TODODescriptions.txt [plain text]
parse_fail_too_big.cer succeeds because we ignore extra data after the cert.
parse_fail_basic_constraints_notCA_pathlen.cer
We don’t enforce (from RFC 5280):
CAs MUST NOT include the pathLenConstraint field unless the cA
boolean is asserted and the key usage extension asserts the
keyCertSign bit.
parse_fail_ec_not_on_curve.cer
We don’t check that the point is on the curve until we use the key (e.g. for verifying a signature).
spki_fail_tag_4.cer
SecECPublicKeyInit doesn’t read the parameters of the algorithm ID.