| OLD | NEW |
|---|
| (Empty) | |
| 1 [Created by: generate-serverauth-ec-ku-keyagreement.py] |
| 2 |
| 3 Certificate chain with 1 intermediate, a trusted root, and a target |
| 4 certificate for serverAuth that has only keyAgreement. |
| 5 |
| 6 Certificate: |
| 7 Data: |
| 8 Version: 3 (0x2) |
| 9 Serial Number: 1 (0x1) |
| 10 Signature Algorithm: sha256WithRSAEncryption |
| 11 Issuer: CN=Intermediate |
| 12 Validity |
| 13 Not Before: Jan 1 12:00:00 2015 GMT |
| 14 Not After : Jan 1 12:00:00 2016 GMT |
| 15 Subject: CN=Target |
| 16 Subject Public Key Info: |
| 17 Public Key Algorithm: id-ecPublicKey |
| 18 Public-Key: (384 bit) |
| 19 pub: |
| 20 04:89:00:ec:91:fd:85:2e:b5:b5:20:92:c4:37:58: |
| 21 6e:73:4f:01:ad:8b:11:6f:9d:fb:ed:3e:a3:af:9c: |
| 22 a9:57:8b:cb:7c:6f:b6:48:c3:1f:5c:20:2c:dd:bb: |
| 23 e9:46:fe:72:b6:97:32:54:42:8d:b1:9d:c1:44:a9: |
| 24 e7:65:a9:43:c0:58:09:3a:14:c9:80:c9:0c:21:c5: |
| 25 4d:29:ec:38:ba:c7:ee:a7:1d:84:f0:29:32:b5:51: |
| 26 1c:c3:7b:ad:ad:61:05 |
| 27 ASN1 OID: secp384r1 |
| 28 X509v3 extensions: |
| 29 X509v3 Subject Key Identifier: |
| 30 79:F8:7F:83:57:2E:9D:63:B5:C6:37:2E:42:A3:49:DA:FC:22:B6:15 |
| 31 X509v3 Authority Key Identifier: |
| 32 keyid:9D:89:35:80:74:20:2D:73:3F:A4:C4:D6:56:B7:57:B6:A5:E8:D9:8
B |
| 33 |
| 34 Authority Information Access: |
| 35 CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| 36 |
| 37 X509v3 CRL Distribution Points: |
| 38 |
| 39 Full Name: |
| 40 URI:http://url-for-crl/Intermediate.crl |
| 41 |
| 42 X509v3 Key Usage: critical |
| 43 Key Agreement |
| 44 X509v3 Extended Key Usage: |
| 45 TLS Web Server Authentication |
| 46 Signature Algorithm: sha256WithRSAEncryption |
| 47 a6:12:6f:eb:bb:19:74:1a:de:b2:5e:4c:be:8b:e8:8a:bb:d2: |
| 48 f9:82:08:58:67:65:3a:4f:dd:c4:45:7d:4e:99:1b:20:ce:04: |
| 49 ca:17:91:8f:a4:5e:08:b2:4e:a3:d0:bf:f9:2f:b4:92:15:68: |
| 50 a2:62:4c:64:59:43:f5:6d:ad:2b:c6:d4:24:20:2b:e4:76:0b: |
| 51 8e:1f:31:7d:4b:0e:20:53:16:20:01:8d:63:ce:7b:93:9b:ea: |
| 52 f6:6c:d6:77:20:a5:12:2f:a2:e0:0d:0a:89:c0:db:44:a9:8c: |
| 53 22:e9:15:ff:0a:0a:c3:a8:ce:97:4b:fc:28:09:80:71:ac:6d: |
| 54 b4:2d:b2:95:88:63:b4:e8:a0:a2:a9:d9:ae:75:22:e0:f7:03: |
| 55 30:82:2b:d7:3c:83:d0:0e:f3:f5:7e:9b:4d:1c:b5:95:57:ef: |
| 56 8d:24:47:a9:97:49:f0:94:db:ed:a9:c4:15:68:89:a2:b0:0f: |
| 57 5f:f2:46:05:6c:50:69:e7:74:c5:2a:e8:e1:79:0c:61:e3:42: |
| 58 da:80:e1:68:8a:67:df:da:05:85:1f:fd:57:f2:1d:fa:45:b8: |
| 59 2a:f5:73:6d:2a:52:2a:5d:c6:aa:cc:93:0d:f1:6c:a9:c4:f1: |
| 60 ff:84:36:be:42:20:0d:2a:7a:d2:86:c3:a2:bb:3b:02:76:a6: |
| 61 ba:ee:24:62 |
| 62 -----BEGIN CERTIFICATE----- |
| 63 MIIC1TCCAb2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| 64 cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| 65 VQQDDAZUYXJnZXQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASJAOyR/YUutbUgksQ3 |
| 66 WG5zTwGtixFvnfvtPqOvnKlXi8t8b7ZIwx9cICzdu+lG/nK2lzJUQo2xncFEqedl |
| 67 qUPAWAk6FMmAyQwhxU0p7Di6x+6nHYTwKTK1URzDe62tYQWjgd8wgdwwHQYDVR0O |
| 68 BBYEFHn4f4NXLp1jtcY3LkKjSdr8IrYVMB8GA1UdIwQYMBaAFJ2JNYB0IC1zP6TE |
| 69 1la3V7al6NmLMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3Vy |
| 70 bC1mb3ItYWlhL0ludGVybWVkaWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0 |
| 71 cDovL3VybC1mb3ItY3JsL0ludGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgMI |
| 72 MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQCmEm/ruxl0 |
| 73 Gt6yXky+i+iKu9L5gghYZ2U6T93ERX1OmRsgzgTKF5GPpF4Isk6j0L/5L7SSFWii |
| 74 YkxkWUP1ba0rxtQkICvkdguOHzF9Sw4gUxYgAY1jznuTm+r2bNZ3IKUSL6LgDQqJ |
| 75 wNtEqYwi6RX/CgrDqM6XS/woCYBxrG20LbKViGO06KCiqdmudSLg9wMwgivXPIPQ |
| 76 DvP1fptNHLWVV++NJEepl0nwlNvtqcQVaImisA9f8kYFbFBp53TFKujheQxh40La |
| 77 gOFoimff2gWFH/1X8h36Rbgq9XNtKlIqXcaqzJMN8WypxPH/hDa+QiANKnrShsOi |
| 78 uzsCdqa67iRi |
| 79 -----END CERTIFICATE----- |
| 80 |
| 81 Certificate: |
| 82 Data: |
| 83 Version: 3 (0x2) |
| 84 Serial Number: 2 (0x2) |
| 85 Signature Algorithm: sha256WithRSAEncryption |
| 86 Issuer: CN=Root |
| 87 Validity |
| 88 Not Before: Jan 1 12:00:00 2015 GMT |
| 89 Not After : Jan 1 12:00:00 2016 GMT |
| 90 Subject: CN=Intermediate |
| 91 Subject Public Key Info: |
| 92 Public Key Algorithm: rsaEncryption |
| 93 Public-Key: (2048 bit) |
| 94 Modulus: |
| 95 00:b6:3f:d3:f7:d6:99:71:8e:40:2a:64:6d:39:69: |
| 96 fe:d8:50:c0:5b:7e:7f:33:91:41:06:ca:40:ad:3c: |
| 97 f7:4d:fb:db:12:03:2f:69:ad:09:2a:f1:49:d8:61: |
| 98 b5:3f:7c:b1:f9:41:45:ab:26:3b:76:df:da:e4:8b: |
| 99 65:8d:77:ab:0d:3e:56:78:cb:ab:17:9c:50:b1:b8: |
| 100 c1:f4:31:8a:09:24:c7:19:c7:c5:5a:b4:a5:c4:a7: |
| 101 c0:eb:2b:54:c9:de:f0:4a:a5:3d:f6:fc:66:d5:e2: |
| 102 ed:53:4f:0f:e3:79:d1:78:cc:54:01:43:af:17:d7: |
| 103 b8:38:11:44:1b:bb:22:13:2e:c7:4d:95:8f:44:9b: |
| 104 d8:e7:4d:41:f0:51:ae:2a:6a:13:cd:c4:64:cd:7e: |
| 105 2e:d5:a2:32:b7:df:2f:89:66:b3:93:ab:0b:f9:3f: |
| 106 7d:71:47:bf:8e:2d:e0:5a:b8:5a:da:6b:d8:b0:51: |
| 107 74:4d:f4:38:ae:3c:5e:22:34:9a:93:d4:61:ce:4b: |
| 108 57:77:28:76:b6:84:c4:aa:cc:5e:97:05:55:06:83: |
| 109 55:95:3d:dc:c8:b3:a9:64:d3:d4:8b:8b:dc:30:97: |
| 110 54:87:6d:68:26:31:45:05:af:1c:cd:a5:f6:ff:e7: |
| 111 f0:d6:0d:9f:a6:75:a9:d7:c0:c3:8d:ba:7d:a4:a6: |
| 112 7f:db |
| 113 Exponent: 65537 (0x10001) |
| 114 X509v3 extensions: |
| 115 X509v3 Subject Key Identifier: |
| 116 9D:89:35:80:74:20:2D:73:3F:A4:C4:D6:56:B7:57:B6:A5:E8:D9:8B |
| 117 X509v3 Authority Key Identifier: |
| 118 keyid:0F:81:D1:20:C7:6B:79:4D:08:C2:54:4C:14:69:CD:9B:C7:C5:C3:4
1 |
| 119 |
| 120 Authority Information Access: |
| 121 CA Issuers - URI:http://url-for-aia/Root.cer |
| 122 |
| 123 X509v3 CRL Distribution Points: |
| 124 |
| 125 Full Name: |
| 126 URI:http://url-for-crl/Root.crl |
| 127 |
| 128 X509v3 Key Usage: critical |
| 129 Certificate Sign, CRL Sign |
| 130 X509v3 Basic Constraints: critical |
| 131 CA:TRUE |
| 132 Signature Algorithm: sha256WithRSAEncryption |
| 133 5b:d3:72:ae:c7:92:42:1e:26:1c:f2:87:dc:87:48:97:aa:97: |
| 134 77:89:1b:66:e3:c4:b7:33:a7:b8:ce:d4:ef:d9:67:be:59:a4: |
| 135 42:54:f3:63:86:a6:f8:cc:4f:60:04:ad:3a:57:7b:72:45:fb: |
| 136 20:2e:6a:31:de:e3:2e:a3:1f:44:ce:71:6c:84:7f:a4:8d:a7: |
| 137 eb:c9:af:4a:30:84:19:6c:75:a7:d6:4b:fa:a3:75:b3:bb:70: |
| 138 bf:b8:3e:9c:5a:e4:6f:09:ef:dd:70:a8:c6:3b:8e:29:28:15: |
| 139 e3:cb:1c:45:f8:1c:87:21:f9:d4:a6:82:d7:46:a1:e7:52:98: |
| 140 62:ce:3a:da:7e:48:f9:ad:e8:ac:ad:ce:4d:be:d5:fe:2f:6f: |
| 141 6e:0b:03:8a:0f:33:e8:f4:26:7f:5d:1a:31:89:cb:7b:bf:b9: |
| 142 25:74:94:53:0b:09:1d:25:6f:eb:45:c0:06:ef:80:10:1e:39: |
| 143 0e:8f:c7:a0:21:dc:9e:d5:e6:c0:bf:53:6a:42:f0:f0:58:fe: |
| 144 d5:f4:99:92:2b:76:69:e8:a0:43:34:41:b4:01:94:d2:8f:5a: |
| 145 fe:fe:46:75:f7:1d:cf:16:b4:64:03:c0:5d:8a:1a:f0:f4:c4: |
| 146 a6:7b:0f:de:22:58:62:3d:dd:97:a4:a4:92:65:ad:87:21:37: |
| 147 57:0d:ec:dc |
| 148 -----BEGIN CERTIFICATE----- |
| 149 MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| 150 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| 151 ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtj/T99aZ |
| 152 cY5AKmRtOWn+2FDAW35/M5FBBspArTz3TfvbEgMvaa0JKvFJ2GG1P3yx+UFFqyY7 |
| 153 dt/a5ItljXerDT5WeMurF5xQsbjB9DGKCSTHGcfFWrSlxKfA6ytUyd7wSqU99vxm |
| 154 1eLtU08P43nReMxUAUOvF9e4OBFEG7siEy7HTZWPRJvY501B8FGuKmoTzcRkzX4u |
| 155 1aIyt98viWazk6sL+T99cUe/ji3gWrha2mvYsFF0TfQ4rjxeIjSak9RhzktXdyh2 |
| 156 toTEqsxelwVVBoNVlT3cyLOpZNPUi4vcMJdUh21oJjFFBa8czaX2/+fw1g2fpnWp |
| 157 18DDjbp9pKZ/2wIDAQABo4HLMIHIMB0GA1UdDgQWBBSdiTWAdCAtcz+kxNZWt1e2 |
| 158 pejZizAfBgNVHSMEGDAWgBQPgdEgx2t5TQjCVEwUac2bx8XDQTA3BggrBgEFBQcB |
| 159 AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| 160 BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| 161 VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB |
| 162 AFvTcq7HkkIeJhzyh9yHSJeql3eJG2bjxLczp7jO1O/ZZ75ZpEJU82OGpvjMT2AE |
| 163 rTpXe3JF+yAuajHe4y6jH0TOcWyEf6SNp+vJr0owhBlsdafWS/qjdbO7cL+4Ppxa |
| 164 5G8J791wqMY7jikoFePLHEX4HIch+dSmgtdGoedSmGLOOtp+SPmt6Kytzk2+1f4v |
| 165 b24LA4oPM+j0Jn9dGjGJy3u/uSV0lFMLCR0lb+tFwAbvgBAeOQ6Px6Ah3J7V5sC/ |
| 166 U2pC8PBY/tX0mZIrdmnooEM0QbQBlNKPWv7+RnX3Hc8WtGQDwF2KGvD0xKZ7D94i |
| 167 WGI93ZekpJJlrYchN1cN7Nw= |
| 168 -----END CERTIFICATE----- |
| 169 |
| 170 Certificate: |
| 171 Data: |
| 172 Version: 3 (0x2) |
| 173 Serial Number: 1 (0x1) |
| 174 Signature Algorithm: sha256WithRSAEncryption |
| 175 Issuer: CN=Root |
| 176 Validity |
| 177 Not Before: Jan 1 12:00:00 2015 GMT |
| 178 Not After : Jan 1 12:00:00 2016 GMT |
| 179 Subject: CN=Root |
| 180 Subject Public Key Info: |
| 181 Public Key Algorithm: rsaEncryption |
| 182 Public-Key: (2048 bit) |
| 183 Modulus: |
| 184 00:c1:3e:d3:96:3b:f4:27:70:30:ed:c0:ed:a9:38: |
| 185 dc:a2:2a:56:65:d1:82:7a:36:ae:8f:00:fd:4c:db: |
| 186 fb:80:ad:f6:d1:71:c0:87:09:d6:40:c3:1e:a8:86: |
| 187 d7:ed:d0:62:5f:67:a0:84:24:71:88:31:8b:fe:8b: |
| 188 3f:71:f0:d2:56:49:47:74:40:b8:c8:2f:2b:2e:d5: |
| 189 a8:06:46:af:30:92:8d:20:13:a4:7c:9d:51:9f:8e: |
| 190 d6:7b:4f:ae:a9:59:b9:17:d0:b6:31:12:45:58:4d: |
| 191 59:86:e9:bb:75:1e:e1:db:0f:10:bb:0c:17:fb:48: |
| 192 89:d2:7e:d0:76:96:26:89:f5:a4:77:09:a7:7a:4f: |
| 193 8b:dd:24:95:15:ce:6f:d6:82:03:76:52:f0:7c:5d: |
| 194 69:25:ff:e7:12:c1:fb:41:be:8c:e9:c6:7b:a8:e2: |
| 195 88:03:e2:86:16:0f:20:34:a3:7d:28:3e:14:f5:9a: |
| 196 40:30:d3:fc:96:21:e4:bf:91:80:ae:a3:0f:a4:00: |
| 197 39:c3:40:0a:90:d4:9a:c8:fe:2f:c9:74:16:1b:c4: |
| 198 13:40:0b:2f:af:bc:d0:47:78:19:5f:4f:a5:9a:94: |
| 199 46:1d:71:c9:f6:04:bd:61:43:80:33:c3:57:fb:5d: |
| 200 df:6d:20:32:c1:b2:f1:a6:46:4b:19:95:f3:3f:53: |
| 201 f7:7d |
| 202 Exponent: 65537 (0x10001) |
| 203 X509v3 extensions: |
| 204 X509v3 Subject Key Identifier: |
| 205 0F:81:D1:20:C7:6B:79:4D:08:C2:54:4C:14:69:CD:9B:C7:C5:C3:41 |
| 206 X509v3 Authority Key Identifier: |
| 207 keyid:0F:81:D1:20:C7:6B:79:4D:08:C2:54:4C:14:69:CD:9B:C7:C5:C3:4
1 |
| 208 |
| 209 Authority Information Access: |
| 210 CA Issuers - URI:http://url-for-aia/Root.cer |
| 211 |
| 212 X509v3 CRL Distribution Points: |
| 213 |
| 214 Full Name: |
| 215 URI:http://url-for-crl/Root.crl |
| 216 |
| 217 X509v3 Key Usage: critical |
| 218 Certificate Sign, CRL Sign |
| 219 X509v3 Basic Constraints: critical |
| 220 CA:TRUE |
| 221 Signature Algorithm: sha256WithRSAEncryption |
| 222 39:38:b5:f8:09:d0:c2:8c:32:e3:89:bc:30:b1:7f:6f:16:57: |
| 223 c2:4a:54:a8:a4:01:c4:a6:68:10:3a:ff:57:e5:50:d8:30:ee: |
| 224 f3:1e:9c:54:f1:b6:19:b7:61:a1:c4:88:d1:9a:5a:a9:6a:2a: |
| 225 bc:a5:10:1f:22:0a:83:a6:5b:15:8f:99:bd:08:e7:a9:ca:4f: |
| 226 3f:1b:e7:d2:5e:85:ef:19:43:76:0c:9b:90:7d:43:5c:15:8d: |
| 227 75:11:de:89:2b:bc:3f:34:bd:7f:64:d4:7d:db:dd:de:f4:af: |
| 228 8c:8a:30:29:2a:47:a0:56:9a:c9:69:c7:44:d2:78:05:62:bd: |
| 229 3d:13:ab:52:15:31:fc:bf:19:1f:3f:f6:76:c7:f1:92:3a:f0: |
| 230 61:44:50:2a:e0:46:5b:15:a1:1f:d8:0d:fd:46:b9:07:38:6a: |
| 231 21:40:50:03:ae:73:cd:2e:49:3e:29:a6:65:67:e4:1c:5b:6e: |
| 232 41:ed:7c:6e:0d:e9:7c:32:db:99:17:90:72:3f:d5:4c:d7:ec: |
| 233 05:45:ee:23:40:db:9c:4e:c3:ca:42:d1:18:c3:54:94:f1:10: |
| 234 8b:98:75:b7:1e:ee:f1:8f:b8:2d:c6:bc:73:a6:74:69:f6:3c: |
| 235 ca:75:1e:65:10:35:e8:d0:9f:d0:69:6b:cc:d4:fb:d4:93:05: |
| 236 a1:2a:26:34 |
| 237 -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- |
| 238 MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| 239 MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| 240 dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAME+05Y79CdwMO3A7ak4 |
| 241 3KIqVmXRgno2ro8A/Uzb+4Ct9tFxwIcJ1kDDHqiG1+3QYl9noIQkcYgxi/6LP3Hw |
| 242 0lZJR3RAuMgvKy7VqAZGrzCSjSATpHydUZ+O1ntPrqlZuRfQtjESRVhNWYbpu3Ue |
| 243 4dsPELsMF/tIidJ+0HaWJon1pHcJp3pPi90klRXOb9aCA3ZS8HxdaSX/5xLB+0G+ |
| 244 jOnGe6jiiAPihhYPIDSjfSg+FPWaQDDT/JYh5L+RgK6jD6QAOcNACpDUmsj+L8l0 |
| 245 FhvEE0ALL6+80Ed4GV9PpZqURh1xyfYEvWFDgDPDV/td320gMsGy8aZGSxmV8z9T |
| 246 930CAwEAAaOByzCByDAdBgNVHQ4EFgQUD4HRIMdreU0IwlRMFGnNm8fFw0EwHwYD |
| 247 VR0jBBgwFoAUD4HRIMdreU0IwlRMFGnNm8fFw0EwNwYIKwYBBQUHAQEEKzApMCcG |
| 248 CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| 249 IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| 250 AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA5OLX4CdDC |
| 251 jDLjibwwsX9vFlfCSlSopAHEpmgQOv9X5VDYMO7zHpxU8bYZt2GhxIjRmlqpaiq8 |
| 252 pRAfIgqDplsVj5m9COepyk8/G+fSXoXvGUN2DJuQfUNcFY11Ed6JK7w/NL1/ZNR9 |
| 253 293e9K+MijApKkegVprJacdE0ngFYr09E6tSFTH8vxkfP/Z2x/GSOvBhRFAq4EZb |
| 254 FaEf2A39RrkHOGohQFADrnPNLkk+KaZlZ+QcW25B7XxuDel8MtuZF5ByP9VM1+wF |
| 255 Re4jQNucTsPKQtEYw1SU8RCLmHW3Hu7xj7gtxrxzpnRp9jzKdR5lEDXo0J/QaWvM |
| 256 1PvUkwWhKiY0 |
| 257 -----END TRUST_ANCHOR_UNCONSTRAINED----- |
| 258 |
| 259 150302120000Z |
| 260 -----BEGIN TIME----- |
| 261 MTUwMzAyMTIwMDAwWg== |
| 262 -----END TIME----- |
| 263 |
| 264 SUCCESS |
| 265 -----BEGIN VERIFY_RESULT----- |
| 266 U1VDQ0VTUw== |
| 267 -----END VERIFY_RESULT----- |
| 268 |
| 269 serverAuth |
| 270 -----BEGIN KEY_PURPOSE----- |
| 271 c2VydmVyQXV0aA== |
| 272 -----END KEY_PURPOSE----- |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2813043002:
Add tests for keyUsage to the built-in cert verifier. (Closed)
