A3H+w9W8wDQYJKoZIhvcNAQELBQAD\n"
385 "ggEBAPJZO19PhmxQ1ZRDLQWZWxuQgD2Wwy8sS+wnlUo/TZM7+pT5ICjLdEKgETPd\n"
386 "HOqgAMQFaUpp5vx1jUBmmKdPOmwEnV/2zbw3GrYwAQjxunXD66iHjYbodl9zBumM\n"
387 "NXDGsHnKYNu9sPdQSMLC7OEOrKvEhH2afOvYDORQbSGXh7+3js7Mzggy0NoYtxnK\n"
388 "4wqt6g73SFkV82mTQpUBK218ROjuWVBUmWxq2JU+qvsAKbhz+Tjr9+kmFcNBRgmA\n"
389 "Zga26uoQhd6YP9DKbCvf3sK4bi6A5NROeLf9BzJHWkGani4F9wOjRmLVnLlB3BPi\n"
390 "tHZaLDU9fUnf6I6p3nu6LPTH3JU=\n"
391 "-----END CERTIFICATE-----\n",
392 /* Name Constraints (critical):
393 Permitted: DNSname: example.com */
394 "-----BEGIN CERTIFICATE-----\n"
395 "MIIDIjCCAgqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0y\n"
396 "MCIYDzIwMTQwODI2MTIwOTQ4WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
397 "BENBLTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6kCE6KmDCkagX\n"
398 "fvq0rx73h7zn23phJYBmugfp5fPQYIJ1463dGmlFK4Lfkz2V4StgM2mbFFEkcyVC\n"
399 "pz+PyeSDgyWJJ/RwG690lLfu5JfNLvwxj/rFNK6rS7EpADew6RgURCpEMt6z1uEk\n"
400 "+IQsxKoXQmAcdtc/ubPFWInotg7Avoid0sG69s/+hq/nlGE9A8JMFnsLh/n01d+F\n"
401 "9dWsjrNiZ+mfTE8w0MVTq4+8mvmPmnjKsiu0rgqaVTmYpZW5chz9gGrZCr/Wr5CL\n"
402 "zPsAYaWie+wo8cR5qMEoX+JPHqM8eP9K1v+uYc03aD3u1/QYdxY73OLn31+jYAqq\n"
403 "tRJjgSERAgMBAAGjgYQwgYEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHR4BAf8EEzAR\n"
404 "oA8wDYILZXhhbXBsZS5jb20wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU/n2N\n"
405 "eCCnwHQwFpKwi42A3H+w9W8wHwYDVR0jBBgwFoAUJ2ngSf1CqeYVG3eUNcH7Lt6/\n"
406 "ECUwDQYJKoZIhvcNAQELBQADggEBAIQruSBUyQ268Js61XT3nlr1Y9HxmKA2DIuM\n"
407 "WcAicE1XIpuxDpZ/VmKH0/o2JVR1A7uwSMEnHdShHixMbpYrHRDnZITxs2lsJijE\n"
408 "r7YdqadH7EbjDIXv1DJcPnNaeqFPbyXEWqLYoQf6UPBLVRWeKISPN0hMaIZv4Y/X\n"
409 "OcBceajAr0XGxASRFDky26M01AVPZoYjgT7vLp835yk9BY5+q0GxlSJl6HbQ5ESA\n"
410 "IoC3Limt72niobmvEryQDq7qUUoR7hB1SMKfyX/qktxT3UCBLKXHsp80ECJ2A7Sd\n"
411 "YrHjFE6LnWHwGJFYZ1eYKiOjglVRGv3+bNX07bQBWKzRbLWYM+0=\n"
412 "-----END CERTIFICATE-----\n",
413 /* Name Constraints (critical):
414 Excluded: DNSname: example.com */
415 "-----BEGIN CERTIFICATE-----\n"
416 "MIIDIjCCAgqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0x\n"
417 "MCIYDzIwMTQwODI2MTIwOTQ4WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
418 "BENBLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUbGpRRMdnTzbG\n"
419 "R7J9qYJoHOhgRp3lEa9sBP7/pNNIsEhXmvzBu5J0buJpAfRPmWcoZauKsVrKnE69\n"
420 "CFlTDVCIahQ5gtJkGdjrDrQDFFCMnKC04Lhq+EmbASBTn5GRQwJqEUi9xRpj0yOL\n"
421 "0XGlMp4JS44eAL4giywzPtOAZaJlr4kdOnSPK2SHFVwQGfQiNmzD5ajmsjM3k4o3\n"
422 "R2gXAsudyasQzRAjFyeo2ry7klPUPS5RHJ6B2n87e9kLGrYb8+O9I9FNc/w4J49W\n"
423 "AovVr5vcs9Km25jLUn43KDprDhpXddEraz6WyZJRMTZVRRUizET3gmojZFFD4zOQ\n"
424 "mneVYerpAgMBAAGjgYQwgYEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHR4BAf8EEzAR\n"
425 "oQ8wDYILZXhhbXBsZS5jb20wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUJ2ng\n"
426 "Sf1CqeYVG3eUNcH7Lt6/ECUwHwYDVR0jBBgwFoAUyFGHFFLCWYOQTLmh8jJpGyxS\n"
427 "bSUwDQYJKoZIhvcNAQELBQADggEBALGFCZXC1KPBBPMtLJNfhNBtBBC4i5q+1Qeo\n"
428 "aJL7dKVuBn79WAuND8rvJvrPKpGTmyxkcnqRXSBVH3c+Xi+v5ykLrtHJ2x4TOrmg\n"
429 "RBAaBqDuecQ9Ec0dCc5ODKwjdI/wEOGAS4sfrMXzQCv+UJqi2lE0fo/xDmS/azCc\n"
430 "WUjFSQOuWnCJIIAIyWlF2bPtdtiaydHKkTcG7c/zwrxRaWE2Q2G+dm+itpJ7sCtx\n"
431 "ZFfGMLUl7mDadhiYrxq1SnwrObMwbngPNZyUBi2G7jnXlyFc9X/w6fVIULLxN+bn\n"
432 "IzHWcRrBZ/ShdvCStmgbTlKNtvg0LWAk7QWzy2ibaXS5jp2r+Fc=\n"
433 "-----END CERTIFICATE-----\n",
434 /* Name Constraints (critical):
435 Excluded: DNSname: example.net
436 Excluded: DNSname: example.org */
437 "-----BEGIN CERTIFICATE-----\n"
438 "MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
439 "MCIYDzIwMTQwODI2MTIwOTQ3WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
440 "BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsnSNH0g4bvAXx\n"
441 "zJAfs+XFWpNIpJtD/1H3Ei0ezfH5Ug7GNpHKlYKLCIShqCFj9WSwzSyKNGCHafdt\n"
442 "PPhKo9uAo2bSaBZjmzxfqSOGDEXZ+4LlRgSPX2Arc0i97ZsPf0nkWLfrxlTOAQIm\n"
443 "DxDNrWlGrCl1dfPiB+EyMzo+++MCdTGEsdEdRFm85QNjOOTiaTeUpUh5G27+hbuk\n"
444 "PaRlZ1GHJYlrLHK/2qw9/Mw+gNnfn/Efw+lNeYuQ3tco8IAMN0jB8x1hDfOxTx93\n"
445 "mrFzAdGTfsYZc31YapATk2re8IJGeKSCY4XP2HvYZEE1fYdw8ZcqZ/Gv1RdXyxvc\n"
446 "6oT5r/PNAgMBAAGjgZMwgZAwDwYDVR0TAQH/BAUwAwEB/zAsBgNVHR4BAf8EIjAg\n"
447 "oR4wDYILZXhhbXBsZS5uZXQwDYILZXhhbXBsZS5vcmcwDwYDVR0PAQH/BAUDAwcE\n"
448 "ADAdBgNVHQ4EFgQUyFGHFFLCWYOQTLmh8jJpGyxSbSUwHwYDVR0jBBgwFoAUTBVq\n"
449 "WCSLkLZte75Q9bgKeM851qowDQYJKoZIhvcNAQELBQADggEBAGKVEQfAzrWj8wmQ\n"
450 "l4sm+i/pgK0I07jNMvgUDsvAmjlkndWxoX1ROe0Nd2I3d5te0+G9MR6CTOByr8VE\n"
451 "NLyXEsrk++BsfLk/0UNFHwq97QLTzzyEXQYQnDza8R1jdlr7XpGZOoWczi08yMAk\n"
452 "UiJyq2xaqerTlIYp01T9a3Nb5tWFyUVekJeyJQakj2VLaKkl4hCfK3h/HFBNJ3yf\n"
453 "AvBu77wQeh6n8osNDCpW9e1KRAGisDCFrTMUlyxQIK/OXhjLzu7qDKShdNnfNRmc\n"
454 "H4W9ODLIm8AX1S0udg9OebPhNWfM2bDFzI/dIX+yHp6q0oepbT11rKG8G+5M25uU\n"
456 "-----END CERTIFICATE-----\n",
457 "-----BEGIN CERTIFICATE-----\n"
458 "MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
459 "MCIYDzIwMTQwODI2MTIwOTQ3WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
460 "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZSS6SaBALkN4W\n"
461 "Tao6pqaDmi1edtBskNHdO/lYomElQtIkw6wQHlJjIdjF3vnhEWU9+HOIZrWKth4X\n"
462 "u+naDZquOb4GWPq/X6/KBoQ4hq/XZJaFEDPeciNcVeylWVlHi1OeGm8uHZxAK/6d\n"
463 "wpGoe/0K+QaLFdbm/srw1LGvCwbLwNDKePX9TgOfVKdZtGZUdDDo6TXUmhNG+QeP\n"
464 "7Fv1n2PjQFkXiRwVLgJj06DvR+ft81x2gjEVS+vxWg0+cbJvBI2ItpNGnIWvbwl7\n"
465 "BTyNRjvsi7ljFn+SfaRBLXE4aygQFQ9UCHNNYtkBO73BXv/SgcFXzSDDN5ZMfpg9\n"
466 "SSWkEApFAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n"
467 "ADAdBgNVHQ4EFgQUTBVqWCSLkLZte75Q9bgKeM851qowDQYJKoZIhvcNAQELBQAD\n"
468 "ggEBAH3bezfaVpnyqZRJsZ8sHAIpJWa03mHl/mqRpT0qg45Agzwo7yb5dubiHUBJ\n"
469 "BK/kAMhICjHAH+6E5XubGVSFvbzBX1FeKQQgzghN4niosOCLZPUtl8gJGZlsOoCy\n"
470 "6HldkxXa26GBZR0NvJb/p83VA7w5Zlp5j7Rp2VkWwRniaPex39dogDX3IwnoZKzL\n"
471 "ogyeNQPG2qLDBdZRAVng0eJK1Ml5PHxoEkcFwFsxd4B1cJV0VCMk7X7oEc9qBtUB\n"
472 "Ye/bst72puWDK1lBhT6EFhDDbY9xKm7pvUkGx80gWm9JZ0xGCaoM4tyEAaCd9tYZ\n"
473 "JFvnIEGJGeGjlRLJZGS4mZ/Q5mI=\n"
474 "-----END CERTIFICATE-----\n",
478 static const char *nc_bad3[] = {
479 /* CN=www.example.com */
480 "-----BEGIN CERTIFICATE-----\n"
481 "MIIDPDCCAiSgAwIBAgIMU/xvqR+qZTQTaWIIMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
482 "BgNVBAMTBENBLTEwIhgPMjAxNDA4MjYxMTI5NDVaGA85OTk5MTIzMTIzNTk1OVow\n"
483 "LTEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tMREwDwYDVQQKEwhzZXJ2ZXItMjCC\n"
484 "ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ46qo4PFrBfYlQXSgtbk/rO\n"
485 "0aO8/Gh/bIh4c/JX0RfqC55bnfbkO9SwwR+eU76INyVb1exmd7qsl4R2EgS8V3Gf\n"
486 "3K5k4tNecMfxT98MWiuSSp8Q8+affUF5t9TSLujL1dckMlPfH9hdxCYhJGH51mkf\n"
487 "wr3oEmwNXsA9OQ8oxq2i8WxQTJGUXkwx/k2L2NRF3L8vjRnXRfKSISkkDXeKYMvo\n"
488 "V5ElQwlKo0sonttUIGOVav8Cf4GnFQzSJW+RfANTniGIq16jE+flKz1kQYRLLoeA\n"
489 "fgH/1vI1v5xqMURNW/BQlawAE0HGj4MAyfebhsWmhqmcNqGBf1OfHMNdB1vamGkC\n"
490 "AwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNV\n"
491 "HQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRiCra2BJERmr2/+Klot32criLTbTAfBgNV\n"
492 "HSMEGDAWgBToCEW507CZ42L/fn7H+DLcx+zW/DANBgkqhkiG9w0BAQsFAAOCAQEA\n"
493 "fsG45/VuJzw5DRbrE6o67T3EgFfPCzr+xc0JmTJSCHvWIx+2O1VspmJiArNTwQ5O\n"
494 "l8Hq2Sag9Wi0cyRC8lVKPbC7Im2fZ4m4endOhiEmaOHBCru5bIFRwDvtG3u+yEYI\n"
495 "rzRU+6PdwmLYwc+ks8qEqACw772nElJxOWXmYEMtFpYh8eujfzjmUGIJyTotrm72\n"
496 "WX8phKA/xogZaSLD21t8u77PE/JEcJ2LXAa9dq6pGYru1vyuRqq8ZeWiVAAqD6hZ\n"
497 "cglKk8dLi6esywQMGEGqhRx9y1A0mPZO+M599GOgWTbShUB3pUyaLLLLnD9Dciwq\n"
498 "4E4iP9rdfgStOfz12BsKOw==\n"
499 "-----END CERTIFICATE-----\n",
500 /* Name Constraints (critical):
501 Excluded: DNSname: example.com */
502 "-----BEGIN CERTIFICATE-----\n"
503 "MIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
504 "MCIYDzIwMTQwODI2MTEyOTQ1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
505 "BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW2Z64Ax+MNj1j\n"
506 "2QM9hjP4ybs+mz51vfDAlDVVdh2bzJOHyjTIlzI71QloH9aPuv5d92tTxe7/7afY\n"
507 "fWC61AF0WKj7x8h570IW0Zye4ITEnDLlqk5Bn46IP9fWDq5xYVEGMaYT4l409Fyw\n"
508 "JUZjfXqMefAXhj55wZoz+WMM0AB5LABlojLkV+iPMVJgfYWhcVijd92Yebp8R2/+\n"
509 "z1nF0vQtV01tatWTEiJajPRHZCwVe71rXEf02nYiqCw5RwLZrsug5LZ+K8LoBbeE\n"
510 "ezcJT5y8uf4mpTmTj2Po7Kby22yl1wkVV925a2Of7ufDL3d56SIM1foNXAAmlFar\n"
511 "M5Y9hIZLAgMBAAGjgYQwgYEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHR4BAf8EEzAR\n"
512 "oQ8wDYILZXhhbXBsZS5jb20wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU6AhF\n"
513 "udOwmeNi/35+x/gy3Mfs1vwwHwYDVR0jBBgwFoAUWU1t/YrnYJGhEfuoDj42A4ui\n"
514 "j0gwDQYJKoZIhvcNAQELBQADggEBAMj2jjHmYLWxGMkLOIQ/MGtvchZ+v6vmEl7m\n"
515 "GaoHkz0sxFeJqs7mwcybvwG4tlHB/PhaLTH4HfN6PLNbRA4oamr3gFsEtd/JRihw\n"
516 "X/5CvdJdu/d7uN36yrD5ZTJmt5v1sAXqzkVYXHUSQLOLTIVfwQfUv8IrxTWgbhNI\n"
517 "mIi55bjCyOWYzZsZ5kTDNFcBkoYiMks2fVuUdP8xrxoweedVswUdkwg1TyWLikG3\n"
518 "47VuQP3eA7+zEkFUeywG89DTOpDURAlvBzaVTjKn++3RgH/A4Wa+MX6HTHXjxBIU\n"
519 "1uGcMjhPjc99F81RaYdIlFsQiQ74b5RwdSvGo0e67ssgar0XKgw=\n"
520 "-----END CERTIFICATE-----\n",
521 "-----BEGIN CERTIFICATE-----\n"
522 "MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
523 "MCIYDzIwMTQwODI2MTEyOTQ1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
524 "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYTAYDM0lZ+RMg\n"
525 "M1M3q4n6H/VebQ1CG1ztkinGzj7eH+fNyi9Wq5EqB/0S7jVPEuD0o5jBrwI6XFoS\n"
526 "MQiWtqWHGh47qijX8y/oc75Sn/2b1gGF3zDWM9LygZZW2+QOIrvK5TcU+rAmXKsA\n"
527 "765z0nTIbL3vNr9n0yEM3E13tk3Qjqx+OLhJ/ZyLKW+w+BuhLp79LcVtjNnlVfvC\n"
528 "nVgLvo69YGdJxhPUjjVqKwTlvptyzELQSSQMenPmvhz2kRXjQ/6jog4tb1qkzfpP\n"
529 "eYB0MVgSLeWBgNF3VLTSH06RHvXEQcdP2e3AR67sJxd6UJ4vOo1widQs0yWTZpCB\n"
530 "ZJawOPqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n"
531 "ADAdBgNVHQ4EFgQUWU1t/YrnYJGhEfuoDj42A4uij0gwDQYJKoZIhvcNAQELBQAD\n"
532 "ggEBACUbydVQKZi5ulzn/lQK5x/DZySJflrevZ1plV7BVBhZhlvBO0VARGNn+NW5\n"
533 "G9RqY+itmyBbW/Fl43gWiHQynYneK9tYBub7WeJqr9iTX4zvI7V8fk/vbyfVRODX\n"
534 "cJ8JzeLYqi6Hm1PK7Q9dz0rgyulXeuCyDeQ4jzoGIm2l7atUoGZB0f9YCJyeV2ew\n"
535 "t8jMZr2sSVMgvT87S/EHMe5q5YAJQzDBAadH64icaxW3e03UeH6JYblohsZVQTIE\n"
536 "wl60jozIStml73oyocfytsErDdKArrSSHxHaygAqoVu+9O5U90vwK6VDuGF0YzZj\n"
537 "ZKOAu2HuFHpCMbYzUYi3FMOUU5k=\n"
538 "-----END CERTIFICATE-----\n",
542 static const char *nc_good1[] = {
543 /* DNSname: www.example.com */
544 "-----BEGIN CERTIFICATE-----\n"
545 "MIIDQDCCAiigAwIBAgIMU/xyoxPcYVSaqH7/MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
546 "BgNVBAMTBENBLTMwIhgPMjAxNDA4MjYxMTQyMjdaGA85OTk5MTIzMTIzNTk1OVow\n"
547 "EzERMA8GA1UEChMIc2VydmVyLTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
548 "AoIBAQDkemVOFdbhBX1qwjxQHr3LmPktNEVBmXjrIvyp++dN7gCYzubnpiLcBE+B\n"
549 "S2b+ppxBYm9ynKijhGrO+lZPCQRXWmqUg4YDfvnEqM4n04dCE98jN4IhwvWZyP3p\n"
550 "+U8Ra9mVIBAY2MReo1dcJQHNmo560xzxioHsGNQHAfYgVRHiE5hIXchYbWCkBrKt\n"
551 "XOoSSTmfgCF3L22p6S1q143VoKUr/C9zqinZo6feGAiTprj6YH0tHswjGBbxTFLb\n"
552 "q3ThbGDR5FNYL5q0FvQRNbjoF4oFitZ3P1Qkrzq7VIJd9k8J1C3g/16U2dDTKqRX\n"
553 "ejX7maFZ6oRZJASsRSowEs4wTfRpAgMBAAGjgZMwgZAwDAYDVR0TAQH/BAIwADAa\n"
554 "BgNVHREEEzARgg93d3cuZXhhbXBsZS5jb20wEwYDVR0lBAwwCgYIKwYBBQUHAwEw\n"
555 "DwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUAEYPmcA7S/KChiet+Z6+RRmogiww\n"
556 "HwYDVR0jBBgwFoAUjxZogHO3y4VdOLuibQHsQYdsGgwwDQYJKoZIhvcNAQELBQAD\n"
557 "ggEBABlA3npOWwl3eBycaLVOsmdPS+fUwhLnF8hxoyKpHe/33k1nIxd7iiqNZ3iw\n"
558 "6pAjnuRUCjajU+mlx6ekrmga8mpmeD6JH0I3lq+mrPeCeFXm8gc1yJpcFJ/C2l4o\n"
559 "+3HNY7RJKcfoQxIbiKOtZ6x9E0aYuk3s1Um3Pf8GLwENoou7Stg5qHsLbkN/GBuP\n"
560 "n3p/4iqik2k7VblldDe3oCob5vMp0qrAEhlNl2Fn65rcB4+bp1EiC1Z+y6X8DpRb\n"
561 "NomKUsOiGcbFjQ4ptT6fePmPHX1mgDCx+5/22cyBUYElefYP7Xzr+C8tqqO3JFKe\n"
562 "hqEmQRsll9bkqpu2dh83c3i9u4g=\n"
563 "-----END CERTIFICATE-----\n",
565 "-----BEGIN CERTIFICATE-----\n"
566 "MIIDATCCAemgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0y\n"
567 "MCIYDzIwMTQwODI2MTE0MjI3WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
568 "BENBLTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/4ofaL+ilmmM+\n"
569 "bGaFRy5GYQXtkD8sA3+/GWsunR928fQS68Zh6iWU+gPm52i7Gfbh7piKWA5Tb63w\n"
570 "unbS6dPsfPSvgRMZGKJpzxqVcBQAnTS4MuDPlXNg3K3HMyVtbxekII8jFeGEJuCL\n"
571 "mBMT4dI48IZRzj+2mir38w2cQPfomaKtjg2jMokG8Z9/4+SU9VJCcY1/yZk8fCbS\n"
572 "dBbwhnDq10yvhPCHgX6KMYmoJr28CYgH29Q9sDP1XN3VvAx5X+PtW/6pyF0U5E2e\n"
573 "gRzVv7Hr3FJKvytbNxRMCoy2YOyvsTP0fIhiXdtkulTKXyiq4cxA+aYByOu1FjU4\n"
574 "NicWbiZ/AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n"
575 "ADAdBgNVHQ4EFgQUjxZogHO3y4VdOLuibQHsQYdsGgwwHwYDVR0jBBgwFoAUwAx0\n"
576 "aL2SrsoSZcZUuFlq0O17BSgwDQYJKoZIhvcNAQELBQADggEBAGQvj8SquT31w8JK\n"
577 "tHDL4hWOU0EwVwWl4aYsvP17WspiFIIHKApPFfQOD0/Wg9zB48ble5ZSwKA3Vc3B\n"
578 "DJgd77HgVAd/Nu1TS5TFDKhpuvFPJVpJ3cqt3pTsVGMzf6GRz5kG3Ly/pBgkqiMG\n"
579 "gv6vTlEvzNe4FcnhNBEaRKpK5Hc5+GnxtfVoki3tjG5u+oa9/OwzAT+7IOyiIKHw\n"
580 "7F4Cm56QAWMJgVNm329AjZrJLeNuKoQWGueNew4dOe/zlYEaVMG4So74twXQwIAB\n"
581 "Zko7+wk6eI4CkI4Zair36s1jLkCF8xnL8FExTT3sg6B6KBHaNUuwc67WPILVuFuc\n"
583 "-----END CERTIFICATE-----\n",
584 /* Name Constraints (critical):
585 Permitted: DNSname: example.com
586 Excluded: DNSname: example.org
588 "-----BEGIN CERTIFICATE-----\n"
589 "MIIDMzCCAhugAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0x\n"
590 "MCIYDzIwMTQwODI2MTE0MjI3WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
591 "BENBLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIf3as4EONSgWu\n"
592 "Mbm9w3DbKd/su1UWlrYrcpVqmU3MKD5jXBxyoThSBWxmq1+wcNDmE1on6pHY1aad\n"
593 "k3188JKMC83wEcyQXaiH3DlTYFXXkkI+JJNUGlfAMSoXG248SpoCIOhCETUG03iP\n"
594 "Z3AZludaHYsv4akAh1Kl6qn66+bKM53l/YhoQDxhoGaYvO8ZSwKnx5DEiq447jpW\n"
595 "M+sUFe38RPaMjHpyc1GRctvQDzJGm+8ZRujYDH+fGNzVDDlRyRnsVanFGNdyfhmy\n"
596 "BN2D2+2VEvzAWlaGg2wQN8gF3+luavIVEgETXODZPa5FF7ulmQmhqGrZcw6WtDmY\n"
597 "hUbNmbL7AgMBAAGjgZUwgZIwDwYDVR0TAQH/BAUwAwEB/zAuBgNVHR4BAf8EJDAi\n"
598 "oA8wDYILZXhhbXBsZS5jb22hDzANggtleGFtcGxlLm9yZzAPBgNVHQ8BAf8EBQMD\n"
599 "BwQAMB0GA1UdDgQWBBTADHRovZKuyhJlxlS4WWrQ7XsFKDAfBgNVHSMEGDAWgBTg\n"
600 "+khaP8UOjcwSKVxgT+zhh0aWPDANBgkqhkiG9w0BAQsFAAOCAQEASq5yBiib8FPk\n"
601 "oRONZ4COgGqjXvigeOBRgbHf9AfagpoYDbOKDQS8Iwt9VHZfJxdcJ1OuM1aQqXlN\n"
602 "dUyf+JdR/24Nv1yrhL+dEfRGka6Db96YuPsbetVhNIiMm2teXDIPgGzAKuTm4xPA\n"
603 "6zyNVy5AwfDQ5hIZ+EUsfOoerIElNyAbh66law4MWuiv4oyX4u49m5lxLuL6mFpR\n"
604 "CIZYWjZMa0MJvWMKGm/AhpfEOkbT58Fg5YmxhnKMk6ps1eR6mh3NgH1IbUqvEYNC\n"
605 "eS42X3kAMxEDseBOMths0gxeLL+IHdQpXnAjZppW8zEIcN3yfknul35r8R6Qt9aK\n"
607 "-----END CERTIFICATE-----\n",
608 "-----BEGIN CERTIFICATE-----\n"
609 "MIIDATCCAemgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
610 "MCIYDzIwMTQwODI2MTE0MjI2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
611 "BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIe0eOnLaV750K\n"
612 "4+mVaAftRrJp8t68KJivcRFpkl0ucQs6gwNf9EsVkHineOR3RXypjJ7Hsv+4PIKp\n"
613 "BhEOTprYUKcBaxHK/NIezV6NrO1AwuD6MtJDQF9jGpSy0F3eRUoBCjVYhTl+JxcZ\n"
614 "hGHPJd8WMeanQWY4xG4gTwtpjF3tPU5+JGQwLk5SbcLicM2QMG3CapZinOGK3/XC\n"
615 "Fjsvf5ZhxnixayhfiX/n9BmeP1yxz7YORNYPlL8z1CcLZqJsyjZnNkVwNvl4ft9I\n"
616 "FOKBLoOTSGocHFIFXh5b50GG6QHgvN+TiAwdpfRTUskWVg8VVIh7ymgDoI2jQhk4\n"
617 "EeMaZHd/AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n"
618 "ADAdBgNVHQ4EFgQU4PpIWj/FDo3MEilcYE/s4YdGljwwHwYDVR0jBBgwFoAU6XJK\n"
619 "EOUYTuioWHG+1YBuz0yPFmowDQYJKoZIhvcNAQELBQADggEBAJOCrGvbeRqPj+uL\n"
620 "2FIfbkYZAx2nGl3RVv5ZK2YeDpU1udxLihc6Sr67OZbiA4QMKxwgI7pupuwXmyql\n"
621 "vs9dWnNpjzgfc0OqqzVdOFlfw8ew2DQb2sUXCcIkwqXb/pBQ9BvcgdDASu+rm74j\n"
622 "JWDZlhcqeVhZROKfpsjsl+lHgZ7kANwHtUJg/WvK8J971hgElqeBO1O97cGkw/in\n"
623 "e8ooK9Lxk3Td+WdI8C7juCYiwsGqFEKuj7b6937uzvpFmm1fYDdOHhTMcHTHIVTr\n"
624 "uxSSurQ4XSDF6Iuel3+IdpLL79UYJ7Cf4IhBWj0EloF6xWTA6nUYl3gzKpx1Tg1U\n"
626 "-----END CERTIFICATE-----\n",
627 "-----BEGIN CERTIFICATE-----\n"
628 "MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
629 "MCIYDzIwMTQwODI2MTE0MjI2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
630 "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqLuVrTyiqz+Zs\n"
631 "9Qw5V2Z1y1YSWU6aRDMs+34rP2gwT41C69HBh2LLRS04iJUVQydwnEJukwKlTNRn\n"
632 "1lEpvWgtYmySWA2SyI4xkVzCXgwv0k7WyLwa39hfNY1rXAqhDTL8VO0nXxi8hCMW\n"
633 "ohaXcvsieglhN5uwu6voEdY3Gwtx4V8ysDJ2P9EBo49ZHdpBOv+3YLDxbWZuL/tI\n"
634 "nYkBUHHfWGhUHsRsu0EGob3SFnfiooCbE/vtmn9rUuBEQDqOjOg3el/aTPJzcMi/\n"
635 "RTz+8ho17ZrQRKHZGKWq9Skank+2X9FZoYKFCUlBm6RVud1R54QYZEIj7W9ujQLN\n"
636 "LJrcIwBDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n"
637 "ADAdBgNVHQ4EFgQU6XJKEOUYTuioWHG+1YBuz0yPFmowDQYJKoZIhvcNAQELBQAD\n"
638 "ggEBAEeXYGhZ8fWDpCGfSGEDX8FTqLwfDXxw18ZJjQJwus7bsJ9K/hAXnasXrn0f\n"
639 "TJ+uJi8muqzP1V376mSUzlwXIzLZCtbwRdDhJJYRrLvf5zfHxHeDgvDALn+1AduF\n"
640 "G/GzCVIFsYNSMdKGwNRp6Ucgl43BPZs6Swn2DXrxxW7Gng+8dvUS2XGLLdH6q1O3\n"
641 "U1EgJilng+VXx9Rg3yCs5xDiehASySsM6MN/+v+Ouf9lkoQCEgrtlW5Lb/neOBlA\n"
642 "aS8PPQuKkIEggNd8hW88YWQOJXMiCAgFppVp5B1Vbghn9IDJQISx/AXAoDXQvQfE\n"
643 "bdOzcKFyDuklHl2IQPnYTFxm/G8=\n"
644 "-----END CERTIFICATE-----\n",
648 static const char *v1_intermed_check[] = {
649 "-----BEGIN CERTIFICATE-----\n"
650 "MIIDGzCCAgOgAwIBAgIIUvuL4ymDgpEwDQYJKoZIhvcNAQELBQAwDjEMMAoGA1UE\n"
651 "AxMDQ0ExMCIYDzIwMTQwMjEyMTQ1NzQwWhgPOTk5OTEyMzEyMzU5NTlaMBExDzAN\n"
652 "BgNVBAMTBnNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkh\n"
653 "OTKvbV/OQcP9fn02UGzWNLGwS06248rOo+fHqCngf3nl/IefzktuI4Al5Qq9pq42\n"
654 "X2oLn/zr8kaO3L0rDcc54nVRuipfsw5nxAmwmjpfwnDgyla4Y88n57dhia/tmFlL\n"
655 "rpspg4YJ8Jt4/tGaNVS0OZ57LEoW7/OrqoGM7U3Xxa2QbzaNYMGcSt2ePvccCg13\n"
656 "+CJcXxOQcr/cUxyuk9neATJoulFtO8ycpmkLFUdi0WoThBjNCCJ8s7ZuvnGpF4vD\n"
657 "3fuvyM2ftiS08B2c5cv6FH9+4I7Elrb++TdVf43F0Awc2pLhm8L1fAuTtMjtbd9w\n"
658 "pxs0yaWR8IvQYbWM/XUCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAK\n"
659 "BggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBTlqmq9/mceVMMP\n"
660 "Z0HtoWZvHDc/tTAfBgNVHSMEGDAWgBRq1Eg1exmWS45j+lFklVwTQe5NsjANBgkq\n"
661 "hkiG9w0BAQsFAAOCAQEAAWX2f1XE/bR+DYCMaNAFpTjOFZ54eCBdazUqfVamPRoP\n"
662 "/8qyEYpMaA+IpHkJ5tXsx/rdKLgg1kNv/6bXyCwVgVcNBxpt05WUxqFG9xxLLz1K\n"
663 "UkbOZUA0/P9GqjRt9HeodP0Hqog1c1d4jgU3Ng7FIn5JXmLNVfl5qXfXCJ2S9WKu\n"
664 "pHw0M9TLOKUD2DD2T5K/iZAU0AXGRVUH39e+xsFIoawPWflfN5eNz8uikMQc+kxt\n"
665 "DdEMfPZidecToAcMolle53F7zZvqQswfla/3esb/bnndFAqIsnXRpi6Oj06ajzwE\n"
666 "TKP745KouHnNPZ3Hz1mPeusn4EJkLfTb5aBT3nJ+Kw==\n"
667 "-----END CERTIFICATE-----\n",
668 "-----BEGIN CERTIFICATE-----\n"
669 "MIICmzCCAYMCCFL7i7wg78R3MA0GCSqGSIb3DQEBCwUAMA4xDDAKBgNVBAMTA0NB\n"
670 "MjAiGA8yMDE0MDIxMjE0NTcwMloYDzk5OTkxMjMxMjM1OTU5WjAOMQwwCgYDVQQD\n"
671 "EwNDQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDS0OoKnGy/0Ju\n"
672 "U/Q+T3b5RR53oe24OoISkKE4Sia50aHeQZbYitIsQUEvMq06kdjaSA2p8qT29p9n\n"
673 "feDYsrhgZkWm4stp2EMkbbkB6k0hBobo4YQiQRa4ttYIsOWLMk/xR0z5ST+UoUv6\n"
674 "L/5IOxxJzdpUEbMJpM0Zp8AUZRKnXTc88a/zpPbYiO+LicdhlIKiUvIlnVTlvHOz\n"
675 "yN9y5o0Dry9i3IlDSTK8Ls54Nm6v7Z+1F1UwIXkYJCX0WxJ6w/4jHmbiRSitbH9s\n"
676 "UqSUm9sHCUakBJA3Y9/9K2SVWNJrG/G4LmZ+Zwr8NdZN3RrxQnWnudL4bTtM0WgY\n"
677 "QynV12XDAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGJbRVVxERtx5Li15n1bdAzW\n"
678 "HaDNKt/TkUcZvnfdtggvZLkKhPiNWksQ+9jk1RS71dSZHT9Kb9bIVhaYzaHdI+hG\n"
679 "7coftkY66wjD9xLv2DyqnwvuR0S8Uhj9jas5xf/P9S79ZDk61Afg7yX8aLBJpJIH\n"
680 "citi1c65C8rYwB8zsF1Zbbh2/6Enty+eFhS1JOuEgUFP1oO2Nj2vh4IqR3yEGdGt\n"
681 "Tr57CD/C97fcaeRE4LlHJIMQ9toeZ5Fc9avnOzNIxJd7BPqWWvOnu3TWufj7uaq+\n"
682 "CcHTlq9h0NKf9dI1GsxbscJbO3+I+hzOwYfFcNrQ+8BFGbcwx9ZcS2xO3Rx9dbc=\n"
683 "-----END CERTIFICATE-----\n",
684 "-----BEGIN CERTIFICATE-----\n"
685 "MIIC3jCCAcagAwIBAgIBATANBgkqhkiG9w0BAQsFADAOMQwwCgYDVQQDEwNDQTIw\n"
686 "IhgPMjAxNDAyMTIxNDU0NTJaGA85OTk5MTIzMTIzNTk1OVowDjEMMAoGA1UEAxMD\n"
687 "Q0EyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZPztwmz136OBSTT\n"
688 "t4pXys9dTfaOBajrO2s4JcPa0C+7D2wfWD941q1q01TV5+QgLDTF7OO5VSXt2W3p\n"
689 "cKlXS/Ll2N8sxTaULcVCodFrHOdfHV1V65VlWhJOnPdpboBtM2V8Iory+d2mNXZT\n"
690 "wkcNJ/Z8YBUZCTeR1zaLjq0GAITyJoMiI4+x9Djc+iBDGJarRW7A/JyDN4EFjDzw\n"
691 "svdWpHg710I+qtKnlMO/whEmw9r3L486JTSlrrrruUSVGY9UWJpv62az1jbu63d8\n"
692 "6/PBp0xbBpiv1xA0qSSquN/THurTZ0Y0MS0vbpnAYkws8YxnFAV1TU4B7AZ0IQId\n"
693 "Zjo6HQIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAw\n"
694 "HQYDVR0OBBYEFNVrkTf8WoQKImozc6dBqx8J8tvhMA0GCSqGSIb3DQEBCwUAA4IB\n"
695 "AQBpX+j6Fd5aLnMs55qqbFBTWU9bH4/fGh6OVcJztZyvRTOQMLoha9Lsa2C1c1u0\n"
696 "kjj3coRWIq8YH8FbOhu0x3pij5dcnn1FQCKcwEmjdDf6ltxplkZXpR86yW2ZyR2W\n"
697 "WmIPUrMPJNFkBbgVKFyYoj+9QUyoWHAWNSLJhqBI5v5CRNYIIat1Nt5SuTDm3ggw\n"
698 "GUfMH/snytxVq23tj+02pBCdahTqN1w83W1yFX39URChPpl9RZ6HcIg3DFrXhXte\n"
699 "lA+/t8l+o7w7POJ4xMyRtbTuGpGHQac+VJBWKFkduY3sbXN2GdQPL6/VvKH115Tr\n"
700 "Bos85afmGYPR/gUP0hVSlFzj\n"
701 "-----END CERTIFICATE-----\n",
705 static const char *v1_root_check[] = {
706 "-----BEGIN CERTIFICATE-----\n"
707 "MIIDAjCCAeqgAwIBAgIMVDP8wwGyCHAlXREsMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
708 "BgNVBAMTBENBLTAwIhgPMjAxNDEwMDcxNDQ2MjdaGA85OTk5MTIzMTIzNTk1OVow\n"
709 "EzERMA8GA1UEAxMIc2VydmVyLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
710 "AoIBAQCp7I46Ga7QxXCq6SegwcKCbnMeIG2P5IaJXknjBy4rq7P3dqEdEmm/UdwS\n"
711 "Wp2jH+k+OFvzFe2FR1fY7UBSFdpLTaMz8YIQ1ESPu2afAxWCE1drJnphVCZyMskp\n"
712 "d9P9p+TXE4Y7ppxPRTvp2D/chfIcByIKPKwsjU37hrgFehb7Jolq3Er0pOPitSPj\n"
713 "KFVKNAktu8Z411S1hQdO7+jjr8pbFoROm2VDbYRpowCHw9ZhlC51SFKeqPTslUdv\n"
714 "53pmq1p02d3WMvKWuFRAIMs1UPba5prN9UI7jZztR0o7xnHm3KtWk+o4+YSDCM5R\n"
715 "EoiGvyhKgDoM3B/KQG+1rin2/uMdAgMBAAGjVjBUMAwGA1UdEwEB/wQCMAAwFAYD\n"
716 "VR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFDoL\n"
717 "zL5Pd48Psh5oe9VGrkmXclumMA0GCSqGSIb3DQEBCwUAA4IBAQA21lKw/Vr7P4hl\n"
718 "VBY27GOGIh7Tw0dFN8HiYX0jFRlyn7zgoRYfJMuLxtC+jJl02s+iljl9gdTlcAgt\n"
719 "dWs74QdKUIMHfoT12WOcIwAIMZLBspbUjn6+eoVPE6zCOfrChRCv4dM4BCz/kg6w\n"
720 "MqxM/UE+OS+AgO8hHN1boMbBWMcMR/ylpJE2P3nHGgTg6xsZrEn9aH8y+uqUuScn\n"
721 "P13H74zV1f1tTi2QT7Y/lpNKuB8vvqJgcUdxGaVQhz3q+YooSwmkDaWTz9HIAqpr\n"
722 "77BBxvr5eok6o528h4qJ5nA3NgLw8nIgyBP2vN/N4CsmRAZ/vHVbGEOeWRkH0rGE\n"
724 "-----END CERTIFICATE-----\n",
725 "-----BEGIN CERTIFICATE-----\n"
726 "MIICljCCAX4CAQAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAxMEQ0EtMDAiGA8y\n"
727 "MDE0MTAwNzE0NDYyNloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRDQS0w\n"
728 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTMg33+4Q3ULz+//A9Wn\n"
729 "m0DCq9X1ne0q8TfCriOo4Zc2VuFsR3Bm90btX9KqVEfByD8Ba4fb/oF0F6+sb4Ej\n"
730 "imPI6PSwHXEX0BPSHcmv6lb+iXHRwpqsx+r9GIuPS+0vuTu07sj1yjszlx7aNXOx\n"
731 "hsDAFaedzO8/9nCjbrQ79cLcGusPETjGFAD9vDfBTUNtebPiW9CCNsmRUVWOm6/s\n"
732 "5kfy1AfcH6FZCoqvmoELz55JWzYHrWSQhgIopJ0DLfYoF8fg3XeIMUNLk+Lrcoe6\n"
733 "ZDCxDxGwXReNfIWnf1l1OnZAdMAt/egr9jeQR+l9y4jBhcssW7Wb8M6+wvinsMOG\n"
734 "MQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBosiz3l31++ZErMs09bnGe+DEQfL+t\n"
735 "iWRmhzLC7kF64+O4Eu+IkWvEUv+LEhHm2GLrqaKu7FAlWUMWRX3GHHxAOtNeLR7U\n"
736 "qXBZtq56wHA+fMv8+lqLQuT6eKLNbbuxVWZ/E1qaMax7rlQrtEpAC9ruuafcPlC5\n"
737 "U4YbJ4VOhfBnJzQ6KlFtbqOkGr7v/l2d9NRxorAWawPVhIteZv1Ahiu++5g+dn/R\n"
738 "z8ehN9SEm+c6C5mWrqHiQka3yi060gO8kBcumM/cE6BxffiOUxy2gsPC2ZrI8xkB\n"
739 "ghrpQ87AmWXsvVk03U1l0vHpiE3kXb5FIAbWW7In1mfULqLKgeqllMhD\n"
740 "-----END CERTIFICATE-----\n",
744 static const char *pathlen_check[] = {
745 "-----BEGIN CERTIFICATE-----\n"
746 "MIIDGzCCAgOgAwIBAgIIUvuL4ymDgpEwDQYJKoZIhvcNAQELBQAwDjEMMAoGA1UE\n"
747 "AxMDQ0ExMCIYDzIwMTQwMjEyMTQ1NzQwWhgPOTk5OTEyMzEyMzU5NTlaMBExDzAN\n"
748 "BgNVBAMTBnNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkh\n"
749 "OTKvbV/OQcP9fn02UGzWNLGwS06248rOo+fHqCngf3nl/IefzktuI4Al5Qq9pq42\n"
750 "X2oLn/zr8kaO3L0rDcc54nVRuipfsw5nxAmwmjpfwnDgyla4Y88n57dhia/tmFlL\n"
751 "rpspg4YJ8Jt4/tGaNVS0OZ57LEoW7/OrqoGM7U3Xxa2QbzaNYMGcSt2ePvccCg13\n"
752 "+CJcXxOQcr/cUxyuk9neATJoulFtO8ycpmkLFUdi0WoThBjNCCJ8s7ZuvnGpF4vD\n"
753 "3fuvyM2ftiS08B2c5cv6FH9+4I7Elrb++TdVf43F0Awc2pLhm8L1fAuTtMjtbd9w\n"
754 "pxs0yaWR8IvQYbWM/XUCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAK\n"
755 "BggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBTlqmq9/mceVMMP\n"
756 "Z0HtoWZvHDc/tTAfBgNVHSMEGDAWgBRq1Eg1exmWS45j+lFklVwTQe5NsjANBgkq\n"
757 "hkiG9w0BAQsFAAOCAQEAAWX2f1XE/bR+DYCMaNAFpTjOFZ54eCBdazUqfVamPRoP\n"
758 "/8qyEYpMaA+IpHkJ5tXsx/rdKLgg1kNv/6bXyCwVgVcNBxpt05WUxqFG9xxLLz1K\n"
759 "UkbOZUA0/P9GqjRt9HeodP0Hqog1c1d4jgU3Ng7FIn5JXmLNVfl5qXfXCJ2S9WKu\n"
760 "pHw0M9TLOKUD2DD2T5K/iZAU0AXGRVUH39e+xsFIoawPWflfN5eNz8uikMQc+kxt\n"
761 "DdEMfPZidecToAcMolle53F7zZvqQswfla/3esb/bnndFAqIsnXRpi6Oj06ajzwE\n"
762 "TKP745KouHnNPZ3Hz1mPeusn4EJkLfTb5aBT3nJ+Kw==\n"
763 "-----END CERTIFICATE-----\n",
764 "-----BEGIN CERTIFICATE-----\n"
765 "MIICmzCCAYMCCFL7i7wg78R3MA0GCSqGSIb3DQEBCwUAMA4xDDAKBgNVBAMTA0NB\n"
766 "MjAiGA8yMDE0MDIxMjE0NTcwMloYDzk5OTkxMjMxMjM1OTU5WjAOMQwwCgYDVQQD\n"
767 "EwNDQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDS0OoKnGy/0Ju\n"
768 "U/Q+T3b5RR53oe24OoISkKE4Sia50aHeQZbYitIsQUEvMq06kdjaSA2p8qT29p9n\n"
769 "feDYsrhgZkWm4stp2EMkbbkB6k0hBobo4YQiQRa4ttYIsOWLMk/xR0z5ST+UoUv6\n"
770 "L/5IOxxJzdpUEbMJpM0Zp8AUZRKnXTc88a/zpPbYiO+LicdhlIKiUvIlnVTlvHOz\n"
771 "yN9y5o0Dry9i3IlDSTK8Ls54Nm6v7Z+1F1UwIXkYJCX0WxJ6w/4jHmbiRSitbH9s\n"
772 "UqSUm9sHCUakBJA3Y9/9K2SVWNJrG/G4LmZ+Zwr8NdZN3RrxQnWnudL4bTtM0WgY\n"
773 "QynV12XDAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGJbRVVxERtx5Li15n1bdAzW\n"
774 "HaDNKt/TkUcZvnfdtggvZLkKhPiNWksQ+9jk1RS71dSZHT9Kb9bIVhaYzaHdI+hG\n"
775 "7coftkY66wjD9xLv2DyqnwvuR0S8Uhj9jas5xf/P9S79ZDk61Afg7yX8aLBJpJIH\n"
776 "citi1c65C8rYwB8zsF1Zbbh2/6Enty+eFhS1JOuEgUFP1oO2Nj2vh4IqR3yEGdGt\n"
777 "Tr57CD/C97fcaeRE4LlHJIMQ9toeZ5Fc9avnOzNIxJd7BPqWWvOnu3TWufj7uaq+\n"
778 "CcHTlq9h0NKf9dI1GsxbscJbO3+I+hzOwYfFcNrQ+8BFGbcwx9ZcS2xO3Rx9dbc=\n"
779 "-----END CERTIFICATE-----\n",
780 "-----BEGIN CERTIFICATE-----\n"
781 "MIIC6DCCAdCgAwIBAgIIUvuTdCOiZ3IwDQYJKoZIhvcNAQELBQAwDjEMMAoGA1UE\n"
782 "AxMDQ0EyMCIYDzIwMTQwMjEyMTUyOTU3WhgPOTk5OTEyMzEyMzU5NTlaMA4xDDAK\n"
783 "BgNVBAMTA0NBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGT87cJ\n"
784 "s9d+jgUk07eKV8rPXU32jgWo6ztrOCXD2tAvuw9sH1g/eNatatNU1efkICw0xezj\n"
785 "uVUl7dlt6XCpV0vy5djfLMU2lC3FQqHRaxznXx1dVeuVZVoSTpz3aW6AbTNlfCKK\n"
786 "8vndpjV2U8JHDSf2fGAVGQk3kdc2i46tBgCE8iaDIiOPsfQ43PogQxiWq0VuwPyc\n"
787 "gzeBBYw88LL3VqR4O9dCPqrSp5TDv8IRJsPa9y+POiU0pa6667lElRmPVFiab+tm\n"
788 "s9Y27ut3fOvzwadMWwaYr9cQNKkkqrjf0x7q02dGNDEtL26ZwGJMLPGMZxQFdU1O\n"
789 "AewGdCECHWY6Oh0CAwEAAaNGMEQwEgYDVR0TAQH/BAgwBgEB/wIBADAPBgNVHQ8B\n"
790 "Af8EBQMDBwQAMB0GA1UdDgQWBBTVa5E3/FqECiJqM3OnQasfCfLb4TANBgkqhkiG\n"
791 "9w0BAQsFAAOCAQEAtQudk32tQ30ldwLy5QyNzwpxTq1izycXGMkh3LvNUQrxmwzl\n"
792 "8EPi1d4bxdAi3ghwppImJPZ1aWOrSl9cxl7kH4clq/QdG6bKhhr/40ImZctV35fA\n"
793 "Kd1/aDlUUNQIv7cD/T8fb8rMmZ7RPoLsgLcVfodKwafY+X/y4ZacA2uF2L2dX37T\n"
794 "etQprA+hjeKu6rej9eb+ERZqYChDvp7FNbJ5fOnIZ9iG1Z714fUeuRDzvosJl6n8\n"
795 "aVIRHXdZbhCgKdJTR4bvFPGVFL86xLMkV7jhCImNBN9rmd59wD6g79nTUUoPDM3r\n"
796 "rpNkoLGmlBhUorRWbx0YAz9UojNdd4GWMefwZw==\n"
797 "-----END CERTIFICATE-----\n",
801 static const char *cve_2014_0092_check[] = {
802 "-----BEGIN CERTIFICATE-----\n"
803 "MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H\n"
804 "bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x\n"
805 "LTArBgNVBAMTJEdudUFBQSBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC\n"
806 "AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D\n"
807 "hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh\n"
808 "ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq\n"
809 "58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB\n"
810 "VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03\n"
811 "U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L\n"
812 "xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC\n"
813 "AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT\n"
814 "BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2\n"
815 "B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T\n"
816 "AQPvzzANBgkqhkiG9w0BAQsFAAOCATEBdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH\n"
817 "gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3\n"
818 "LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE\n"
819 "/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD\n"
820 "5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h\n"
821 "h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc\n"
822 "w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg==\n"
823 "-----END CERTIFICATE-----\n",
824 "-----BEGIN CERTIFICATE-----\n"
825 "MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU\n"
826 "TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV\n"
827 "BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB\n"
828 "OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL\n"
829 "dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb\n"
830 "HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08\n"
831 "WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3\n"
832 "F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3\n"
833 "a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe\n"
834 "oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/\n"
835 "MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P\n"
836 "MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH\n"
837 "VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc\n"
838 "4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s\n"
839 "V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK\n"
840 "VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u\n"
841 "f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv\n"
842 "ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k\n"
843 "-----END CERTIFICATE-----\n",
847 /* Triggers incorrect verification success on older versions */
848 static const char *cve_2008_4989_chain[] = {
850 "-----BEGIN CERTIFICATE-----\n"
851 "MIIB6zCCAVQCCQCgwnB/k0WZrDANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJE\n"
852 "RTEXMBUGA1UEChMOR05VIFRMUyBBdHRhY2sxFTATBgNVBAMTDGludGVybWVkaWF0\n"
853 "ZTAeFw0wODExMDMxMjA1MDRaFw0wODEyMDMxMjA1MDRaMDcxCzAJBgNVBAYTAkRF\n"
854 "MRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazEPMA0GA1UEAxMGc2VydmVyMIGfMA0G\n"
855 "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKdL9g5ErMLOLRCjiomZlNLhy0moWGaKIW\n"
856 "aX6vyUIfh8d6FcArHoKoqhmX7ckvod50sOYPojQesDpl7gVaQNA6Ntr1VCcuNPef\n"
857 "UKWtEwL0Qu9JbPnUoIYd7mAaqVQgFp6W6yzV/dp63LH4XSdzBMhpZ/EU6vZoE8Sv\n"
858 "VLdqj5r6jwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAH4QRR7sZEbjW00tXYk/3O/Z\n"
859 "96AxJNg0F78W5B68gaJrLJ7DTE2RTglscuEq1+2Jyb4AIziwXpYqxgwcP91QpH97\n"
860 "XfwdXIcyjYvVLHiKmkQj2zJTY7MeyiEQQ2it8VstZG2fYmi2EiMZIEnyJ2JJ7bA7\n"
861 "bF7pG7Cg3oEHUM0H5KUU\n"
862 "-----END CERTIFICATE-----\n",
863 /* chain[1] (not signed by next cert) */
864 "-----BEGIN CERTIFICATE-----\n"
865 "MIICADCCAWmgAwIBAgIJAIZ4nkHQAqTFMA0GCSqGSIb3DQEBBQUAMDUxCzAJBgNV\n"
866 "BAYTAkRFMRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazENMAsGA1UEAxMEcm9vdDAe\n"
867 "Fw0wODExMDMxMjA0NDVaFw0wODEyMDMxMjA0NDVaMD0xCzAJBgNVBAYTAkRFMRcw\n"
868 "FQYDVQQKEw5HTlUgVExTIEF0dGFjazEVMBMGA1UEAxMMaW50ZXJtZWRpYXRlMIGf\n"
869 "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvBpW8sAhIuUmNvcBE6wv/q7MtM1Z9\n"
870 "2I1SDL8eJ8I2nPg6BlCX+OIqNruynj8J7uPEQ04ZLwLxNXoyZa8057YFyrKLOvoj\n"
871 "5IfBtidsLWYv6PO3qqHJXVvwGdS7PKMuUlsjucCRyXVgQ07ODF7piqoVFi9KD99w\n"
872 "AU5+9plGrZNP/wIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA\n"
873 "A4GBAGPg+M+8MsB6zHN2o+jAtyqovrTTwmzVWEgfEH/aHC9+imGZRQ5lFNc2vdny\n"
874 "AgaJ9/izO5S6Ibb5zUowN2WhoUJOVipuQa2m9AviOgheoU7tmANC9ylm/pRkKy/0\n"
875 "n5UVzlKxDhRp/xBb7MWOw3KEQjiAf2Z3wCLcCPUqcJUdJC4v\n"
876 "-----END CERTIFICATE-----\n",
877 /* chain[2] (trusted CA cert) */
878 "-----BEGIN CERTIFICATE-----\n"
879 "MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n"
880 "ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n"
881 "A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n"
882 "CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n"
883 "IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n"
884 "MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n"
885 "BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n"
886 "ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n"
887 "bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n"
888 "ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
889 "AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n"
890 "LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n"
891 "dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n"
892 "7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n"
893 "HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n"
894 "2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n"
895 "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n"
896 "W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n"
897 "tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n"
898 "uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n"
899 "aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n"
900 "E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n"
901 "MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n"
902 "fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n"
903 "-----END CERTIFICATE-----\n",
907 /* Chain length 3 ends with trusted v1 RSA-MD2 chain */
908 static const char *verisign_com_chain[] = {
910 "-----BEGIN CERTIFICATE-----\n"
911 "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n"
912 "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
913 "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
914 "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n"
915 "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n"
916 "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n"
917 "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n"
918 "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n"
919 "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n"
920 "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n"
921 "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n"
922 "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n"
923 "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n"
924 "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n"
925 "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n"
926 "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n"
927 "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n"
928 "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n"
929 "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n"
930 "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n"
931 "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n"
932 "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n"
933 "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n"
934 "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n"
935 "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n"
936 "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n"
937 "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n"
938 "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n"
939 "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n"
940 "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n"
941 "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n"
942 "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n"
944 "-----END CERTIFICATE-----\n",
946 "-----BEGIN CERTIFICATE-----\n"
947 "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n"
948 "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
949 "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
950 "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
951 "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
952 "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n"
953 "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
954 "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
955 "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n"
956 "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n"
957 "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n"
958 "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n"
959 "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n"
960 "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n"
961 "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n"
962 "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n"
963 "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n"
964 "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
965 "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n"
966 "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n"
967 "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n"
968 "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n"
969 "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n"
970 "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n"
971 "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n"
972 "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n"
973 "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n"
974 "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n"
975 "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n"
976 "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n"
977 "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n"
978 "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n"
979 "Gh/aWKfkT8Fhrryi/ks=\n"
980 "-----END CERTIFICATE-----\n",
982 "-----BEGIN CERTIFICATE-----\n"
983 "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n"
984 "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
985 "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
986 "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n"
987 "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
988 "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n"
989 "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n"
990 "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n"
991 "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n"
992 "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n"
993 "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n"
994 "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n"
995 "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n"
996 "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n"
997 "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n"
998 "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n"
999 "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n"
1000 "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n"
1001 "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n"
1002 "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n"
1003 "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n"
1004 "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n"
1005 "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n"
1006 "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n"
1007 "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n"
1008 "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n"
1009 "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n"
1010 "-----END CERTIFICATE-----\n",
1012 "-----BEGIN CERTIFICATE-----\n"
1013 "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
1014 "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
1015 "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
1016 "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
1017 "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
1018 "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
1019 "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
1020 "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
1021 "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
1022 "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
1023 "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
1024 "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
1025 "-----END CERTIFICATE-----\n",
1029 /* Chain length 2 ends with trusted v1 RSA-MD2 cert */
1030 static const char *citibank_com_chain[] = {
1032 "-----BEGIN CERTIFICATE-----\n"
1033 "MIIENDCCA52gAwIBAgIQauOJMlH5Ob2tFZ6rJMBdjjANBgkqhkiG9w0BAQUFADCB\n"
1034 "ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy\n"
1035 "aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy\n"
1036 "dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg\n"
1037 "SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w\n"
1038 "ODA4MjkwMDAwMDBaFw0xMDA4MjkyMzU5NTlaMHgxCzAJBgNVBAYTAlVTMRMwEQYD\n"
1039 "VQQIEwpOZXcgSmVyc2V5MRIwEAYDVQQHFAlXZWVoYXdrZW4xEjAQBgNVBAoUCUNp\n"
1040 "dGlncm91cDERMA8GA1UECxQId2hnLW9hazYxGTAXBgNVBAMUEHd3dy5jaXRpYmFu\n"
1041 "ay5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALQJbSYtbndsIlslFveP\n"
1042 "IlVNE38HnUD56BHcwfvcb8rQItXeHzYmgOf/RgHPTKG3LEZOxKqM0QpcZtEJ6xwV\n"
1043 "cTG7Wjw/FrMisN8aO4JWaxe8dFGajstlEMxz43G5zlprb9jzjnbIvvcnz0ILikOQ\n"
1044 "qmcThopBTs1+d4j7w/yEJo1zAgMBAAGjggF6MIIBdjAJBgNVHRMEAjAAMAsGA1Ud\n"
1045 "DwQEAwIFoDBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vY3JsLnZlcmlzaWduLmNv\n"
1046 "bS9DbGFzczNJbnRlcm5hdGlvbmFsU2VydmVyLmNybDBEBgNVHSAEPTA7MDkGC2CG\n"
1047 "SAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNv\n"
1048 "bS9ycGEwKAYDVR0lBCEwHwYJYIZIAYb4QgQBBggrBgEFBQcDAQYIKwYBBQUHAwIw\n"
1049 "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2ln\n"
1050 "bi5jb20wbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAH\n"
1051 "BgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udmVy\n"
1052 "aXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4GBAFDXKsxtWkoo\n"
1053 "HBkNjcCvcnjNAo3Pe+eOtLHb39e5qhkNQLPGA/1/7AofY9KmEtSV2LVGeuuJI4Pi\n"
1054 "Lg7fPl9Q0OE/oHJpj5JkObBP9Wo1vbrDR2nGWUlCRWm20rH81dTn7OcDxarwGWsR\n"
1055 "ewTCNmpKYaMx8Q1dyMYunHJApu+fbrHu\n"
1056 "-----END CERTIFICATE-----\n",
1058 "-----BEGIN CERTIFICATE-----\n"
1059 "MIIDgzCCAuygAwIBAgIQJUuKhThCzONY+MXdriJupDANBgkqhkiG9w0BAQUFADBf\n"
1060 "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
1061 "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
1062 "HhcNOTcwNDE3MDAwMDAwWhcNMTExMDI0MjM1OTU5WjCBujEfMB0GA1UEChMWVmVy\n"
1063 "aVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAx\n"
1064 "BgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3Mg\n"
1065 "MzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4g\n"
1066 "TElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOB\n"
1067 "jQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx\n"
1068 "veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01O\n"
1069 "OfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOB\n"
1070 "4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw\n"
1071 "KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNV\n"
1072 "HSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEI\n"
1073 "ATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAk\n"
1074 "oCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEB\n"
1075 "BQUAA4GBAAgB7ORolANC8XPxI6I63unx2sZUxCM+hurPajozq+qcBBQHNgYL+Yhv\n"
1076 "1RPuKSvD5HKNRO3RrCAJLeH24RkFOLA9D59/+J4C3IYChmFOJl9en5IeDCSk9dBw\n"
1077 "E88mw0M9SR2egi5SX7w+xmYpAY5Okiy8RnUDgqxz6dl+C2fvVFIa\n"
1078 "-----END CERTIFICATE-----\n",
1080 "-----BEGIN CERTIFICATE-----\n"
1081 "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
1082 "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
1083 "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
1084 "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
1085 "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
1086 "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
1087 "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
1088 "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
1089 "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
1090 "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
1091 "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
1092 "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
1093 "-----END CERTIFICATE-----\n",
1097 /* Self-signed certificate */
1098 static const char *pem_self_cert[] = {
1099 "-----BEGIN CERTIFICATE-----\n"
1100 "MIIDgjCCAmygAwIBAgIBADALBgkqhkiG9w0BAQUwSzELMAkGA1UEBhMCQlIxFDAS\n"
1101 "BgNVBAoTC01pbmFzIExpdnJlMSYwJAYDVQQDEx1UaGFkZXUgTGltYSBkZSBTb3V6\n"
1102 "YSBDYXNjYXJkbzAeFw0wODA1MzAxOTUzNDNaFw0wODExMjYxOTUzNDNaMEsxCzAJ\n"
1103 "BgNVBAYTAkJSMRQwEgYDVQQKEwtNaW5hcyBMaXZyZTEmMCQGA1UEAxMdVGhhZGV1\n"
1104 "IExpbWEgZGUgU291emEgQ2FzY2FyZG8wggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIB\n"
1105 "CQKCAQC4D934O6wrXJbMyu1w8gu6nN0aNUDGqrX9UgaB/4xVuYhPlhjH0z9Dqic9\n"
1106 "0pEZmyNCjQmzDSg/hnlY3fBG0i9Iel2oYn1UB4SdcJ2qGkLS87y2ZbMTS1oyMR7/\n"
1107 "y9l3WGEWqwgjIvOjGstcZo0rCIF8Qr21QGX22KWg2HXlMaZyA9bGtJ+L+x6f2hoo\n"
1108 "yIPCA30VMvIgHjOSPQJF3iJFE4Uxq1PQ65W91NyI6/bRKFOmFdCUJW8tqqvntYP8\n"
1109 "hEE08wGlKimFNv7CqZuRI8QuOnhZ7pBXkyvQpW8yHrORlOHxSjkNQKjddt92TCJb\n"
1110 "1q6eKv2CtCuDLgCuIy0Onr4U9n+hAgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8w\n"
1111 "HgYDVR0RBBcwFYITbWFpbC5taW5hc2xpdnJlLm9yZzATBgNVHSUEDDAKBggrBgEF\n"
1112 "BQcDATAPBgNVHQ8BAf8EBQMDB6QAMB0GA1UdDgQWBBQ/5v42y0jBHUKEfqpPmr5a\n"
1113 "WsjCGjALBgkqhkiG9w0BAQUDggEBAC/WfO2yK3vM9bG0qFEj8sd0cWiapMhf5PtH\n"
1114 "jigcPb/OKqSFQVXpAdNiUclPRP79Ih3CuWiXfZ/CW0+k2Z8tyy6AnEQItWvoVh/b\n"
1115 "8lS7Ph/f9JUYHp2DtgsQWcNQbrUZOPFBu8J4MD6cDWG5Uxwl3YASg30ZdmMDNT8B\n"
1116 "HshYz0HUOAhYwVSI3J/f7LFhD5OpjSroHgE7wA9UJrerAp9f7e3e9D7kNQ8DlvLP\n"
1117 "kz6Jh+5M/xD3JO1yl+evaCp3LA+z4M2xiNvtzkAEgj3t6RaJ81Sh5XGiooDYZ14R\n"
1118 "DgEBYLTUfBYBPzoaahPEdG/f0kUjUBJ34fkBUSjJKURPTHJfDfA=\n"
1119 "-----END CERTIFICATE-----\n",
1123 /* Chain length 2, CA constraint FALSE in v3 CA cert)*/
1124 static const char *thea_chain[] = {
1126 "-----BEGIN CERTIFICATE-----\n"
1127 "MIIC7DCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJERTEM\n"
1128 "MAoGA1UECBMDUkxQMSAwHgYDVQQKExdUZWNobmlzY2hlIFVuaXZlcnNpdGFldDEb\n"
1129 "MBkGA1UECxMSRmFjaGJlcmVpY2ggUGh5c2lrMQswCQYDVQQDEwJDQTAeFw0wODA5\n"
1130 "MTExMDUyMDdaFw0xODA5MDkxMDUyMDdaMIGTMQswCQYDVQQGEwJERTEMMAoGA1UE\n"
1131 "CBMDUkxQMRcwFQYDVQQHEw5LYWlzZXJzbGF1dGVybjEgMB4GA1UEChMXVGVjaG5p\n"
1132 "c2NoZSBVbml2ZXJzaXRhZXQxGzAZBgNVBAsTEkZhY2hiZXJlaWNoIFBoeXNpazEe\n"
1133 "MBwGA1UEAxMVdGhlYS5waHlzaWsudW5pLWtsLmRlMIGfMA0GCSqGSIb3DQEBAQUA\n"
1134 "A4GNADCBiQKBgQC/gTUrXSeNvuRH+ibdR7zvlCGs+66C6tDaq14SpEDiY/FEw/S4\n"
1135 "mkhsHohiQkmqpcPJ0FONok7bvJryKZwwhGFHeESvvWjFVNIdxFgf6Jx2McKsRzBD\n"
1136 "nbgVNeK6bywh2L5WgOeckRm0vUxCwX+jWtETorNHSYnZI9smmBtJ1FIPkQIDAQAB\n"
1137 "o3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl\n"
1138 "ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUS0IiRshnnlH2bneYeCn6OkY9nZAwHwYD\n"
1139 "VR0jBBgwFoAU+rCwSUUzK53X9W5otZG4okyY/rswDQYJKoZIhvcNAQEFBQADgYEA\n"
1140 "g0f6XFxpUL2hncpQcnKorNYdOkZkZHiKqu2SINtla+IbLZFO4nVVO+LKt+RCo2o7\n"
1141 "tZIMLEU3aCeH5dgSEKQeyL5MPMg3MbA6ezjOBTkT/YgngzM4CMLOKcvAMLncfH/z\n"
1142 "GYBW1DXijIy1r/SxO0k9zy8OEtKeOOUO0GqQTWuTOOg=\n"
1143 "-----END CERTIFICATE-----\n",
1145 "-----BEGIN CERTIFICATE-----\n"
1146 "MIICvzCCAiigAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJERTEM\n"
1147 "MAoGA1UECBMDUkxQMSAwHgYDVQQKExdUZWNobmlzY2hlIFVuaXZlcnNpdGFldDEb\n"
1148 "MBkGA1UECxMSRmFjaGJlcmVpY2ggUGh5c2lrMQswCQYDVQQDEwJDQTAeFw0wODA5\n"
1149 "MTExMDQ3NDRaFw0xODA5MDkxMDQ3NDRaMGcxCzAJBgNVBAYTAkRFMQwwCgYDVQQI\n"
1150 "EwNSTFAxIDAeBgNVBAoTF1RlY2huaXNjaGUgVW5pdmVyc2l0YWV0MRswGQYDVQQL\n"
1151 "ExJGYWNoYmVyZWljaCBQaHlzaWsxCzAJBgNVBAMTAkNBMIGfMA0GCSqGSIb3DQEB\n"
1152 "AQUAA4GNADCBiQKBgQC76RbqsB5J+VvU1KbBCrkIL3lgY8BxgFvYF3HiHgxtCdqq\n"
1153 "BmRpAaDBcVAuEb1ihhP68181sYQ1UPMY+zwBwXVNSVvjeBba1JjGmagwPnJXOCay\n"
1154 "7Cw5orY8KB7U33neEOGrlz1EKQGVaPsr993wGD/7AmntuVuxrRVpzoDP5s0PIwID\n"
1155 "AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy\n"
1156 "YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+rCwSUUzK53X9W5otZG4okyY/rsw\n"
1157 "HwYDVR0jBBgwFoAU+rCwSUUzK53X9W5otZG4okyY/rswDQYJKoZIhvcNAQEFBQAD\n"
1158 "gYEAUT+LmosiDHGuLAZmY40obam0eexJzn/g++mDy3FMh3WmMBKSsfwFsFsQ4k7N\n"
1159 "lv1SCfTYeh2hpw/DQzkiYZUkcQI4mBR4hG5Zv56AfYQLGeLtN4VOOCMxguftvzv0\n"
1160 "kziQa2QW+VzVJqV1gpRCRT30Jaa9s4u6ipO9DT5N03F4CcI=\n"
1161 "-----END CERTIFICATE-----\n",
1165 /* Chain length 3 ends with trusted v1 RSA-MD2 cert, similar to
1166 verisign_com_chain above */
1167 static const char *hbci_chain[] = {
1169 "-----BEGIN CERTIFICATE-----\n"
1170 "MIIEczCCA9ygAwIBAgIQeODCPg2RbK2r7/1KoWjWZzANBgkqhkiG9w0BAQUFADCB\n"
1171 "ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy\n"
1172 "aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy\n"
1173 "dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg\n"
1174 "SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w\n"
1175 "ODA2MTAwMDAwMDBaFw0wOTA3MzAyMzU5NTlaMIG2MQswCQYDVQQGEwJERTEPMA0G\n"
1176 "A1UECBMGSGVzc2VuMRowGAYDVQQHFBFGcmFua2Z1cnQgYW0gTWFpbjEsMCoGA1UE\n"
1177 "ChQjU3Bhcmthc3NlbiBJbmZvcm1hdGlrIEdtYkggJiBDby4gS0cxKTAnBgNVBAsU\n"
1178 "IFRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tMSEwHwYDVQQDFBhoYmNp\n"
1179 "LXBpbnRhbi1ycC5zLWhiY2kuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\n"
1180 "AK1CdQ9lqmChZWaRAInimuK7I36VImTuAVU0N6BIS4a2BbblkiekbVf15GVHGb6e\n"
1181 "QV06ANN6Nd8XIdfoxi3LoAs8sa+Ku7eoEsRFi/XIU96GgtFlxf3EsVA9RbGdtfer\n"
1182 "9iJGIBae2mJTlk+5LVg2EQr50PJlBuTgiYFc41xs9O2RAgMBAAGjggF6MIIBdjAJ\n"
1183 "BgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8v\n"
1184 "Y3JsLnZlcmlzaWduLmNvbS9DbGFzczNJbnRlcm5hdGlvbmFsU2VydmVyLmNybDBE\n"
1185 "BgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\n"
1186 "d3d3LnZlcmlzaWduLmNvbS9ycGEwKAYDVR0lBCEwHwYJYIZIAYb4QgQBBggrBgEF\n"
1187 "BQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw\n"
1188 "Oi8vb2NzcC52ZXJpc2lnbi5jb20wbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJ\n"
1189 "aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYk\n"
1190 "aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEB\n"
1191 "BQUAA4GBAJ03R0YAjYzlWm54gMSn6MqJi0mHdLCO2lk3CARwjbg7TEYAZvDsKqTd\n"
1192 "cRuhNk079BqrQ3QapffeN55SAVrc3mzHO54Nla4n5y6x3XIQXVvRjbJGwmWXsdvr\n"
1193 "W899F/pBEN30Tgdbmn7JR/iZlGhIJpY9Us1i7rwQhKYir9ZQBdj3\n"
1194 "-----END CERTIFICATE-----\n",
1196 "-----BEGIN CERTIFICATE-----\n"
1197 "MIIDgzCCAuygAwIBAgIQJUuKhThCzONY+MXdriJupDANBgkqhkiG9w0BAQUFADBf\n"
1198 "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
1199 "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
1200 "HhcNOTcwNDE3MDAwMDAwWhcNMTExMDI0MjM1OTU5WjCBujEfMB0GA1UEChMWVmVy\n"
1201 "aVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAx\n"
1202 "BgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3Mg\n"
1203 "MzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4g\n"
1204 "TElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOB\n"
1205 "jQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx\n"
1206 "veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01O\n"
1207 "OfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOB\n"
1208 "4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw\n"
1209 "KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNV\n"
1210 "HSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEI\n"
1211 "ATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAk\n"
1212 "oCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEB\n"
1213 "BQUAA4GBAAgB7ORolANC8XPxI6I63unx2sZUxCM+hurPajozq+qcBBQHNgYL+Yhv\n"
1214 "1RPuKSvD5HKNRO3RrCAJLeH24RkFOLA9D59/+J4C3IYChmFOJl9en5IeDCSk9dBw\n"
1215 "E88mw0M9SR2egi5SX7w+xmYpAY5Okiy8RnUDgqxz6dl+C2fvVFIa\n"
1216 "-----END CERTIFICATE-----\n",
1218 "-----BEGIN CERTIFICATE-----\n"
1219 "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
1220 "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
1221 "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
1222 "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
1223 "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
1224 "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
1225 "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
1226 "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
1227 "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
1228 "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
1229 "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
1230 "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
1231 "-----END CERTIFICATE-----\n",
1235 /* End-entity cert signed using RSA-MD5. */
1236 static const char *mayfirst_chain[] = {
1238 "-----BEGIN CERTIFICATE-----\n"
1239 "MIIDVTCCAr6gAwIBAgIDCHp1MA0GCSqGSIb3DQEBBAUAMFoxCzAJBgNVBAYTAlVT\n"
1240 "MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4\n"
1241 "IFNlY3VyZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwHhcNMDgwNTE5MDUyOTE5WhcN\n"
1242 "MDkxMDE5MDUyOTE5WjCBxDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFHN1cHBvcnQu\n"
1243 "bWF5Zmlyc3Qub3JnMRMwEQYDVQQLEwpHVDY5MDc5ODgwMTEwLwYDVQQLEyhTZWUg\n"
1244 "d3d3LnJhcGlkc3NsLmNvbS9yZXNvdXJjZXMvY3BzIChjKTA3MS8wLQYDVQQLEyZE\n"
1245 "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEdMBsGA1UEAxMU\n"
1246 "c3VwcG9ydC5tYXlmaXJzdC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\n"
1247 "AN0TWIZwJ/hIfMHc08/bBMlzZ5WucJqEvxU/ZnxPo/H6V/m4v1iLpM2hip2c5cg0\n"
1248 "BcEMc/TBHQ1UEV8sb0Lh91kWfiMB1Sp+L2Fpz/wnhsivXC5j6jq9IcPqmOZOXBYX\n"
1249 "k04W1B6FKTvk9KrZJ0at2J44hp4SsAfWQI0eCKuas+R1AgMBAAGjgb0wgbowDgYD\n"
1250 "VR0PAQH/BAQDAgTwMB0GA1UdDgQWBBS0D4iuCxp35TLADTkINq2AhgTYVTA7BgNV\n"
1251 "HR8ENDAyMDCgLqAshipodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL2dsb2Jh\n"
1252 "bGNhMS5jcmwwHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1draGwwHQYDVR0l\n"
1253 "BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcN\n"
1254 "AQEEBQADgYEAXNWYnrO1mZgBSCwPlWhVa2aOKGCFmehLIcAPEBN+8xhXuOeigYBm\n"
1255 "ic5ShCO583ttgHNCV3Y5dW9sNhv1US4vSb6soKjgUlG11fJKUqU8mwFKvbs7TUSq\n"
1256 "j6h+1uvlfFI34WzODjJloY4QSM7FmbnW+HCiFKYyvra3iUqjcl9AeR4=\n"
1257 "-----END CERTIFICATE-----\n",
1259 "-----BEGIN CERTIFICATE-----\n"
1260 "MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJV\n"
1261 "UzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1\n"
1262 "aWZheCBTZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0\n"
1263 "MDAwMFoXDTIwMDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoT\n"
1264 "E0VxdWlmYXggU2VjdXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJl\n"
1265 "IEdsb2JhbCBlQnVzaW5lc3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw\n"
1266 "gYkCgYEAuucXkAJlsTRVPEnCUdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQy\n"
1267 "td4zjTov2/KaelpzmKNc6fuKcxtc58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORR\n"
1268 "OhI8bIpaVIRw28HFkM9yRcuoWcDNM50/o5brhTMhHD4ePmBudpxnhcXIw2EC\n"
1269 "AwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAHMA8GA1UdEwEB/wQFMAMBAf8w\n"
1270 "HwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1draGwwHQYDVR0OBBYEFL6o\n"
1271 "oHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUAA4GBADDiAVGqx+pf\n"
1272 "2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkAZ70Br83gcfxa\n"
1273 "z2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv8qIYNMR1\n"
1274 "pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV\n"
1275 "-----END CERTIFICATE-----\n",
1279 /* Test V1 CA without basicConstraint. */
1280 static const char *v1ca[] = {
1282 "-----BEGIN CERTIFICATE-----\n"
1283 "MIIE/zCCA+egAwIBAgIQBSsgZODO6vk6ayagofBQJDANBgkqhkiG9w0BAQUFADCB\n"
1284 "sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
1285 "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
1286 "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMh\n"
1287 "VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBMB4XDTA4MDUwNTAwMDAw\n"
1288 "MFoXDTA5MDUyMjIzNTk1OVowczELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlu\n"
1289 "b2lzMRAwDgYDVQQHFAdEdSBQYWdlMSQwIgYDVQQKFBtBcmdvbm5lIE5hdGlvbmFs\n"
1290 "IExhYm9yYXRvcnkxGTAXBgNVBAMUEGF1dGgyLml0LmFubC5nb3YwgZ8wDQYJKoZI\n"
1291 "hvcNAQEBBQADgY0AMIGJAoGBAMg6YPOXsPQedkLUug3RoMjv/OB+SfuDgGXxtef5\n"
1292 "iE0SjCcsKT5v+bfxt2+ccs7IN7kWn1luJ5NTb0ZrdE6LQoYp9oLsaX/ukOnxKUMY\n"
1293 "YhJJyHgutPtwyPvfZTZPpATWycJnZGIehY1S6thwxeofUyE3ykec2lalULzwXgel\n"
1294 "iC97AgMBAAGjggHTMIIBzzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBEBgNVHR8E\n"
1295 "PTA7MDmgN6A1hjNodHRwOi8vU1ZSU2VjdXJlLWNybC52ZXJpc2lnbi5jb20vU1ZS\n"
1296 "U2VjdXJlMjAwNS5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsG\n"
1297 "AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMB0GA1UdJQQWMBQG\n"
1298 "CCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBRv7K+g3Yqk7/UqEGctP1WC\n"
1299 "vNfvJTB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZl\n"
1300 "cmlzaWduLmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL1NWUlNlY3VyZS1haWEudmVy\n"
1301 "aXNpZ24uY29tL1NWUlNlY3VyZTIwMDUtYWlhLmNlcjBuBggrBgEFBQcBDARiMGCh\n"
1302 "XqBcMFowWDBWFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBRLa7kolgYMu9BSOJsp\n"
1303 "rEsHiyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYw\n"
1304 "DQYJKoZIhvcNAQEFBQADggEBAEAKzE4gXeyjRDBSgAgWIaCozbWK+b1ct4aZhWZt\n"
1305 "ihAyASxsNgDjDJzkInINjXoO5FWuJHDuoyyWHBQBb7t96+KgFu/4ye90VUDNTuin\n"
1306 "mmqdOKeLSHVnlhfvGLCdrhWSWg/jZmAjYrXYRwkvxehl9IcHmOgNrHV3INdrSTdZ\n"
1307 "ZCVLL74tuMqhMMm/NJ0tdEmWgpJe+/0dky2F2gAB+mFXlyzFvCLoyS2Vl0PW/BxM\n"
1308 "Ly5t+scmAbgni9gzmFTNhbKHd0s2UE395z4ra6fUdZ0BClFgMDvUnb6kJ/uyKRSa\n"
1309 "h7uQbWFJbA8aNgGLvfTf6o9n+GwbZkcgtBgIVENt8wzqg2I=\n"
1310 "-----END CERTIFICATE-----\n",
1312 "-----BEGIN CERTIFICATE-----\n"
1313 "MIIEnDCCBAWgAwIBAgIQdTN9mrDhIzuuLX3kRpFi1DANBgkqhkiG9w0BAQUFADBf\n"
1314 "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
1315 "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
1316 "HhcNMDUwMTE5MDAwMDAwWhcNMTUwMTE4MjM1OTU5WjCBsDELMAkGA1UEBhMCVVMx\n"
1317 "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
1318 "dCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cu\n"
1319 "dmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMhVmVyaVNpZ24gQ2xhc3Mg\n"
1320 "MyBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\n"
1321 "AQEAlcMhEo5AxQ0BX3ZeZpTZcyxYGSK4yfx6OZAqd3J8HT732FXjr0LLhzAC3Fus\n"
1322 "cOa4RLQrNeuT0hcFfstG1lxToDJRnXRkWPkMmgDqXkRJZHL0zRDihQr5NO6ziGap\n"
1323 "paRa0A6Yf1gNK1K7hql+LvqySHyN2y1fAXWijQY7i7RhB8m+Ipn4G9G1V2YETTX0\n"
1324 "kXGWtZkIJZuXyDrzILHdnpgMSmO3ps6wAc74k2rzDG6fsemEe4GYQeaB3D0s57Rr\n"
1325 "4578CBbXs9W5ZhKZfG1xyE2+xw/j+zet1XWHIWuG0EQUWlR5OZZpVsm5Mc2JYVjh\n"
1326 "2XYFBa33uQKvp/1HkaIiNFox0QIDAQABo4IBgTCCAX0wEgYDVR0TAQH/BAgwBgEB\n"
1327 "/wIBADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0\n"
1328 "dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwMQYDVR0fBCowKDAmoCSgIoYgaHR0\n"
1329 "cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH/BAQDAgEGMBEG\n"
1330 "CWCGSAGG+EIBAQQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRQ2xhc3Mz\n"
1331 "Q0EyMDQ4LTEtNDUwHQYDVR0OBBYEFG/sr6DdiqTv9SoQZy0/VYK81+8lMIGABgNV\n"
1332 "HSMEeTB3oWOkYTBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIElu\n"
1333 "Yy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlv\n"
1334 "biBBdXRob3JpdHmCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQEFBQADgYEA\n"
1335 "w34IRl2RNs9n3Nenr6+4IsOLBHTTsWC85v63RBKBWzFzFGNWxnIu0RoDQ1w4ClBK\n"
1336 "Tc3athmo9JkNr+P32PF1KGX2av6b9L1S2T/L2hbLpZ4ujmZSeD0m+v6UNohKlV4q\n"
1337 "TBnvbvqCPy0D79YoszcYz0KyNCFkR9MgazpM3OYDkAw=\n"
1338 "-----END CERTIFICATE-----\n",
1340 "-----BEGIN CERTIFICATE-----\n"
1341 "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzEL\n"
1342 "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQL\n"
1343 "Ey5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y\n"
1344 "aXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UE\n"
1345 "BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
1346 "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGf\n"
1347 "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69q\n"
1348 "RUCPhAwL0TPZ2RHP7gJYHyX3KqhEBarsAx94f56TuZoAqiN91qyFomNFx3In\n"
1349 "zPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/isI19wKTakyYbnsZogy1Olhec9vn2a\n"
1350 "/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0GCSqGSIb3DQEBAgUAA4GBALtM\n"
1351 "EivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Dolbwdj2wsqFHMc9ikwFPw\n"
1352 "TtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNycAA9WjQKZ7aKQRUzk\n"
1353 "uxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
1354 "-----END CERTIFICATE-----\n",
1358 /* Test CACert chain with RSA-MD5 signature. */
1359 static const char *cacertrsamd5[] = {
1360 /* chain[0] (EE cert) */
1361 "-----BEGIN CERTIFICATE-----\n"
1362 "MIIE3zCCAsegAwIBAgICbmgwDQYJKoZIhvcNAQEFBQAwVDEUMBIGA1UEChMLQ0Fj\n"
1363 "ZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzEcMBoGA1UE\n"
1364 "AxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDAeFw0wOTAxMTYyMjI5NDdaFw0xMTAxMTYy\n"
1365 "MjI5NDdaMBsxGTAXBgNVBAMTEGZyeS5zZXJ2ZXJhbWEuZGUwgZ8wDQYJKoZIhvcN\n"
1366 "AQEBBQADgY0AMIGJAoGBAMh3WSR8Dxw/zDAZpHMjA1To0HJIaoyR9TqzQfLgn7Yr\n"
1367 "sQFrRMefVMWYHiEFAVJTRcO5GuUtkw3IxALLlyNMl7xJbZESzRKw3Tz3NtM3DopB\n"
1368 "8L7rI8ANy7Hh6P5QRMWJ9OJyiLhSpAi0TuJeGr+kKovHRj64V2/NtoPgDsytHMt9\n"
1369 "AgMBAAGjggF2MIIBcjAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMC\n"
1370 "BggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAz\n"
1371 "BggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5v\n"
1372 "cmcvMIHpBgNVHREEgeEwgd6CEGZyeS5zZXJ2ZXJhbWEuZGWgHgYIKwYBBQUHCAWg\n"
1373 "EgwQZnJ5LnNlcnZlcmFtYS5kZYIQZnJ5LnNlcnZlcmFtYS5kZaAeBggrBgEFBQcI\n"
1374 "BaASDBBmcnkuc2VydmVyYW1hLmRlghIqLmZyeS5zZXJ2ZXJhbWEuZGWgIAYIKwYB\n"
1375 "BQUHCAWgFAwSKi5mcnkuc2VydmVyYW1hLmRlggd6cHViLmRloBUGCCsGAQUFBwgF\n"
1376 "oAkMB3pwdWIuZGWCCSouenB1Yi5kZaAXBggrBgEFBQcIBaALDAkqLnpwdWIuZGUw\n"
1377 "DQYJKoZIhvcNAQEFBQADggIBAEWSsOlLbjdRjijMmOnDc2RcLQ5PQC9pjUW+bzGR\n"
1378 "KTJbf8Hf/wSdmHAam+UsIM6HzdQVi058dGyb8/NJQJD+9Dgv1m57x1prLerkt6xq\n"
1379 "UQCYmOpMxCJOykLqzEUnou9WtL5FaD+wBlOuqWFy0Cy2O3LHXkSkaMR+gdxC4pkI\n"
1380 "wSkI2SDdC0juvnoVI7iBaaIhYI/1FwV56hc6lxsAslf0NbtiiwhneVbHm5XRK1d4\n"
1381 "tabVKwOHnEuDyAnZd1yM1EqXKz+NwBlhoKWhC0fVUByID5A2WGEejBJcW/lVrYft\n"
1382 "4+sJpnwS+/VDS5yrDXMqMdYGE8TVMy7RsaoUdaeFQYv4Go48BBGDJB5uEkBJiSq8\n"
1383 "ViZA4iEKujBa5zKJ+CZXy3D/eHLBKUL+ayc9dLeeFTPZU0jYb83kE1wtlnWwF4J1\n"
1384 "8lUQI10nLFg+ALoZoAmFZej19XgbyG6im+ZRFuwrpV6F3HJRP+AMNInsLoQTuD9I\n"
1385 "l2gftVaIU1MqUmVMBcUeeNXG1BZ9vRonKzAC4Otfk1B6aW4Lz0E+sZ+HfCMicD3j\n"
1386 "N01KAeNZ64j8emgnLffurb7qUWbanTpMEzxrelBRufxJkXcn6BcFcxPBVgFnsMgF\n"
1387 "tP7e7N/cm55pI8Et+Gjp+ORJetSio118yu9bf7etSAJWOS6tQ2Ac7JeKP+a8jsvq\n"
1389 "-----END CERTIFICATE-----\n",
1390 /* chain[1] (Class 3 CA) */
1391 "-----BEGIN CERTIFICATE-----\n"
1392 "MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n"
1393 "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n"
1394 "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n"
1395 "Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS\n"
1396 "BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v\n"
1397 "cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB\n"
1398 "AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9\n"
1399 "4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB\n"
1400 "Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J\n"
1401 "0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ\n"
1402 "FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx\n"
1403 "bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q\n"
1404 "SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb\n"
1405 "6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV\n"
1406 "m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g\n"
1407 "eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG\n"
1408 "kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7\n"
1409 "6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG\n"
1410 "CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc\n"
1411 "aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB\n"
1412 "gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w\n"
1413 "aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6\n"
1414 "tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0\n"
1415 "nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M\n"
1416 "77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV\n"
1417 "Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L\n"
1418 "ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM\n"
1419 "zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU\n"
1420 "rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF\n"
1421 "YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT\n"
1422 "oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu\n"
1423 "FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB\n"
1424 "0m6lG5kngOcLqagA\n"
1425 "-----END CERTIFICATE-----\n",
1426 /* chain[2] (Root CA) */
1427 "-----BEGIN CERTIFICATE-----\n"
1428 "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n"
1429 "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n"
1430 "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n"
1431 "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n"
1432 "BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi\n"
1433 "MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ\n"
1434 "ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC\n"
1435 "CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ\n"
1436 "8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6\n"
1437 "zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y\n"
1438 "fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7\n"
1439 "w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc\n"
1440 "G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k\n"
1441 "epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q\n"
1442 "laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ\n"
1443 "QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU\n"
1444 "fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826\n"
1445 "YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w\n"
1446 "ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY\n"
1447 "gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe\n"
1448 "MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0\n"
1449 "IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy\n"
1450 "dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw\n"
1451 "czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0\n"
1452 "dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl\n"
1453 "aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC\n"
1454 "AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg\n"
1455 "b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB\n"
1456 "ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc\n"
1457 "nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg\n"
1458 "18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c\n"
1459 "gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl\n"
1460 "Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY\n"
1461 "sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T\n"
1462 "SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF\n"
1463 "CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum\n"
1464 "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n"
1465 "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n"
1466 "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n"
1467 "-----END CERTIFICATE-----\n",
1471 /* Test Certicom cert with ECC-SHA256 signature. */
1472 static const char *ecc_cert[] = {
1473 /* chain[0] (ECC cert) */
1474 "-----BEGIN CERTIFICATE-----\n"
1475 "MIICbzCCAhSgAwIBAgIIZLkW6EZO5PQwCgYIKoZIzj0EAwIwgZsxFDASBgNVBAsT\n"
1476 "C1NBTVBMRSBPTkxZMRcwFQYDVQQKEw5DZXJ0aWNvbSBDb3JwLjEQMA4GA1UEBxMH\n"
1477 "VG9yb250bzEQMA4GA1UEBBMHT250YXJpbzE5MDcGA1UEAxMwdGxzLnNlY2cub3Jn\n"
1478 "IEVDQyBzZWNwMjU2cjEgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQswCQYDVQQGEwJD\n"
1479 "QTAeFw0wOTA1MDcwMDAwMDBaFw0xNTA1MDEwMDAwMDBaMIGYMRQwEgYDVQQLEwtT\n"
1480 "QU1QTEUgT05MWTEXMBUGA1UEChMOQ2VydGljb20gQ29ycC4xEDAOBgNVBAcTB1Rv\n"
1481 "cm9udG8xEDAOBgNVBAgTB09udGFyaW8xNjA0BgNVBAMTLXRscy5zZWNnLm9yZyBF\n"
1482 "Q0Mgc2VjcDI1NnIxIFNlcnZlciBDZXJ0aWZpY2F0ZTELMAkGA1UEBhMCQ0EwWTAT\n"
1483 "BgcqhkjOPQIBBggqhkjOPQMBBwNCAATf63kPhr3D6a2scrHWVr0oOXQMnBDT6Jv/\n"
1484 "ifqzt4/xTbXsZNEyD96nyh82sk0tM+FVfBlsIwGc7vqBfyq0mC/Io0MwQTAOBgNV\n"
1485 "HQ8BAf8EBAMCA4gwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwFwYDVR0RBBAwDoIM\n"
1486 "dGxzLnNlY2cub3JnMAoGCCqGSM49BAMCA0kAMEYCIQDfacZHsdsj6SXQ2hyJS4Do\n"
1487 "SMclqGLo2Sop7hfAeEJA+wIhAOMo7eLya44SIcuzrLBpg29g5ZzYOeuEzRcg9mch\n"
1489 "-----END CERTIFICATE-----\n",
1490 "-----BEGIN CERTIFICATE-----\n"
1491 "MIICTjCCAfagAwIBAgIICvq6Bj3Av6EwCQYHKoZIzj0EATCBmzEUMBIGA1UECxML\n"
1492 "U0FNUExFIE9OTFkxFzAVBgNVBAoTDkNlcnRpY29tIENvcnAuMRAwDgYDVQQHEwdU\n"
1493 "b3JvbnRvMRAwDgYDVQQEEwdPbnRhcmlvMTkwNwYDVQQDEzB0bHMuc2VjZy5vcmcg\n"
1494 "RUNDIHNlY3AyNTZyMSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAkNB\n"
1495 "MB4XDTA2MDUwMTAwMDAwMFoXDTE1MDUwMTAwMDAwMFowgZsxFDASBgNVBAsTC1NB\n"
1496 "TVBMRSBPTkxZMRcwFQYDVQQKEw5DZXJ0aWNvbSBDb3JwLjEQMA4GA1UEBxMHVG9y\n"
1497 "b250bzEQMA4GA1UEBBMHT250YXJpbzE5MDcGA1UEAxMwdGxzLnNlY2cub3JnIEVD\n"
1498 "QyBzZWNwMjU2cjEgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQswCQYDVQQGEwJDQTBZ\n"
1499 "MBMGByqGSM49AgEGCCqGSM49AwEHA0IABB2oofFVa6akTK6hpaJLs+6skdhn0sQp\n"
1500 "uJwVwG99T0VZY8v7q6NMIWrpYQFmOxQyVVNlxWWyr2cLYJTyqx/zuDejIzAhMA4G\n"
1501 "A1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAkGByqGSM49BAEDRwAwRAIg\n"
1502 "W2KAhfAKWFoh47A7muk8K10cGqOKRtb9lCgdOltj19oCIG+ZJQv5m+RnL4X2Ti0y\n"
1503 "ZJzOOuzBQVGiUFwZdn1dLv4X\n"
1504 "-----END CERTIFICATE-----\n",
1508 static const char *verisign_com_chain_g5[] = {
1510 "-----BEGIN CERTIFICATE-----\n"
1511 "MIIFXjCCBEagAwIBAgIQHYWDpKNVUzEFx4Pq8yjxbTANBgkqhkiG9w0BAQUFADCB\n"
1512 "tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
1513 "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
1514 "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm\n"
1515 "VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTQwMjI3\n"
1516 "MDAwMDAwWhcNMTUwMjI4MjM1OTU5WjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMK\n"
1517 "V2FzaGluZ3RvbjEQMA4GA1UEBxQHU2VhdHRsZTEYMBYGA1UEChQPQW1hem9uLmNv\n"
1518 "bSBJbmMuMRcwFQYDVQQDFA53d3cuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEB\n"
1519 "BQADggEPADCCAQoCggEBAJdfieOPrf4Arf1Iled/ii97407ZnjpaB5xxm49Q4Pz3\n"
1520 "+5xmD0LYre7Cjn1A7W3ZlHki5zFVZpW9Jb/3PfSEDY5slyjkLD2jdl2gVefSthSZ\n"
1521 "tYxb5eYv79tIEN0U9AZ8/VaGwUokl8n1MitcECxNLMe4LqoVmS29nXITTTzX5t3I\n"
1522 "4dUeMBDNI+xgVpJSpxwzA+/L+wxoj5Sb4YJ/Y+iUknCkjX6PpaZMRWBEE0dqvG02\n"
1523 "qlxXesAV0nmKYvjbtqAyoW6vgjP85h6gJEESIqTTZy1HOgFpO8XT05CpGDcjhP1s\n"
1524 "TvXF7Vx1aj+xDidGLLW188G35oFKIhEyHQV2V7vzRAUCAwEAAaOCAbUwggGxMFAG\n"
1525 "A1UdEQRJMEeCEXVlZGF0YS5hbWF6b24uY29tggphbWF6b24uY29tgghhbXpuLmNv\n"
1526 "bYIMd3d3LmFtem4uY29tgg53d3cuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1Ud\n"
1527 "DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0g\n"
1528 "BDwwOjA4BgpghkgBhvhFAQc2MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZl\n"
1529 "cmlzaWduLmNvbS9jcHMwHwYDVR0jBBgwFoAUDURcFlNEwYJ+HSCrJfQBY9i+eaUw\n"
1530 "RQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwudmVyaXNp\n"
1531 "Z24uY29tL1NWUlNlY3VyZUczLmNybDB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUH\n"
1532 "MAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTBABggrBgEFBQcwAoY0aHR0cDov\n"
1533 "L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN\n"
1534 "BgkqhkiG9w0BAQUFAAOCAQEAOeZfjkI0yR/nutCMHp5/uB/evkB8qIYxh1KKbhPB\n"
1535 "TmpykmJxiLKrBBcBBu9kW5lMbNPSNclE4sCyN0dxCJHwPm7ubNUxsmDSTPTJOx0M\n"
1536 "zl0WZVaZ7eX3nw1kj8jSoK0f5n87RzKK85MwBFsEn73Z2pDvxTcd72BE0T1UJLcU\n"
1537 "2A5uHAJyvm2QpOWBIRKlJHIHCcu5xjj5yLnGO9id0cjOjEgj9f1Mo4hzawL5vQfk\n"
1538 "o/xFxAsA70bk2trv54kgLvhmAW+B6OpN3Z/xB4mWNOw3G8bg/u+pCLvd8KRO5V8K\n"
1539 "TlgO1NTaOgYC6OAF3USNMhuNZh6h5tWA3mA8rFr8ZsayhA==\n"
1540 "-----END CERTIFICATE-----\n",
1542 "-----BEGIN CERTIFICATE-----\n"
1543 "MIIF7DCCBNSgAwIBAgIQbsx6pacDIAm4zrz06VLUkTANBgkqhkiG9w0BAQUFADCB\n"
1544 "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
1545 "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
1546 "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
1547 "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
1548 "aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtTEL\n"
1549 "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
1550 "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n"
1551 "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVy\n"
1552 "aVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3\n"
1553 "DQEBAQUAA4IBDwAwggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG\n"
1554 "5btljkRPTc5v7QlK1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8\n"
1555 "f0MmV1gzgzszChew0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDK\n"
1556 "tpo9yus3nABINYYpUHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAbo\n"
1557 "GLSa6Dxugf3kzTU2s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RV\n"
1558 "M5l/JJs/U0V/hhrzPPptf4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggHfMIIB\n"
1559 "2zA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlz\n"
1560 "aWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4\n"
1561 "RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nw\n"
1562 "czAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQG\n"
1563 "A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUu\n"
1564 "Y3JsMA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglp\n"
1565 "bWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNo\n"
1566 "dHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAoBgNVHREEITAfpB0w\n"
1567 "GzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+\n"
1568 "HSCrJfQBY9i+eaUwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJ\n"
1569 "KoZIhvcNAQEFBQADggEBAAyDJO/dwwzZWJz+NrbrioBL0aP3nfPMU++CnqOh5pfB\n"
1570 "WJ11bOAdG0z60cEtBcDqbrIicFXZIDNAMwfCZYP6j0M3m+oOmmxw7vacgDvZN/R6\n"
1571 "bezQGH1JSsqZxxkoor7YdyT3hSaGbYcFQEFn0Sc67dxIHSLNCwuLvPSxe/20majp\n"
1572 "dirhGi2HbnTTiN0eIsbfFrYrghQKlFzyUOyvzv9iNw2tZdMGQVPtAhTItVgooazg\n"
1573 "W+yzf5VK+wPIrSbb5mZ4EkrZn0L74ZjmQoObj49nJOhhGbXdzbULJgWOw27EyHW4\n"
1574 "Rs/iGAZeqa6ogZpHFt4MKGwlJ7net4RYxh84HqTEy2Y=\n"
1575 "-----END CERTIFICATE-----\n",
1577 "-----BEGIN CERTIFICATE-----\n"
1578 "MIIExjCCBC+gAwIBAgIQNZcxh/OHOgcyfs5YDJt+2jANBgkqhkiG9w0BAQUFADBf\n"
1579 "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
1580 "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
1581 "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n"
1582 "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
1583 "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n"
1584 "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n"
1585 "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n"
1586 "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n"
1587 "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n"
1588 "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n"
1589 "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n"
1590 "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n"
1591 "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n"
1592 "AAGjggGRMIIBjTAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n"
1593 "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9\n"
1594 "BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy\n"
1595 "aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwNAYD\n"
1596 "VR0lBC0wKwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBBggrBgEFBQcDAQYIKwYBBQUH\n"
1597 "AwIwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUr\n"
1598 "DgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNp\n"
1599 "Z24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhho\n"
1600 "dHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEADyWuSO0b\n"
1601 "M4VMDLXC1/5N1oMoTEFlYAALd0hxgv5/21oOIMzS6ke8ZEJhRDR0MIGBJopK90Rd\n"
1602 "fjSAqLiD4gnXbSPdie0oCL1jWhFXCMSe2uJoKK/dUDzsgiHYAMJVRFBwQa2DF3m6\n"
1603 "CPMr3u00HUSe0gST9MsFFy0JLS1j7/YmC3s=\n"
1604 "-----END CERTIFICATE-----\n",
1606 /* chain[4] - alt CA */
1607 "-----BEGIN CERTIFICATE-----\n"
1608 "MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB\n"
1609 "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
1610 "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
1611 "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
1612 "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
1613 "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL\n"
1614 "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n"
1615 "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln\n"
1616 "biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp\n"
1617 "U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y\n"
1618 "aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1\n"
1619 "nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex\n"
1620 "t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz\n"
1621 "SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG\n"
1622 "BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+\n"
1623 "rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/\n"
1624 "NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E\n"
1625 "BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH\n"
1626 "BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy\n"
1627 "aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv\n"
1628 "MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE\n"
1629 "p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y\n"
1630 "5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK\n"
1631 "WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ\n"
1632 "4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N\n"
1633 "hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq\n"
1634 "-----END CERTIFICATE-----\n",
1638 /* This chain has name constraints on the CA but the end certificate
1639 * has no name on CN or subjectAltname. */
1640 static const char *name_constraints_but_no_name[] = {
1642 "-----BEGIN CERTIFICATE-----\n"
1643 "MIIDIjCCAgqgAwIBAgIMVRJquRMxIN9nRLG4MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n"
1644 "BgNVBAMTBENBLTAwIhgPMjAxNTAzMjUwNzU4NDlaGA85OTk5MTIzMTIzNTk1OVow\n"
1645 "EzERMA8GA1UEChMIc2VydmVyLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
1646 "AoIBAQDEiLbqiSgPhAlwQXdn6Z7EoYMRiNHX+6cnlI195lv5LPdupiZ7EPF6y8rs\n"
1647 "H/PyRwLhOuhfyAbBibBTWKt1n100UqAcr0Z/l2+zBorc/APhKrysDlWyYUjs/Ly1\n"
1648 "pNQ4V9POpuCqEcPsGWcSr3ULqdRH2PoguWoF0el59fOyioUV+PbKAHPxs342fqu0\n"
1649 "Plk3Bru4kf4R0U3L1r0DogFUYmjhGyhxKAezEikQGgrwlo30LD/31uuzJWs5x1+l\n"
1650 "sGOKHIfxiWlBS8781QKuIWHT8Z+qsnPXobQ4ss2jF4qHjwIesJr8vq0OP2mQ/Ilh\n"
1651 "WwcNJJtWwHE6O6Vj1kWUQ9kDuWQ3AgMBAAGjdjB0MAwGA1UdEwEB/wQCMAAwEwYD\n"
1652 "VR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQU8U1K\n"
1653 "y6Tq/tczkOCK7CZhUAiuUcwwHwYDVR0jBBgwFoAUvSbAZPs2w5eQBjoLYPh+uKyj\n"
1654 "ZzswDQYJKoZIhvcNAQELBQADggEBAG2H5HeItTKZVgNd2hFPfi0QUvheX8mjMniV\n"
1655 "uaS/1zDSvAJOJue2GEpiYeTLvjd4WA5J09ZRSAuVWR9hg44m17TF2pod3YFBfGwx\n"
1656 "8RkEp5W8LBdwPzcgbLVxkWmwZTo1v4Xv679uyVTeB306vfkTrsa0C82S5zJd1Wyt\n"
1657 "/bFaNnxxb6KzVhFEctaVPVZdwrj7Q6XASH1oCfe/l50UcUkK853cXhV3CNJ8OUOY\n"
1658 "h8O7FN/s5oZ23R9eX2D9mHJ/ccucv46ofAmQ9TjLZIACp89IfoMf61MOUG51BIlt\n"
1659 "t494m704KMI2Y4hci5fHZ4UbcykjNpwkAMnCuk0K8K4gAFT6SZ8=\n"
1660 "-----END CERTIFICATE-----\n",
1663 "-----BEGIN CERTIFICATE-----\n"
1664 "MIIC/zCCAeegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n"
1665 "MCIYDzIwMTUwMzI1MDc1ODQ5WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n"
1666 "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUEBLGhjEj8pLO\n"
1667 "cU3UVmC+FcN3OKXH5lqm4pdxP6rbk0C9WKgavGV9MfEali767BaLHaEzxdCpcbxr\n"
1668 "YdBKFcij7ucF9YqpoDD5HnMLhOEHKnQD0nk5wWYw7Q9ULy0wqEy15nfDdunDbYK5\n"
1669 "TG7K2nsKcyPkEs637bJPBSOVSpn7mT49OnpSNpZcD361SqRh+OY8Iorr1m9DsrfW\n"
1670 "8J9JCf4VlaL821PzoA/EEReabPI9TM10QYpN4J0JQsQnmuU/0WdaEJtq4pFZIZfJ\n"
1671 "WtGGS6GX5faOkyMj5SuunZIjLal/+GRSVk1m3vfmDUp4MVKAqfqQ068Ix/aLEipX\n"
1672 "8mNnyp95AgMBAAGjYjBgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0eAQH/BBMwEaAP\n"
1673 "MA2CC2V4YW1wbGUuY29tMA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYEFL0mwGT7\n"
1674 "NsOXkAY6C2D4friso2c7MA0GCSqGSIb3DQEBCwUAA4IBAQBSfcTha0878cAy3Peg\n"
1675 "V9z+5rNr7/3Awf5HRTRr2VAATloXJ7iyvuvWmPlIKek40W+Xh4aHjZLjdfuPWyeV\n"
1676 "EXAcEEwhxY4t8NRATzgBy8WyP64LRQnFsmo4p5VbT0ddcqUqwDDYgbNPdLmfLUwV\n"
1677 "JS5DNFSsDco5Ng1DoQCLoIkuLMwD7g7YfMyUq8HupEI9TuhcXC5FUZbt0KjkQk9c\n"
1678 "fbBiEvZcxlmLQRiC0sWFmuBteMyrnw3Y68jpl12ORyB/oVpCvXlYm4ViCCh5uyx3\n"
1679 "Ml+FbR8ws+dEvGKmer50Lfw6/WSyEb/zWlLUUqClbJChLVnGMjgvwUqrLSKUcUw6\n"
1681 "-----END CERTIFICATE-----\n",
1690 unsigned int verify_flags;
1691 unsigned int expected_verify_result;
1692 const char *purpose;
1693 time_t expected_time;
1696 { "CVE-2014-0092", cve_2014_0092_check, &cve_2014_0092_check[1],
1698 GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL, 1412850586},
1699 { "CVE-2008-4989", cve_2008_4989_chain, &cve_2008_4989_chain[2],
1701 GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL},
1702 { "amazon.com ok", verisign_com_chain_g5, &verisign_com_chain_g5[4],
1703 GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LOW),
1705 { "verisign.com v1 fail", verisign_com_chain, &verisign_com_chain[3],
1707 GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL},
1708 { "verisign.com v1 ok", verisign_com_chain, &verisign_com_chain[3],
1709 GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LOW),
1711 { "verisign.com v1 not ok due to profile", verisign_com_chain, &verisign_com_chain[3],
1712 GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LEGACY),
1713 GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
1714 { "verisign.com v1 not ok due to profile", verisign_com_chain, &verisign_com_chain[3],
1715 GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_HIGH),
1716 GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
1717 { "citibank.com v1 fail", citibank_com_chain, &citibank_com_chain[2],
1718 GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL},
1719 { "expired self signed", pem_self_cert, &pem_self_cert[0],
1720 0, GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL},
1721 { "self signed", pem_self_cert, &pem_self_cert[0],
1722 GNUTLS_VERIFY_DISABLE_TIME_CHECKS, 0, NULL},
1723 { "ca=false", thea_chain, &thea_chain[1],
1725 GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL},
1726 { "ca=false2", thea_chain, &thea_chain[1],
1727 0, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL},
1728 { "hbci v1 fail", hbci_chain, &hbci_chain[2],
1729 GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL},
1730 { "hbci v1 ok expired", hbci_chain, &hbci_chain[2],
1732 GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL},
1733 { "hbci v1 ok", hbci_chain, &hbci_chain[2],
1734 GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
1736 { "rsa-md5 fail", mayfirst_chain, &mayfirst_chain[1],
1737 GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
1738 GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
1739 { "rsa-md5 not ok", mayfirst_chain, &mayfirst_chain[1],
1740 GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2,
1741 GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
1742 { "rsa-md5 not ok2", mayfirst_chain, &mayfirst_chain[1],
1743 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5,
1744 GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL},
1745 { "rsa-md5 ok", mayfirst_chain, &mayfirst_chain[1],
1746 GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5, 0, NULL},
1747 { "v1ca fail", v1ca, &v1ca[2],
1748 GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL},
1750 { "pathlen fail", pathlen_check, &pathlen_check[2],
1751 GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT | GNUTLS_VERIFY_DISABLE_TIME_CHECKS, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, NULL},
1753 /* Test whether a V1 root certificate is correctly accepted */
1754 { "v1root fail", v1_root_check, &v1_root_check[1],
1755 GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT | GNUTLS_VERIFY_DISABLE_TIME_CHECKS, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL},
1756 { "v1root ok", v1_root_check, &v1_root_check[1],
1757 GNUTLS_VERIFY_DISABLE_TIME_CHECKS, 0, NULL},
1759 /* test whether a v1 intermediate certificate is rejected */
1760 { "v1invalid fail", v1_intermed_check, &v1_intermed_check[2],
1761 GNUTLS_VERIFY_DISABLE_TIME_CHECKS, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL},
1762 { "v1 leaf ok", &v1_intermed_check[1], &v1_intermed_check[2],
1763 GNUTLS_VERIFY_DISABLE_TIME_CHECKS, 0, NULL},
1765 { "v1ca expired", v1ca, &v1ca[2],
1767 GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID , NULL},
1768 { "v1ca ok", v1ca, &v1ca[2],
1769 GNUTLS_VERIFY_DISABLE_TIME_CHECKS,
1771 { "v1ca2 expired", v1ca, &v1ca[2],
1772 GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT,
1773 GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL},
1774 { "v1ca2 ok", v1ca, &v1ca[2],
1775 GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT,
1777 { "cacertrsamd5 fail", cacertrsamd5, &cacertrsamd5[2],
1778 0, GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
1779 { "cacertrsamd5 ok", cacertrsamd5, &cacertrsamd5[2],
1780 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5, 0, NULL},
1781 { "cacertrsamd5 short-cut not ok", cacertrsamd5, &cacertrsamd5[0],
1782 GNUTLS_VERIFY_DO_NOT_ALLOW_SAME,
1783 GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
1784 { "cacertrsamd5 short-cut ok", cacertrsamd5, &cacertrsamd5[1],
1786 { "ecc cert ok", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_HIGH), 0, NULL},
1787 { "ecc cert ok", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB128), 0, NULL},
1788 { "ecc cert not ok (due to profile)", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA),
1789 GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
1790 { "ecc cert not ok (due to profile)", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB192),
1791 GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL},
1792 { "name constraints chain ok1", nc_good1, &nc_good1[4], 0, 0, NULL, 1412850586},
1793 { "name constraints chain bad1", nc_bad1, &nc_bad1[2], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, NULL, 1412850586},
1794 { "name constraints chain bad2", nc_bad2, &nc_bad2[4], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, NULL, 1412850586},
1795 { "name constraints chain bad3", nc_bad3, &nc_bad3[2], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, NULL, 1412850586},
1796 { "not-modified", modified2, &modified2[3], 0, 0, NULL, 1412850586},
1797 { "kp-interm", kp_fail1, &kp_fail1[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_PURPOSE_MISMATCH, GNUTLS_KP_TLS_WWW_SERVER, 1412850586},
1798 { "kp-fin", kp_fail2, &kp_fail2[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_PURPOSE_MISMATCH, GNUTLS_KP_TLS_WWW_SERVER, 1412850586},
1799 { "kp-ok", kp_ok, &kp_ok[3], 0, 0, GNUTLS_KP_OCSP_SIGNING, 1412850586},
1800 { "name constraints no name", name_constraints_but_no_name, &name_constraints_but_no_name[2], 0, 0, 0, 1427270515},
1801 { NULL, NULL, NULL, 0, 0}
projects / platform / upstream / gnutls.git / blob