Feature request: Test incorrect Authority Key ID

chromium / badssl.com

:lock: Memorable site for testing clients against bad SSL configs.

https://badssl.com

Apache License 2.0

2.83k stars 191 forks source link

Open steamraven opened 3 years ago

steamraven commented 3 years ago

Normally a certificate chain is referenced both by

certificate's issuer matches subject of signing certificate
certificate's "certificate authority key ID " matches the "certificate subject key id" of the signing certificate

Chrome seems to only care about the issuer chain and accepts chains with invalid authority keys. CURL and openSSL seem to actually check.