Forwarding to the right (cert-related) group

-------- Forwarded Message --------
Subject: Misissued certificates - pathLenConstraint with CA:FALSE
Date: Wed, 9 Aug 2017 19:25:31 -0400
From: Alex Gaynor <>


The following certificates appear to be misissued:

All of these certificates have a pathLenConstraint value with CA:FALSE,
this violates of RFC 5280: CAs MUST NOT include the
pathLenConstraint field unless the cA boolean is asserted and the key usage
extension asserts the keyCertSign bit.


"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6
dev-security mailing list
dev-security-policy mailing list

Reply via email to