1; Most/all of these test chains use the same structure: 2; root -> ica1 -> ica2 -> ee 3; "ica1" is "Intermediate CA 1" 4; "ee" is "end-entity", i.e. the client or server certificate itself 5; 6; In SSL/TLS order, the EE comes first. The root may or may not be included 7; as a self-signed certificate. 8 9[key] 10name = root-rsa2048 11type = RSA 12n = B6D934D450FDB3AF7A73F1CE38BF5D6F45E1FD4EB198C6608326D217D1C5B79AA3C1DE6339979CF05E5CC81C17B988196DF0B62E3050A1546E93C0DBCF30CB9F1E2779F1C3995235AA3DB6DFB0AD7CCB49CDC0EDE766102AE9CE281F2150FA774C2DDAEF3C58EB4EBFCEE9FB1ADAA383A3CDA3CA9380DCDAF317CC7AAB33809CB2D47F463FC53CDC6194B727296E2ABC5B0936D4C63B0DEBBECEDB1D1CBC106A7171B3F2CA289A77F28AEC42EFB14A8EE2F21A322ACDC0A6462C9AC28537917F46A19381A17466DFBAB339209193FA1DA1A885E7E4F907F610F6A82701B67F12C340C3C9E2B0AB49183A64B659B795B59636DF2269AA726A544E2729A30E9715 13e = 010001 14 15[key] 16name = root-p256 17type = EC 18curve = P-256 19q = 047174BAABB9302E81D5E557F9F320680C9CF964DBB4200D6DEA40D04A6E42FDB69A682544F6DF7BC4FCDEDD7BBBC5DB7C763F4166406EDBA787C2E5D8C5F37F8D 20 21[key] 22name = root-p384 23type = EC 24curve = P-384 25q = 040ED28B3F7F0A38A6DB72CB4DAC8198C3D595BFABEE2E4A3CC6797F1A272C57AD715F96B5FDA29C4DD87B75B1438B6A92C4FD0282A3080A857F28AB31FF8B49F805470A01EE551F7F27C914E7E780AE474558D6F5539BAE806626514FE560478B 26 27[key] 28name = root-p521 29type = EC 30curve = P-521 31q = 040168E669615D1B20F2E753D2C86312F51094D3E5C6CF49E8D73418278CD769FE40A84AD4F34865D59D94D5685B389E0CFD0450754CAE81ED1D4A91D0773F7A002ED701DEF2DBDEFC7554E74CD600693DBDE1A7E09CD9044774C744C7CE575BF8B645FF79FCCE06116F61D44FDAE62D3046F4EB41DECB8219B279A5B8CE2A47F3DF0D463B 32 33[key] 34name = root-new 35type = EC 36curve = P-256 37q = 0465D02336D3ACEB9A000B33A6EECA9745EFD72A0F7C0B138FAAA564E705A3269A479BB5A041DC1D244EA1D2BB9639C79187D3D63CEF79EDD1DC65E80027E75997 38 39[key] 40name = ica1-rsa2048 41type = RSA 42n = B3E86BAF9C1652E3810C50AB25CECC0DC7F21F7F50DF2C5C35D6622E632741A7E453A84B27FA1391A3FA094A2F3B5ECF77B38AC1CD49959C750D6474EFE4D74BB9A19B68D2307148EAF74B14DF3F47A9D8BBEC8F28CCFADFB41F947C96FC080528F9E8F42F2FEE629C8A3AE0855860B60F2D30B4C04154914C1F5FADF119F0C022A67DD83F793459427B5BB541C4647F52CF3C3722A12F7925942441C23FFAC775FB48B50D18A7F454F32E6ED84358C4AB50E805AD91B61E0175B3549CDEA09915FBACF15C974951CCEF58126F736BB33414010F5A9DFAAAD693D3E2EAC3ABBC4EEDCC51A1B8F894B6B42CA8862B1FF6514329525E1389B36A78604E4EC01BA5 43e = 010001 44 45[key] 46name = ica2-rsa2048 47type = RSA 48n = AE15F7CBEEE3961BCA63D22681B2D8163423735684FCFDB2E98E9DD0D9D0D706A191EF8D4F604E16BDE6529EE557867B7A7FFCBC34AD86EC9150ADD5C7D18D83E95ABA2FDB0DB92131FAA2FD91EC37836261809C6A82253309DF8F7893EACFDB93B0A2687CEA873E369C4B379A71E52084C3789A2BA42C7E76D561A9131272F14B411BC6A555BA9D8965C06699C0F17C9B61B24E6601B0A9C4FDC8C1D0C789BE2746DE6271BA27F52A850F436026BC2A9D07AAD608DC26D86956A1D308DED858936B0EC2AF783E2574D49F001820BFD7158DB9D13D8900A01264E186C0D580F124B2D2FB4C677CAE3DC9BF47026DE47C0D4490518CCD026237F86FB96701C695 49e = 010001 50 51[key] 52name = ee-rsa2048 53type = RSA 54n = D47A1D27BA2B3A67B2916AFBE78344CAED1C75ADDD4D8362D6AA6895B224217B15AE2A996815ED66F0B858E7D3F52EC6D92A5EE70E2EE7FC6759C0C8617D4BA46FDD9FD9C8858764C7BA1A0F29D496A8789A6B6220A932D0EEA98C286147A2502A63F621DEDAD8D5F07FC5008270E6A3BF5C89274F51927703C3B0CC2E3BEC23F22F5341AF8993FFD280B14397DED619A092127A3D6679E1C1BCE17770A28B3D4684533FE44E424137921E1FFD38B3F7EF873980D356CFF4E013DE64B072A40384C441ED6FFA3EE2CA0420D2D7DC2C822B7AE26DA11C48DBCF894F34973D28A853DAE7C1E17315A330767F8F2342143D5134D25AAD3C9BCBC8FE7F6E8E40F3BD 55e = 010001 56 57[key] 58name = ee-p256 59type = EC 60curve = P-256 61q = 045F389DA7FF4D8AAFF63439461AFC3ADFF423AAA9EAFBC508DE008EBE79A537584C6DDD01CAAB47DF89B6C7171F38FC1D2014DD45C0E08F934E380BFCE999A149 62 63[key] 64name = ee-p384 65type = EC 66curve = P-384 67q = 0415A488877F3D14830E29A1C2F2C0745CE8CF5E684304D1668972389BA615B34E9648D5A7861E49DFFFBFFFEAD7FC6AF11BC4516C3557332DD86DDFDE2A236CCEA844EBD594CCD3ED5B7AE0061BD6595737B59FE754BCDAB6FE38D34D93DBBF30 68 69[key] 70name = ee-p521 71type = EC 72curve = P-521 73q = 040060547ACA9D520FB3272833236CBF8E71AC286A3001FBB1E2C3FD8BAB0817DDE4E4FA53550F120D678F4D55AE4FF36C7C8EAE9E32A08A44FC66F45331E08946077A0139B87FE54B986012A94838C8006034941CD0512E596436D2E8E61CA93585D5C06EAD5094585B5B2A3E013803B3E6AAA1D4156EF09E8352029BB70AC6BF338F918B 74 75; Trust anchor: the root. 76[anchor] 77name = root 78DN_file = dn-root.der 79key = root-rsa2048 80type = CA 81 82; Trust anchor: root with an ECDSA key (in P-256 curve) 83[anchor] 84name = root-p256 85DN_file = dn-root.der 86key = root-p256 87type = CA 88 89; Trust anchor: root with an ECDSA key (in P-384 curve) 90[anchor] 91name = root-p384 92DN_file = dn-root.der 93key = root-p384 94type = CA 95 96; Trust anchor: root with an ECDSA key (in P-521 curve) 97[anchor] 98name = root-p521 99DN_file = dn-root.der 100key = root-p521 101type = CA 102 103; Trust anchor: another root with an ECDSA key (in P-256 curve) 104[anchor] 105name = root-new 106DN_file = dn-root-new.der 107key = root-new 108type = CA 109 110; Intermediate CA 1 as trust anchor. 111[anchor] 112name = ica1 113DN_file = dn-ica1.der 114key = ica1-rsa2048 115type = CA 116 117; Intermediate CA 2 as trust anchor. 118[anchor] 119name = ica2 120DN_file = dn-ica2.der 121key = ica2-rsa2048 122type = CA 123 124; EE certificate as trust anchor (direct trust only). 125[anchor] 126name = ee 127DN_file = dn-ee.der 128key = ee-rsa2048 129type = EE 130 131; Base valid chain. 132[chain] 133name = base 134anchors = root 135chain = ee.crt ica2.crt ica1.crt 136servername = www.example.com 137keytype = RSA 138keyusage = KEYX 139eekey = ee-rsa2048 140status = 0 141 142; Valid chain except that no trust anchor is provided; this should fail 143; with BR_ERR_X509_NOT_TRUSTED. 144[chain] 145name = noTA 146anchors = 147chain = ee.crt ica2.crt ica1.crt 148servername = www.example.com 149keytype = RSA 150keyusage = KEYX 151status = 62 152 153; Use of intermediate CA 1 as anchor (extra certificates are ignored). 154[chain] 155name = anchorICA1 156anchors = ica1 157chain = ee.crt ica2.crt junk.crt junk.crt 158servername = www.example.com 159keytype = RSA 160keyusage = KEYX 161eekey = ee-rsa2048 162status = 0 163 164; Use of intermediate CA 2 as anchor (extra certificates are ignored). 165[chain] 166name = anchorICA2 167anchors = ica2 168chain = ee.crt junk.crt junk.crt 169servername = www.example.com 170keytype = RSA 171keyusage = KEYX 172eekey = ee-rsa2048 173status = 0 174 175; Direct trust of EE. 176[chain] 177name = directTrust 178anchors = ee 179chain = ee.crt junk.crt junk.crt 180servername = www.example.com 181keytype = RSA 182keyusage = KEYX 183eekey = ee-rsa2048 184status = 0 185 186; Server name check: name does not match the SAN nor the CN. 187[chain] 188name = wrongName1 189anchors = root 190chain = ee.crt ica2.crt ica1.crt 191servername = foo.example.com 192keytype = RSA 193keyusage = KEYX 194status = 56 195 196; Server name check: name matches the CN but not the SAN, and there is 197; a SAN so the CN is ignored. 198[chain] 199name = wrongName2 200anchors = root 201chain = ee-names.crt ica2.crt ica1.crt 202servername = www.example.com 203keytype = RSA 204keyusage = KEYX 205status = 56 206 207; Server name check: name does not match CN, but matches the first SAN 208; name. 209[chain] 210name = goodName1 211anchors = root 212chain = ee-names.crt ica2.crt ica1.crt 213servername = foo.example.com 214keytype = RSA 215keyusage = KEYX 216eekey = ee-rsa2048 217status = 0 218 219; Server name check: name does not match CN, but matches the second SAN 220; name. 221[chain] 222name = goodName2 223anchors = root 224chain = ee-names.crt ica2.crt ica1.crt 225servername = barqux.example.com 226keytype = RSA 227keyusage = KEYX 228eekey = ee-rsa2048 229status = 0 230 231; Server name check: no SAN, but the CN matches the server name. 232[chain] 233name = goodName3 234anchors = root 235chain = ee-names2.crt ica2.crt ica1.crt 236servername = www.example.com 237keytype = RSA 238keyusage = KEYX 239eekey = ee-rsa2048 240status = 0 241 242; Server name check: no SAN, and the CN does not match the server name. 243[chain] 244name = wrongName3 245anchors = root 246chain = ee-names2.crt ica2.crt ica1.crt 247servername = foo.example.com 248keytype = RSA 249keyusage = KEYX 250status = 56 251 252; Server name check: no SAN, and the CN does not match the server name, 253; although its byte contents seem to match (but with BMPString encoding). 254[chain] 255name = wrongName4 256anchors = root 257chain = ee-names3.crt ica2.crt ica1.crt 258servername = www1.example.com 259keytype = RSA 260keyusage = KEYX 261status = 56 262 263; Server name check: no SAN, and the CN uses BMPString encoding, but we 264; do not actually request a server name check, so this should pass. 265[chain] 266name = ignoreName1 267anchors = root 268chain = ee-names3.crt ica2.crt ica1.crt 269keytype = RSA 270keyusage = KEYX 271eekey = ee-rsa2048 272status = 0 273 274; Wildcard processing: the name 'localhost' should not match because 275; the engine recognises the wildcard only in a '*.' starting sequence, 276; so the lone '*' in a SAN will not be accepted. 277[chain] 278name = wildcard1 279anchors = root 280chain = ee-names4.crt ica2.crt ica1.crt 281servername = localhost 282keytype = RSA 283keyusage = KEYX 284status = 56 285 286; Wildcard processing: the name 'example.com' will be matched by '*.com'. 287[chain] 288name = wildcard2 289anchors = root 290chain = ee-names4.crt ica2.crt ica1.crt 291servername = example.com 292keytype = RSA 293keyusage = KEYX 294eekey = ee-rsa2048 295status = 0 296 297; Wildcard processing: the name 'www.example.com' will be matched by 298; '*.example.com'. 299[chain] 300name = wildcard3 301anchors = root 302chain = ee-names4.crt ica2.crt ica1.crt 303servername = www.example.com 304keytype = RSA 305keyusage = KEYX 306eekey = ee-rsa2048 307status = 0 308 309; Wildcard processing: the name 'foo.foo.example.com' will not be matched by 310; 'foo.*.example.com' because we accept the wildcard only in the first name 311; component. 312[chain] 313name = wildcard4 314anchors = root 315chain = ee-names4.crt ica2.crt ica1.crt 316servername = foo.foo.example.com 317keytype = RSA 318keyusage = KEYX 319status = 56 320 321; Wildcard processing: the name 'foo.bar.example.com' will not be matched by 322; 'foo.*.example.com', but '*.bar.example.com' will fit. 323[chain] 324name = wildcard5 325anchors = root 326chain = ee-names4.crt ica2.crt ica1.crt 327servername = foo.bar.example.com 328keytype = RSA 329keyusage = KEYX 330eekey = ee-rsa2048 331status = 0 332 333; Wildcard processing: the name 'foo.bar.example.foobar' will not be matched by 334; '*.*.example.foobar' because we support only a single level of wildcard. 335[chain] 336name = wildcard6 337anchors = root 338chain = ee-names4.crt ica2.crt ica1.crt 339servername = foo.bar.example.foobar 340keytype = RSA 341keyusage = KEYX 342status = 56 343 344; Wildcard processing: the name 'foo.*.example.foobar' will be matched 345; by '*.*.example.foobar' because the '*' in the provided server name matches 346; the second '*' in '*.*.example.foobar'. This is a corner case with no 347; practical impact because expected server names are usually extracted from 348; URL and cannot have embedded '*' in them. 349[chain] 350name = wildcard7 351anchors = root 352chain = ee-names4.crt ica2.crt ica1.crt 353servername = foo.*.example.com 354keytype = RSA 355keyusage = KEYX 356eekey = ee-rsa2048 357status = 0 358 359; Hash function support: the chain uses only SHA-256. 360[chain] 361name = hashSHA256Only 362anchors = root 363chain = ee.crt ica2.crt ica1.crt 364servername = www.example.com 365keytype = RSA 366keyusage = KEYX 367hashes = sha256 368eekey = ee-rsa2048 369status = 0 370 371; Hash function support: the chain uses only SHA-256. 372[chain] 373name = hashSHA256Unsupported 374anchors = root 375chain = ee.crt ica2.crt ica1.crt 376servername = www.example.com 377keytype = RSA 378keyusage = KEYX 379hashes = md5 sha1 sha224 sha384 sha512 380status = 49 381 382; Hash function support: signature on EE uses SHA-1. 383[chain] 384name = hashSHA1 385anchors = root 386chain = ee-sha1.crt ica2.crt ica1.crt 387servername = www.example.com 388keytype = RSA 389keyusage = KEYX 390eekey = ee-rsa2048 391status = 0 392 393; Hash function support: signature on EE uses SHA-224. 394[chain] 395name = hashSHA224 396anchors = root 397chain = ee-sha224.crt ica2.crt ica1.crt 398servername = www.example.com 399keytype = RSA 400keyusage = KEYX 401eekey = ee-rsa2048 402status = 0 403 404; Hash function support: signature on EE uses SHA-384. 405[chain] 406name = hashSHA384 407anchors = root 408chain = ee-sha384.crt ica2.crt ica1.crt 409servername = www.example.com 410keytype = RSA 411keyusage = KEYX 412eekey = ee-rsa2048 413status = 0 414 415; Hash function support: signature on EE uses SHA-512. 416[chain] 417name = hashSHA512 418anchors = root 419chain = ee-sha512.crt ica2.crt ica1.crt 420servername = www.example.com 421keytype = RSA 422keyusage = KEYX 423eekey = ee-rsa2048 424status = 0 425 426; Hash function support: signature on EE uses MD5. This is rejected by 427; the engine (even though MD5 is supported as a hash function). 428[chain] 429name = hashMD5 430anchors = root 431chain = ee-md5.crt ica2.crt ica1.crt 432servername = www.example.com 433keytype = RSA 434keyusage = KEYX 435status = 49 436 437; EE certificate has trailing garbage (an extra byte), which should be 438; rejected. 439[chain] 440name = trailingGarbage 441anchors = root 442chain = ee-trailing.crt ica2.crt ica1.crt 443servername = www.example.com 444keytype = RSA 445keyusage = KEYX 446status = 40 447 448; Signature on EE certificate is incorrect (one byte modified in signature). 449[chain] 450name = badSignature1 451anchors = root 452chain = ee-badsig1.crt ica2.crt ica1.crt 453servername = www.example.com 454keytype = RSA 455keyusage = KEYX 456status = 52 457 458; Signature on EE certificate is incorrect (one byte modified in serial 459; number). 460[chain] 461name = badSignature2 462anchors = root 463chain = ee-badsig2.crt ica2.crt ica1.crt 464servername = www.example.com 465keytype = RSA 466keyusage = KEYX 467status = 52 468 469; Signature on EE certificate is incorrect but this is ignored because we 470; use a direct trust model here. 471[chain] 472name = ignoredSignature1 473anchors = ee 474chain = ee-badsig1.crt ica2.crt ica1.crt 475servername = www.example.com 476keytype = RSA 477keyusage = KEYX 478eekey = ee-rsa2048 479status = 0 480 481; Signature on EE certificate is incorrect but this is ignored because we 482; use a direct trust model here. 483[chain] 484name = ignoredSignature2 485anchors = ee 486chain = ee-badsig2.crt ica2.crt ica1.crt 487servername = www.example.com 488keytype = RSA 489keyusage = KEYX 490eekey = ee-rsa2048 491status = 0 492 493; Intermediate CA 1 has a 1016-bit RSA key, which should be rejected 494; with BR_ERR_X509_WEAK_PUBLIC_KEY. 495[chain] 496name = rsa1016 497anchors = root 498chain = ee.crt ica2-1016.crt ica1-1016.crt 499servername = www.example.com 500keytype = RSA 501keyusage = KEYX 502status = 60 503 504; Intermediate CA 1 has a 1017-bit RSA key, which should be accepted 505; (because that's 128 bytes, which is the lower limit). 506[chain] 507name = rsa1017 508anchors = root 509chain = ee.crt ica2-1017.crt ica1-1017.crt 510servername = www.example.com 511keytype = RSA 512keyusage = KEYX 513eekey = ee-rsa2048 514status = 0 515 516; Intermediate CA 1 has a 4096-bit RSA key, which should be supported. 517[chain] 518name = rsa4096 519anchors = root 520chain = ee.crt ica2-4096.crt ica1-4096.crt 521servername = www.example.com 522keytype = RSA 523keyusage = KEYX 524eekey = ee-rsa2048 525status = 0 526 527; EE is valid from 2010/02/17 11:40:35 to 2098/07/20 15:11:08. The 528; start date is in UTCTime, the end date is in GeneralizedTime. 529[chain] 530name = date1 531anchors = ica2 532chain = ee-dates.crt ica2.crt ica1.crt 533time = 2010-02-17 11:40:34Z 534servername = www.example.com 535keytype = RSA 536keyusage = KEYX 537status = 54 538 539; EE is valid from 2010/02/17 11:40:35 to 2098/07/20 15:11:08. The 540; start date is in UTCTime, the end date is in GeneralizedTime. 541[chain] 542name = date2 543anchors = ica2 544chain = ee-dates.crt ica2.crt ica1.crt 545time = 2010-02-17 11:40:36Z 546servername = www.example.com 547keytype = RSA 548keyusage = KEYX 549eekey = ee-rsa2048 550status = 0 551 552; EE is valid from 2010/02/17 11:40:35 to 2098/07/20 15:11:08. The 553; start date is in UTCTime, the end date is in GeneralizedTime. 554[chain] 555name = date3 556anchors = ica2 557chain = ee-dates.crt ica2.crt ica1.crt 558time = 2098-07-20 15:11:07Z 559servername = www.example.com 560keytype = RSA 561keyusage = KEYX 562eekey = ee-rsa2048 563status = 0 564 565; EE is valid from 2010/02/17 11:40:35 to 2098/07/20 15:11:08. The 566; start date is in UTCTime, the end date is in GeneralizedTime. 567[chain] 568name = date4 569anchors = ica2 570chain = ee-dates.crt ica2.crt ica1.crt 571time = 2098-07-20 15:11:09Z 572servername = www.example.com 573keytype = RSA 574keyusage = KEYX 575status = 54 576 577; Intermediate CA 2 certificate is not a CA. 578[chain] 579name = notCA 580anchors = root 581chain = ee-dates.crt ica2-notCA.crt ica1.crt 582servername = www.example.com 583keytype = RSA 584keyusage = KEYX 585status = 58 586 587; A chain using ECDSA with P-256. 588[chain] 589name = secp256r1 590anchors = root-p256 591chain = ee-p256.crt ica2-p256.crt ica1-p256.crt 592servername = www.example.com 593keytype = EC 594keyusage = SIGN 595eekey = ee-p256 596status = 0 597 598; A chain using ECDSA with P-384. 599[chain] 600name = secp384r1 601anchors = root-p384 602chain = ee-p384.crt ica2-p384.crt ica1-p384.crt 603servername = www.example.com 604keytype = EC 605keyusage = SIGN 606eekey = ee-p384 607status = 0 608 609; A chain using ECDSA with P-521. 610[chain] 611name = secp521r1 612anchors = root-p521 613chain = ee-p521.crt ica2-p521.crt ica1-p521.crt 614servername = www.example.com 615keytype = EC 616keyusage = SIGN 617eekey = ee-p521 618status = 0 619 620; A chain using ECDSA with P-256, signature on EE uses SHA-1. 621[chain] 622name = secp256r1-sha1 623anchors = root-p256 624chain = ee-p256-sha1.crt ica2-p256.crt ica1-p256.crt 625servername = www.example.com 626keytype = EC 627keyusage = SIGN 628eekey = ee-p256 629status = 0 630 631; A chain using ECDSA with P-256, signature on EE uses SHA-224. 632[chain] 633name = secp256r1-sha224 634anchors = root-p256 635chain = ee-p256-sha224.crt ica2-p256.crt ica1-p256.crt 636servername = www.example.com 637keytype = EC 638keyusage = SIGN 639eekey = ee-p256 640status = 0 641 642; A chain using ECDSA with P-256, signature on EE uses SHA-256. 643[chain] 644name = secp256r1-sha256 645anchors = root-p256 646chain = ee-p256-sha256.crt ica2-p256.crt ica1-p256.crt 647servername = www.example.com 648keytype = EC 649keyusage = SIGN 650eekey = ee-p256 651status = 0 652 653; A chain using ECDSA with P-256, signature on EE uses SHA-384. 654[chain] 655name = secp256r1-sha384 656anchors = root-p256 657chain = ee-p256-sha384.crt ica2-p256.crt ica1-p256.crt 658servername = www.example.com 659keytype = EC 660keyusage = SIGN 661eekey = ee-p256 662status = 0 663 664; A chain using ECDSA with P-256, signature on EE uses SHA-512. 665[chain] 666name = secp256r1-sha512 667anchors = root-p256 668chain = ee-p256-sha512.crt ica2-p256.crt ica1-p256.crt 669servername = www.example.com 670keytype = EC 671keyusage = SIGN 672eekey = ee-p256 673status = 0 674 675; EE certificate has a Certificate Policies extension, but it is not 676; critical. 677[chain] 678name = certpol-noncrit 679anchors = root-new 680chain = ee-cp1.crt 681servername = www.example.com 682keytype = RSA 683keyusage = KEYX 684eekey = ee-rsa2048 685status = 0 686 687; EE certificate has a critical Certificate Policies extension, but it 688; contains no policy qualifier. 689[chain] 690name = certpol-noqual 691anchors = root-new 692chain = ee-cp2.crt 693servername = www.example.com 694keytype = RSA 695keyusage = KEYX 696eekey = ee-rsa2048 697status = 0 698 699; EE certificate has a critical Certificate Policies extension, and it 700; contains some qualifiers, but they are all id-qt-cps. 701[chain] 702name = certpol-qualcps 703anchors = root-new 704chain = ee-cp3.crt 705servername = www.example.com 706keytype = RSA 707keyusage = KEYX 708eekey = ee-rsa2048 709status = 0 710 711; EE certificate has a critical Certificate Policies extension, and it 712; contains a qualifier distinct from id-qt-cps. This implies rejection 713; of the path. 714[chain] 715name = certpol-qualother 716anchors = root-new 717chain = ee-cp4.crt 718servername = www.example.com 719keytype = RSA 720keyusage = KEYX 721eekey = ee-rsa2048 722status = 57 723