badssl.com icon indicating copy to clipboard operation
badssl.com copied to clipboard

Published 20 hours ago verified publisher icon chromium

Feature request: Test incorrect Authority Key ID

Open steamraven opened this issue 3 years ago • 0 comments

Normally a certificate chain is referenced both by

  1. certificate's issuer matches subject of signing certificate
  2. certificate's "certificate authority key ID " matches the "certificate subject key id" of the signing certificate

Chrome seems to only care about the issuer chain and accepts chains with invalid authority keys. CURL and openSSL seem to actually check.

steamraven avatar Sep 08 '21 16:09 steamraven