Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error with chain of trust with multiple intermediates with same name #332

martinsuchan opened this issue Apr 6, 2016 · 3 comments


None yet
4 participants
Copy link

commented Apr 6, 2016



This domain is more of a joke than actual web, but it uses valid chain with self-signed cert on the top.
The problem is it uses multiple intermediates with same CN and SSLLabs probably uses CN as unique ID for certs, and it then fails to rebuild the original chain of trust.

Expected behavior - the chain of trust should be rebuilt properly for


This comment has been minimized.

Copy link

commented Apr 7, 2016

Overall Rating is T, if trust is ignored, it will be A. Please check in

Yash K.S

@ivanr ivanr added the bug label Jun 15, 2016


This comment has been minimized.

Copy link

commented Jun 15, 2016

From memory, path building does use SKI/AKI if they're present, but it falls back to using Subject/Issuer otherwise. However, I think this is a bug in the "is_self_signed" method, which looks only at Subject/Issuer and not SKI/AKI. Should be easy to fix.


This comment has been minimized.

Copy link

commented Sep 8, 2016

@bhushan5640 bhushan5640 closed this Oct 4, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.