1*62c56f98SSadaf EbrahimiThis directory contains the certificates for the tests targeting the enforcement of the policy indicated by the *pathLenConstraint* field. All leaf elements were generated with *is_ca* unset and all roots with the *selfsign=1* option. 2*62c56f98SSadaf Ebrahimi 3*62c56f98SSadaf Ebrahimi1. zero pathlen constraint on an intermediate CA (invalid) 4*62c56f98SSadaf Ebrahimi``` 5*62c56f98SSadaf Ebrahimicert11.crt -> cert12.crt (max_pathlen=0) -> cert13.crt -> cert14.crt 6*62c56f98SSadaf Ebrahimi``` 7*62c56f98SSadaf Ebrahimi 8*62c56f98SSadaf Ebrahimi2. zero pathlen constraint on the root CA (invalid) 9*62c56f98SSadaf Ebrahimi``` 10*62c56f98SSadaf Ebrahimicert21.crt (max_pathlen=0) -> cert22.crt -> cert23.crt 11*62c56f98SSadaf Ebrahimi``` 12*62c56f98SSadaf Ebrahimi 13*62c56f98SSadaf Ebrahimi3. nonzero pathlen constraint on the root CA (invalid) 14*62c56f98SSadaf Ebrahimi``` 15*62c56f98SSadaf Ebrahimicert31.crt (max_pathlen=1) -> cert32.crt -> cert33.crt -> cert34.crt 16*62c56f98SSadaf Ebrahimi``` 17*62c56f98SSadaf Ebrahimi 18*62c56f98SSadaf Ebrahimi4. nonzero pathlen constraint on an intermediate CA (invalid) 19*62c56f98SSadaf Ebrahimi``` 20*62c56f98SSadaf Ebrahimicert41.crt -> cert42.crt (max_pathlen=1) -> cert43.crt -> cert44.crt -> cert45.crt 21*62c56f98SSadaf Ebrahimi``` 22*62c56f98SSadaf Ebrahimi 23*62c56f98SSadaf Ebrahimi5. nonzero pathlen constraint on an intermediate CA with maximum number of elements in the chain (valid) 24*62c56f98SSadaf Ebrahimi``` 25*62c56f98SSadaf Ebrahimicert51.crt -> cert52.crt (max_pathlen=1) -> cert53.crt -> cert54.crt 26*62c56f98SSadaf Ebrahimi``` 27*62c56f98SSadaf Ebrahimi 28*62c56f98SSadaf Ebrahimi6. nonzero pathlen constraint on the root CA with maximum number of elements in the chain (valid) 29*62c56f98SSadaf Ebrahimi``` 30*62c56f98SSadaf Ebrahimicert61.crt (max_pathlen=1) -> cert62.crt -> cert63.crt 31*62c56f98SSadaf Ebrahimi``` 32*62c56f98SSadaf Ebrahimi 33*62c56f98SSadaf Ebrahimi7. pathlen constraint on the root CA with maximum number of elements and a self signed certificate in the chain (valid) 34*62c56f98SSadaf Ebrahimi(This situation happens for example when a root of some hierarchy gets integrated into another hierarchy. In this case the certificates issued before the integration will have an intermadiate self signed certificate in their chain) 35*62c56f98SSadaf Ebrahimi``` 36*62c56f98SSadaf Ebrahimicert71.crt (max_pathlen=1) -> cert72.crt -> cert73.crt (self signed) -> cert74.crt -> cert74.crt 37*62c56f98SSadaf Ebrahimi``` 38*62c56f98SSadaf Ebrahimi 39*62c56f98SSadaf Ebrahimi8. zero pathlen constraint on first intermediate CA (valid) 40*62c56f98SSadaf Ebrahimi``` 41*62c56f98SSadaf Ebrahimicert81.crt -> cert82.crt (max_pathlen=0) -> cert83.crt 42*62c56f98SSadaf Ebrahimi``` 43*62c56f98SSadaf Ebrahimi 44*62c56f98SSadaf Ebrahimi9. zero pathlen constraint on trusted root (valid) 45*62c56f98SSadaf Ebrahimi``` 46*62c56f98SSadaf Ebrahimicert91.crt (max_pathlen=0) -> cert92.crt 47*62c56f98SSadaf Ebrahimi``` 48