Rob's right - no AIA extension (or CRLDP, for that matter) in the bad EE cert:
0:d=0 hl=4 l=1455 cons: SEQUENCE
4:d=1 hl=4 l=1175 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 16 prim: INTEGER :0A889040CE126E6557AEC2427B4AC1FB
31:d=2 hl=2 l= 13 cons: SEQUENCE
33:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
44:d=3 hl=2 l= 0 prim: NULL
46:d=2 hl=2 l= 110 cons: SEQUENCE
48:d=3 hl=2 l= 11 cons: SET
50:d=4 hl=2 l= 9 cons: SEQUENCE
52:d=5 hl=2 l= 3 prim: OBJECT :countryName
57:d=5 hl=2 l= 2 prim: PRINTABLESTRING :TR
61:d=3 hl=2 l= 15 cons: SET
63:d=4 hl=2 l= 13 cons: SEQUENCE
65:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
70:d=5 hl=2 l= 6 prim: UTF8STRING :ANKARA
78:d=3 hl=2 l= 15 cons: SET
80:d=4 hl=2 l= 13 cons: SEQUENCE
82:d=5 hl=2 l= 3 prim: OBJECT :localityName
87:d=5 hl=2 l= 6 prim: UTF8STRING :ANKARA
95:d=3 hl=2 l= 12 cons: SET
97:d=4 hl=2 l= 10 cons: SEQUENCE
99:d=5 hl=2 l= 3 prim: OBJECT :organizationName
104:d=5 hl=2 l= 3 prim: UTF8STRING :EGO
109:d=3 hl=2 l= 24 cons: SET
111:d=4 hl=2 l= 22 cons: SEQUENCE
113:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
118:d=5 hl=2 l= 15 prim: UTF8STRING :EGO BILGI ISLEM
135:d=3 hl=2 l= 21 cons: SET
137:d=4 hl=2 l= 19 cons: SEQUENCE
139:d=5 hl=2 l= 3 prim: OBJECT :commonName
144:d=5 hl=2 l= 12 prim: UTF8STRING :*.
EGO.GOV.TR
158:d=2 hl=2 l= 30 cons: SEQUENCE
160:d=3 hl=2 l= 13 prim: UTCTIME :121206085515Z
175:d=3 hl=2 l= 13 prim: UTCTIME :130607194327Z
190:d=2 hl=2 l= 102 cons: SEQUENCE
192:d=3 hl=2 l= 11 cons: SET
194:d=4 hl=2 l= 9 cons: SEQUENCE
196:d=5 hl=2 l= 3 prim: OBJECT :countryName
201:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US
205:d=3 hl=2 l= 19 cons: SET
207:d=4 hl=2 l= 17 cons: SEQUENCE
209:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
214:d=5 hl=2 l= 10 prim: PRINTABLESTRING :California
226:d=3 hl=2 l= 22 cons: SET
228:d=4 hl=2 l= 20 cons: SEQUENCE
230:d=5 hl=2 l= 3 prim: OBJECT :localityName
235:d=5 hl=2 l= 13 prim: PRINTABLESTRING :Mountain View
250:d=3 hl=2 l= 19 cons: SET
252:d=4 hl=2 l= 17 cons: SEQUENCE
254:d=5 hl=2 l= 3 prim: OBJECT :organizationName
259:d=5 hl=2 l= 10 prim: PRINTABLESTRING :Google Inc
271:d=3 hl=2 l= 21 cons: SET
273:d=4 hl=2 l= 19 cons: SEQUENCE
275:d=5 hl=2 l= 3 prim: OBJECT :commonName
280:d=5 hl=2 l= 12 prim: T61STRING :*.
google.com
294:d=2 hl=3 l= 159 cons: SEQUENCE
297:d=3 hl=2 l= 13 cons: SEQUENCE
299:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
310:d=4 hl=2 l= 0 prim: NULL
312:d=3 hl=3 l= 141 prim: BIT STRING
456:d=2 hl=4 l= 723 cons: cont [ 3 ]
460:d=3 hl=4 l= 719 cons: SEQUENCE
464:d=4 hl=2 l= 32 cons: SEQUENCE
466:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
471:d=5 hl=2 l= 1 prim: BOOLEAN :0
474:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302
498:d=4 hl=4 l= 664 cons: SEQUENCE
502:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
507:d=5 hl=2 l= 1 prim: BOOLEAN :0
510:d=5 hl=4 l= 652 prim: OCTET STRING [HEX DUMP]:30820288820C2A2E6
76F6F676C652E636F6D820D2A2E616E64726F69642E636F6D82162A2E617070656E67696E652E676
F6F676C652E636F6D82122A2E636C6F75642E676F6F676C652E636F6D82162A2E676F6F676C652D6
16E616C79746963732E636F6D820B2A2E676F6F676C652E6361820B2A2E676F6F676C652E636C820
E2A2E676F6F676C652E636F2E696E820E2A2E676F6F676C652E636F2E6A70820E2A2E676F6F676C6
52E636F2E756B820F2A2E676F6F676C652E636F6D2E6172820F2A2E676F6F676C652E636F6D2E617
5820F2A2E676F6F676C652E636F6D2E6272820F2A2E676F6F676C652E636F6D2E636F820F2A2E676
F6F676C652E636F6D2E6D78820F2A2E676F6F676C652E636F6D2E7472820F2A2E676F6F676C652E6
36F6D2E766E820B2A2E676F6F676C652E6465820B2A2E676F6F676C652E6573820B2A2E676F6F676
C652E6672820B2A2E676F6F676C652E6875820B2A2E676F6F676C652E6974820B2A2E676F6F676C6
52E6E6C820B2A2E676F6F676C652E706C820B2A2E676F6F676C652E7074820F2A2E676F6F676C656
17069732E636E82142A2E676F6F676C65636F6D6D657263652E636F6D820D2A2E677374617469632
E636F6D820C2A2E75726368696E2E636F6D82102A2E75726C2E676F6F676C652E636F6D82162A2E7
96F75747562652D6E6F636F6F6B69652E636F6D820D2A2E796F75747562652E636F6D820B2A2E797
4696D672E636F6D820B616E64726F69642E636F6D8204672E636F8206676F6F2E676C8214676F6F6
76C652D616E616C79746963732E636F6D820A676F6F676C652E636F6D8212676F6F676C65636F6D6
D657263652E636F6D820A75726368696E2E636F6D8208796F7574752E6265820B796F75747562652
E636F6D
1166:d=4 hl=2 l= 15 cons: SEQUENCE
1168:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
1173:d=5 hl=2 l= 1 prim: BOOLEAN :255
1176:d=5 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:3003010100
1183:d=1 hl=2 l= 13 cons: SEQUENCE
1185:d=2 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
1196:d=2 hl=2 l= 0 prim: NULL
1198:d=1 hl=4 l= 257 prim: BIT STRING
Here's the PEM of the cert, itself, for those interested:
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgIQCoiQQM4SbmVXrsJCe0rB+zANBgkqhkiG9w0BAQUFADBu
MQswCQYDVQQGEwJUUjEPMA0GA1UECAwGQU5LQVJBMQ8wDQYDVQQHDAZBTktBUkEx
DDAKBgNVBAoMA0VHTzEYMBYGA1UECwwPRUdPIEJJTEdJIElTTEVNMRUwEwYDVQQD
DAwqLkVHTy5HT1YuVFIwHhcNMTIxMjA2MDg1NTE1WhcNMTMwNjA3MTk0MzI3WjBm
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91
bnRhaW4gVmlldzETMBEGA1UEChMKR29vZ2xlIEluYzEVMBMGA1UEAxQMKi5nb29n
bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs+WnJyJfzSM1n9Chn
cEgWZkAGH/qtEtKcROmSxvaD+dfvYGYghEFkgAzdA76MMDw7vWHjOZfFNhXxAkXj
6sw/CkUB7SqmCKUHxy2p/QPfG41P5ErAnAsCoAfpv0CPewwyv6zJHwEAUWxHmb94
LC9eWoJUa7hKifDg/io+R5yy/wIDAQABo4IC0zCCAs8wIAYDVR0lAQEABBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMIICmAYDVR0RAQEABIICjDCCAoiCDCouZ29vZ2xl
LmNvbYINKi5hbmRyb2lkLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5j
bG91ZC5nb29nbGUuY29tghYqLmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2ds
ZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5q
cIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29t
LmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUu
Y29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29n
bGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyou
Z29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0
gg8qLmdvb2dsZWFwaXMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tgg0qLmdzdGF0
aWMuY29tggwqLnVyY2hpbi5jb22CECoudXJsLmdvb2dsZS5jb22CFioueW91dHVi
ZS1ub2Nvb2tpZS5jb22CDSoueW91dHViZS5jb22CCyoueXRpbWcuY29tggthbmRy
b2lkLmNvbYIEZy5jb4IGZ29vLmdsghRnb29nbGUtYW5hbHl0aWNzLmNvbYIKZ29v
Z2xlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tggp1cmNoaW4uY29tggh5b3V0dS5i
ZYILeW91dHViZS5jb20wDwYDVR0TAQH/BAUwAwEBADANBgkqhkiG9w0BAQUFAAOC
AQEAE9hy/EupOVhpJvcDLGkfFdWGUDw93eLzebKguOuaVSJ5xIxaiNU3MWO4ciJq
e8EZ9rPGGhiFfqEAPuEd0Svzn8zL523OHgwfQZ0zXHPDhN/KZDI3ohQH6t0EbA3k
hXMo9oeHWRfCbzEQcZTZ3TtC04D0MJGThjfx1jmq5WHvmWKwtujfYNSBLAyETnlq
lbEZFH4LDdaYayZk3VnRw4SQx7ykbDSOjbbCsUoBSV04sFEcCWNvU6IhyEMAPCRy
MlDakG1cc9G3U0yeGXM7SAvqPs90TDlgBvDtgTfzLv9vZTmYw3ziDSORUBE55kGH
/gF9p4SAOb3230ExWmWAayoyZg==
-----END CERTIFICATE-----
Cheers,
Bill
_______________________________________________
dev-security-policy mailing list
dev-secur...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy