This repository was archived by the owner on Jul 21, 2025. It is now read-only.
This repository was archived by the owner on Jul 21, 2025. It is now read-only.
New test suggestion - Leaf node certificate used as intermediate #544
Description
A simple certificate issue not yet covered by badssl.com tests is a leaf node certificate (with CA:FALSE in Basic Constraints field) used as intermediate certificate somewhere in the chain.
I think a good test would be something like leaf-node.badssl.com which would use a certificate signed by the valid leaf node certificate of badssl.com.
A very similar issue would be having a leaf node higher in the certificate chain. Maybe these two cases could be combined and the certificate of leaf-node.badssl.com could be signed by 2 certificates (both sent by the server and maybe also available via the AIA CA Issuers links):
- the valid leaf node certificate of
badssl.com(i.e. directly by the leaf node); - a self-generated intermediate certificate (with
CA:TRUEinBasic Constraintsfield) signed by the valid leaf node certificate ofbadssl.com(i.e. having the leaf node higher in the chain).
It could also be valuable to include this test in the dashboard.