Moved out of T3948 according to the original reporter this chain should be valid. I can't really tell. But as this is not a real world example and the result is invalid anyway I don't think that it needs a high prio.
CERT_PATH_COMMON_13|ERROR|VALID|INVALID
Checks the behaviour of the application when a self-issued certificate is found in the path. This path is not invalid, because self-issued certificates are allowed in the path and processing rules have been specified.
Root CA:
Test Message with the other certs:
export GNUPGHOME=$(mktemp -d)
gpgsm --import CERT_PATH_COMMON_13_ROOT_CA.TA.crt
echo "87:0F:8B:9E:5E:DF:A7:87:D2:B9:98:7C:2A:EA:9B:D6:DD:93:2F:D0 S" > $GNUPGHOME/trustlist.txt
echo "disable-crl-checks" > $GNUPGHOME/gpgsm.conf
gpgparsemail --crypto CERT_PATH_COMMON_13.eml
gpgsm --with-validation -k
/tmp/tmp.LCjRsU5Glg/pubring.kbx
-------------------------------
ID: 0xDD932FD0
S/N: 01
Issuer: /CN=Test Root/C=DE
Subject: /CN=Test Root/C=DE
validity: 2017-09-02 09:24:39 through 2022-09-05 09:24:39
key type: 2048 bit RSA
key usage: certSign crlSign
chain length: 1
fingerprint: 87:0F:8B:9E:5E:DF:A7:87:D2:B9:98:7C:2A:EA:9B:D6:DD:93:2F:D0
[certificate is good]
ID: 0x7A885CA5
S/N: 2B05
Issuer: /CN=Test Root/C=DE
Subject: /CN=Test Sub CA/C=DE
validity: 2017-09-04 09:25:51 through 2020-09-05 09:25:51
key type: 4096 bit RSA
key usage: certSign crlSign
policies: 1.2.3.4:C:
chain length: 0
fingerprint: EB:F6:8E:6D:88:CF:63:90:96:24:CE:9D:15:2A:6E:32:7A:88:5C:A5
[certificate policy not allowed]
[certificate policy not allowed]
[certificate is bad: No policy match]
ID: 0x8AFC7801
S/N: 2EED
Issuer: /CN=Test Root/C=DE
Subject: /CN=Test Root/C=DE
validity: 2017-09-03 09:25:44 through 2021-09-05 09:25:44
key type: 4096 bit RSA
key usage: certSign crlSign
policies: 1.2.3.4:C:
chain length: 1
fingerprint: 94:5F:8B:99:68:EA:98:DE:E1:94:30:65:31:3F:0C:80:8A:FC:78:01
[certificate policy not allowed]
[certificate is bad: No policy match]
ID: 0xB69584CD
S/N: 271D
Issuer: /CN=Test Sub CA/C=DE
Subject: /CN=Test EE/C=DE
aka: test@mtg.de
validity: 2017-08-05 09:25:56 through 2019-09-05 09:25:56
key type: 4096 bit RSA
key usage: digitalSignature keyEncipherment
policies: 1.2.3.4:C:
fingerprint: 77:94:7B:19:0D:9F:16:04:BB:6C:BA:19:FF:45:9D:BB:B6:95:84:CD
[certificate policy not allowed]
[certificate policy not allowed]
[certificate policy not allowed]
[certificate chain longer than allowed by CA (1)]
[certificate is bad: Bad certificate chain]