Presently, the untrusted root test is indistinguishable from an
incomplete certificate chain. As a consequence, client libraries
may reject such a certificate as an incomplete chain, but would
otherwise accept the chain if there was a leaf/end-entity
certificate signed by a self-signed certificate.
Presently, the untrusted root test is indistinguishable from an incomplete certificate chain. As a consequence, client libraries may reject such a certificate as an incomplete chain, but would otherwise accept the chain if there was a leaf/end-entity certificate signed by a self-signed certificate.
Fixes https://github.com/chromium/badssl.com/issues/396