Support anyPolicy Certificate Policy
KamilaBorowska opened this issue · comments
I'm dealing with a certificate that has critical Certificate Policy (2.5.29.32) with anyPolicy policy. It would be appreciated if rustls-webpki supported this scenario. Also created an issue in briansmith/webpki#268.
NSS supports Certificate Policies with anyPolicy.
Would you be able to contribute code for this?
I'm looking at how to do this currently.
Do you have a reference (on crt.sh or whatever) for an example issued certificate?
Sure, here is an example of QWAC certificate with certificate policy like this. If it's required for certificates to be issues by a certificate authority that is actually trusted by web browsers then feel free to reject this pull request.
-----BEGIN CERTIFICATE-----
MIIGnTCCBIWgAwIBAgIUYPBgktIwnBiSqcFH4Ybq+Lyt4wIwDQYJKoZIhvcNAQEN
BQAwbzELMAkGA1UEBhMCUEwxHTAbBgNVBAoMFE5hcm9kb3d5IEJhbmsgUG9sc2tp
MSYwJAYDVQQDDB1OYXJvZG93ZSBDZW50cnVtIENlcnR5ZmlrYWNqaTEZMBcGA1UE
YQwQVkFUUEwtNTI1MDAwODE5ODAeFw0xNzAzMTMxNDA3NDdaFw0yODAzMTMyMzU5
NTlaMHgxCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGlj
emVuaW93YSBTLkEuMSQwIgYDVQQDDBtDT1BFIFNaQUZJUiAtIEt3YWxpZmlrb3dh
bnkxGTAXBgNVBGEMEFZBVFBMLTUyNjAzMDA1MTcwggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQC19l+vaELBXt1MGBMQwYL/UqssySt9CyTcbaQJFzirlB9v
O0SBnJp/Vbad/IaqmRDqzxnmU820jLYF/fH4BsG0YnS0bP3iW1lphWqInnvGZpDD
xhZ8Y0kjjkAQBCNFtFjRZiffnCBTbaBo2cClqJB12x6NbcjLag0huGsmxn14tjvt
Q1CqqFRSnXXX4csJiL5wncPc7lleleUi2yZkWXnHipJSsRbQVcpESBLyzLOzJwBT
kCWcy3QMjlS1EoJoDqXc4kzo/lb2ZVpQJlzevJCC5Wpkaef19YPk9bjPmGRKy2ss
sylR/QWP565eyFz0YeL2dZM+Ohg+rw6/cANKUz9el7O70U0Y4+ctfWdUi9mvpbYv
V0LoklUnjbr6XJlDWRX/yKUDcgGEb2UgXHPKXB+x/bA2YDEkVDpy6EwaXfv3xDBx
hkh58yA3+3LK0uFRvm9LaWAQMcnWO+LkFG0HgYw7psg8W6OORB0f+eUtgLJE2b2R
9WaXEpx2ssvcE6R7mYHPUdb6+CsKrVRSo5mRyRM4xikM5eeUh7twVDX7x4QroQb7
o2NJCnJ0DbVrJSr7/1q80wdGubv3KNkWA93zTbXApyZf0aZfrnTG71RWpnizD+Q0
u7dc4e8xgHPuHhcz8W6uN41o+T6aPK2zLY7hX5Hq3yKM5k9mEDjIzRu/zahjEQID
AQABo4IBJjCCASIwDwYDVR0TAQH/BAUwAwEB/zCBrAYDVR0jBIGkMIGhgBQps8jE
36OH+GYFElj9Riq4mA15h6FzpHEwbzELMAkGA1UEBhMCUEwxHTAbBgNVBAoMFE5h
cm9kb3d5IEJhbmsgUG9sc2tpMSYwJAYDVQQDDB1OYXJvZG93ZSBDZW50cnVtIENl
cnR5ZmlrYWNqaTEZMBcGA1UEYQwQVkFUUEwtNTI1MDAwODE5OIIUQPj3irDjZBBW
kcjZ4Cz4wcZACkYwMQYDVR0gAQH/BCcwJTAjBgRVHSAAMBswGQYIKwYBBQUHAgEW
DXd3dy5uY2NlcnQucGwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTmsbQS5ken
hD7mw8S4iWdDo2PRfTANBgkqhkiG9w0BAQ0FAAOCAgEARIEGH8FRnENtwyEzM5MR
1u5qSRmywJHK6g8gGIVRcl0zrmWJUfR79PlNOTRAU622cczI+XBRnfAIhPzItpbI
VAaN9p1YH2H3wUkwsUgDDVrAoZI5CKY6TBlu1r3dcvwmC9SD85suL2qGmp2KXsOM
zShZd7XyDs95hA1IfvJQ/F11+MhyhH1QEbjqmECwdCpoMKzDTIU4GEqRzhSGgVfV
oxQkk6T0NaB3nHdDr8ejEkGbUCYJJofHQD6KsvTdDzs+QZHhem+GTxQkMz1AfJ58
o8r5r+sVypZLtC5lpOb/18xlVoIeli8OX4yPd7dJKNKGpv9u31FWaUFrGks7+vSZ
P3C0F40L0wFH7jXTzr/7uVD6TIlh4MHhYppmLn8Lb2goZUqs+jrY10Fe7enQE+qX
f8KoHLThZy1KqtEmjDQW4lza+cNUqtMzhHP+VB/tkCzxvMgGgMYdSCfLzfZgLfyf
otWyTaIlEwTeKhGyzmNM0vrjBc5aKn3xR5I6g6XecvYxJ7HNIhjTQTeN9F63fZjV
/w+IoLzcSPpjQCg5WGaKPzmSNFKSdy97K2dLnrBxzYbiNfVTn6koVNUdClXdIODW
XTC/YfifElQsONDEJJQU6BSXzMZdU/b+kM0dkQtz4YnKCzd1cWkpfIHTWFtulpxI
2Vy6fW7Jou4ePh9aaSJjBmo=
-----END CERTIFICATE-----
And root certificate for it:
-----BEGIN CERTIFICATE-----
MIIFzzCCA7egAwIBAgIUQPj3irDjZBBWkcjZ4Cz4wcZACkYwDQYJKoZIhvcNAQEN
BQAwbzELMAkGA1UEBhMCUEwxHTAbBgNVBAoMFE5hcm9kb3d5IEJhbmsgUG9sc2tp
MSYwJAYDVQQDDB1OYXJvZG93ZSBDZW50cnVtIENlcnR5ZmlrYWNqaTEZMBcGA1UE
YQwQVkFUUEwtNTI1MDAwODE5ODAeFw0xNjEyMDkwODUyNDFaFw0zOTEyMDkyMzU5
NTlaMG8xCzAJBgNVBAYTAlBMMR0wGwYDVQQKDBROYXJvZG93eSBCYW5rIFBvbHNr
aTEmMCQGA1UEAwwdTmFyb2Rvd2UgQ2VudHJ1bSBDZXJ0eWZpa2FjamkxGTAXBgNV
BGEMEFZBVFBMLTUyNTAwMDgxOTgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQDuyaDrULBW0PLYMfDwG1cZ6qWlTCzhb+vffSNd6AvF/4uTwCpNNcbHH3WH
st1FD1ZygGBFyWjb6QpGwW58JSd+6+UuvsVTzYSilhrd4afmNGyKg945e4z1vY91
bzivNPQ+LcXPMFx+GLcncrYzyQLsK5fqNOuVQDXPhrFG3o4gDxhUWsHjpBKWvFwI
n1VzNcP17/MML5pYAnOGnlNQpjqexbzSEsDF3b1mTi50kkfHD/NN4zSaJMJGvsFj
aIFhakEuLA6GeI7OO+do3oh5U8osUYOznbB1BtC3NGAE9NU1JeSHQH3speUX8iH7
0UjNdhyf96HY/ZDMRJF4bfWLdBCxCAmWJEYADbciUxus6TUjrjEzKSceMEmjg2Or
DMUISSmsH44Usx6S367WmGVpsuMh39X0GQRLz+ntwqJi1yvRttcdrhrNo7jOEG2R
Elm113+GDo1mmtMB6TrKU42kEQsR1yH7FAO0/zsvnnVjUtFEHH45SQWS43fuZXO1
ioS0SFNO/7wKZS+cYOzzGlMvv+eW6jVYouXupM/Fa5+vkhYnw6v/LTWIYylw9XbZ
Xpgf+aSa8ZWiaTKfHhEHFmhVPjqUF4bkACVUknu+5UZKUTE1+69PgpEe0uhyzJ/z
QIwZ6+MHpzDx2cfi6qU2sKGS8M99upjMm7GQ4LqHlG/lYrterwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBQps8jE
36OH+GYFElj9Riq4mA15hzAdBgNVHQ4EFgQUKbPIxN+jh/hmBRJY/UYquJgNeYcw
DQYJKoZIhvcNAQENBQADggIBAK+GzchsHQruy9sCZ2QDtF6kveZT5JVfpfJ7Aspw
VR3+VrH50aiGlSid4va1EBHWxD1uw7t3FMYvlvU/KAk+TA5+0GSrJFalO5nYNma9
dYcgiD8tBQdB3tOU27wTrSD0VXsolXnRYNerNyeo5TWzqcy5InfZAT95XtmTE9me
l1cu4yYwdT1/+m0ws9YZLdvaDK9tIJzkOn4CFTCvMUcGMOg1ncE1X07LH26ibsiV
zgbVBoK6Qe+O4w533pTta9rOoudOqL44F/+YPSSfBNvRD49OpQNYsf2umgS2WTsk
wcSEM/gJoelE0Avp4c1rz0/6VQsX+JNOnHadKZQl1GUrUxEAiAy4A5hpz6qyTNtu
DSc3tdbjaddLr7jESAaU3Zbi/s+vDeYqgO5jsR6RX1iyBpUTdciTnZOGSyRE5ek2
g6IERpmnhP4bKL2ylJK+OchYFL/HFPFiAuRXBhiv5o8AOQGvWVY8bCvzliI869IS
w4kdpmxnyx9GKxcuTTmvr3TMIbEpCuG+vCsmjvl+JtP/bGWSNjSpzxO4NEABnAjM
BI4m+SGQy2wxJ3dEONZvjk1ph0bYE/cQRlgoxAlk8JuGt0XTw03Ar2EklhN8IeBk
8e6KDeKxSNX60z3XTChCgTPj+ErwdNzX8tcRo5FrQ68VwTF27+pYYAEfAs2hqHZ2
KHW0
-----END CERTIFICATE-----
I faced a critical non-any certificate policy extension while trying to apply rustls-webpki to verification of attestations in Web Authentication. This might not be an intended use of rustls-webpki, though, it would be helpful for me if rustls-webpki could deal with critical certificate policy extensions.
End entity certificate:
-----BEGIN CERTIFICATE-----
MIIFuTCCA6GgAwIBAgIQWL8wRUctRemWkEexpr7hyjANBgkqhkiG9w0BAQsFADBC
MUAwPgYDVQQDEzdOQ1UtSU5UQy1LRVlJRC02Q0E5REY2MkExQUFFMjNFMEZFQjdD
M0Y1RUI4RTYxRUNBQzE3Q0I3MB4XDTIwMDgxMTE2MjIxNloXDTI1MDMyMTIwMzAw
MlowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMWmOr7MaPBBh7dg
B48aN01rDKs4ApHwydxLocnfGM9+CnYwyb8Gu+Oy/+X8f8fXTN20e2+yjTrrVxsd
GDTr67XxHG3fMIk2FXGbaSfS7e6sksOtqonJJNRNs/aOE8byMKHH0XHkts1zCB3/
Bh1Xdp1zdKtAafhbgNxi0X6dseNlGhrvSKKHsbGCEO9PjAEdGiY5B2DaXm4x+2aC
HIDjaXW4DR3liZekdLNlhv2fpVr1w5xpV5M92y4dv/zJdTbPBp1goRonrOVV4azc
/PKBIgfjCAdwKiJJfQbxZA7WfbM/apZvE+s7GI3ZjH1bSZjOrgDtSPrPinePy85z
YVnT2/UCAwEAAaOCAeswggHnMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA
MG0GA1UdIAEB/wRjMGEwXwYJKwYBBAGCNxUfMFIwUAYIKwYBBQUHAgIwRB5CAFQA
QwBQAEEAIAAgAFQAcgB1AHMAdABlAGQAIAAgAFAAbABhAHQAZgBvAHIAbQAgACAA
SQBkAGUAbgB0AGkAdAB5MBAGA1UdJQQJMAcGBWeBBQgDMFAGA1UdEQEB/wRGMESk
QjBAMRYwFAYFZ4EFAgEMC2lkOjQ5NEU1NDQzMQ4wDAYFZ4EFAgIMA1NQVDEWMBQG
BWeBBQIDDAtpZDowMDAyMDAwMDAfBgNVHSMEGDAWgBSTk01CDrezoQJuenEjBhBS
6FhYszAdBgNVHQ4EFgQUqPs/rfpAitm6fudN8p/Gwzxt++cwgbMGCCsGAQUFBwEB
BIGmMIGjMIGgBggrBgEFBQcwAoaBk2h0dHA6Ly9hemNzcHJvZG5jdWFpa3B1Ymxp
c2guYmxvYi5jb3JlLndpbmRvd3MubmV0L25jdS1pbnRjLWtleWlkLTZjYTlkZjYy
YTFhYWUyM2UwZmViN2MzZjVlYjhlNjFlY2FjMTdjYjcvZDhlMDIxOGUtNzdlYi00
M2I4LWE5ODEtMzA1Y2VjYzVjYmE2LmNlcjANBgkqhkiG9w0BAQsFAAOCAgEABIBv
vgBehacAPe3ouLb/7k29xvg/BQXKPGJ9ea+xUvxVmlAgp8bggPuRBSBl2rom/7I/
pzPNPsOn25AGC0YOO7GydP6Dx+dLzD505ygvcIoYwpouHhmVS4t3pEG71xiLoEzS
fBBNG+FG+4kDsOX4M2yjfSTwtWgxZiosrA7/LoMvB7R+VGiXhipRnzp+JeCRehtv
1ex8YbVwSx0hIgfSqos/EsFiXrqK4dcs8ltNyTxCBBsWVeTfOyryo6TbS65bdnMd
2DUlfKHCD3WTMmLNxIkB9Bp87LW4BWJAv9G9QAAL1plAAiR07e58Ly+29hRpDKi8
wNca5FZF1CpFee5Jm5qFyx5sXrjWW0NPFnY/ZPkXWo5IXu5bmiC/M8AsxdStd5+c
R2DvJURJ92ZYy6xx+kr3gU8T65FfntYsJhz02lbKXUnE0YWKTSo63WNwDUkvFmyi
kC8k0HKSV00YTkKUVlupaGhqiX6sCtUlGbOv/fPUr/BnCLS+bMbHKKvjoeg1k230
XXHtQLOgTiMiCIizubDbBMYmrwYM4zeowHpzd1/N9Gl07onkIAQJ2/Yxg75AJVVs
76StWv6S//y86Ci4bEWZUbYRrsI09rJNLzKnOBFTH0F3j6Bx/kchplg1gMMGwTKQ
TvKb6ucUkISxn6Fems2FThTWjeYhc8CUV5dfR68=
-----END CERTIFICATE-----
Intermediate certificate:
-----BEGIN CERTIFICATE-----
MIIG7DCCBNSgAwIBAgITMwAAAnFSIjeDCns4rgAAAAACcTANBgkqhkiG9w0BAQsF
ADCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE2MDQGA1UE
AxMtTWljcm9zb2Z0IFRQTSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE0
MB4XDTE5MDMyMTIwMzAwMloXDTI1MDMyMTIwMzAwMlowQjFAMD4GA1UEAxM3TkNV
LUlOVEMtS0VZSUQtNkNBOURGNjJBMUFBRTIzRTBGRUI3QzNGNUVCOEU2MUVDQUMx
N0NCNzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJgra62xNaOjXZr4
bN5QBXpX7PzhMjR5ER3oEj8HnLEil9ZcN5XM6IEymmmA3b6dwTQwQZda+jCgGYYu
JE1+MIHmfay9nPeTH+8U5k4Ekns2ra/T+BJ9U24lQ5OYAHmwplf4HwOb6zWGCGnU
9O+qKV63UY8iwXt9uzCVO2PwDyZsrMjeRj5iUKMgExq1v5yL+L5ugTjEMhBZj5Yp
rO+IQZEAXd7iddC3dFWmXfcXJ6eCL0lxGmbFZNSwIo9iaQXOwni+yTFmxxmh5gu9
V7xmqyw3wbTQrPrWwiSUcc5Qn3yH9/YzCsLM6CwhQLc/0eFIw8FHZa7xKtlc1nXH
ZUsqkZG7cZaKHD16n1aYKVNBUJ6lw2D/hyJaoUWtSsaTYFUoZIC/hwsbVpWVEme2
bv9HL+PwDkKJ+9PdvyKdmOZ5wymUsNuGPrK1WQemb1FV3lXaYDB4h2N3PKrsIimt
E1uMHNwUjEfsdQ3R+JOCTX0LbY4rX931mkj6mCRrTa+F9+lN4Xs12RAn2iwHYVkP
8QcPuszjhLV4PtjoVC2O8VbR/v/QLVjy78YfNp+HjhE0jjp+UXbnF9EwC1DCfPjN
ULsMpntZr8nU76xNl2t/XKEl9tH9pgjmmQ42b63UCCo8sb9hghwzsiiBLrMYLRoZ
Oz1eBJGVKj8x94h+Bc5msRwaVpQjAgMBAAGjggGOMIIBijAOBgNVHQ8BAf8EBAMC
AoQwGwYDVR0lBBQwEgYJKwYBBAGCNxUkBgVngQUIAzAWBgNVHSAEDzANMAsGCSsG
AQQBgjcVHzASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTk01CDrezoQJu
enEjBhBS6FhYszAfBgNVHSMEGDAWgBR6jArOL0hiF+KU0a5VwVLscXSkVjBwBgNV
HR8EaTBnMGWgY6Bhhl9odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2Ny
bC9NaWNyb3NvZnQlMjBUUE0lMjBSb290JTIwQ2VydGlmaWNhdGUlMjBBdXRob3Jp
dHklMjAyMDE0LmNybDB9BggrBgEFBQcBAQRxMG8wbQYIKwYBBQUHMAKGYWh0dHA6
Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVFBN
JTIwUm9vdCUyMENlcnRpZmljYXRlJTIwQXV0aG9yaXR5JTIwMjAxNC5jcnQwDQYJ
KoZIhvcNAQELBQADggIBAEnrpgcQWYMyQx9xsAkQ0ZLofNzsF/kQ1fb055P4jV2e
oN6xoHPJEAvklxXRPr8mmV+yFMqWGKpVZJtseMvyle1H/EeV9RLem/Y44nT1r8S7
eQLUdcHemsmFEOirlf/WxtTFQSIbNxA2W/tfNI1x63eTTgH+w3vwC0+3i6ffY6zy
5fwwfpIBqm/YwxoJt7IgxV45IQGlM3k/BDUkw2pFF/RKADRdLegPkOSiPSBJnJML
Ret7rM+i5Oqg6sEjvUblfgM/sg/g62fLSiUlkl4re7M/2JaQx+D/eYQmPACrH+yo
/quSdGMr67r5sIfDoDMn/M1MFr2N8MQCdMHTT0Y/DiU1quDzh/tVjppjejsAYNcG
ysaJMnojwhGA14H53FXgGhgIyMYNaSBRCCLGId5PoTynafbD8gV+RRc2Tqa5/WuY
pQ4Ins1RcRI9ZV4JJMvogtPmLdEDZAWfQ5gaX7x9XI37Pkgoy3RZDo0IeOgT61Uj
ZRj3lcXXZBYlkD6tT3vGP4jsUfJa570pzIMOlkNsWHvSndj7IMFbUgNrx7Sb8wwX
TaLn43hII15pqGYjGwDLaBPUS7GtJkSck+RQ13n6ozH1mwIPoDF1SmQrdyUaF2C8
kJvTuaZ7+tPywXpDnyNCIZl66aC1vHL6RqViH6VUfi1qpN05ZJcXUS52+ytkycx5
-----END CERTIFICATE-----
Root certificate:
-----BEGIN CERTIFICATE-----
MIIF9TCCA92gAwIBAgIQXbYwTgy/J79JuMhpUB5dyzANBgkqhkiG9w0BAQsFADCB
jDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE2MDQGA1UEAxMt
TWljcm9zb2Z0IFRQTSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE0MB4X
DTE0MTIxMDIxMzExOVoXDTM5MTIxMDIxMzkyOFowgYwxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN
aWNyb3NvZnQgQ29ycG9yYXRpb24xNjA0BgNVBAMTLU1pY3Jvc29mdCBUUE0gUm9v
dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNDCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAJ+n+bnKt/JHIRC/oI/xgkgsYdPzP0gpvduDA2GbRtth+L4W
UyoZKGBw7uz5bjjP8Aql4YExyjR3EZQ4LqnZChMpoCofbeDR4MjCE1TGwWghGpS0
mM3GtWD9XiME4rE2K0VW3pdN0CLzkYbvZbs2wQTFfE62yNQiDjyHFWAZ4BQH4eWa
8wrDMUxIAneUCpU6zCwM+l6Qh4ohX063BHzXlTSTc1fDsiPaKuMMjWjK9vp5UHFP
a+dMAWr6OljQZPFIg3aZ4cUfzS9y+n77Hs1NXPBn6E4Db679z4DThIXyoKeZTv1a
aWOWl/exsDLGt2mTMTyykVV8uD1eRjYriFpmoRDwJKAEMOfaURarzp7hka9TOElG
yD2gOV4Fscr2MxAYCywLmOLzA4VDSYLuKAhPSp7yawET30AvY1HRfMwBxetSqWP2
+yZRNYJlHpor5QTuRDgzR+Zej+aWx6rWNYx43kLthozeVJ3QCsD5iEI/OZlmWn5W
Yf7O8LB/1A7scrYv44FD8ck3Z+hxXpkklAsjJMsHZa9mBqh+VR1AicX4uZG8m16x
65ZU2uUpBa3rn8CTNmw17ZHOiuSWJtS9+PrZVA8ljgf4QgA1g6NPOEiLG2fn8Gm+
r5Ak+9tqv72KDd2FPBJ7Xx4stYj/WjNPtEUhW4rcLK3ktLfcy6ea7Rocw5y5AgMB
AAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR6
jArOL0hiF+KU0a5VwVLscXSkVjAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0B
AQsFAAOCAgEAW4ioo1+J9VWC0UntSBXcXRm1ePTVamtsxVy/GpP4EmJd3Ub53JzN
BfYdgfUL51CppS3ZY6BoagB+DqoA2GbSL+7sFGHBl5ka6FNelrwsH6VVw4xV/8kl
IjmqOyfatPYsz0sUdZev+reeiGpKVoXrK6BDnUU27/mgPtem5YKWvHB/soofUrLK
zZV3WfGdx9zBr8V0xW6vO3CKaqkqU9y6EsQw34n7eJCbEVVQ8VdFd9iV1pmXwaBA
fBwkviPTKEP9Cm+zbFIOLr3V3CL9hJj+gkTUuXWlJJ6wVXEG5i4rIbLAV59UrW4L
onP+seqvWMJYUFxu/niF0R3fSGM+NU11DtBVkhRZt1u0kFhZqjDz1dWyfT/N7Hke
3WsDqUFsBi+8SEw90rWx2aUkLvKo83oU4Mx4na+2I3l9F2a2VNGk4K7l3a00g51m
iPiq0Da0jqw30PaLluTMTGY5+RnZVh50JD6nk+Ea3wRkU8aiYFnpIxfKBZ72whmY
Ya/egj9IKeqpR0vuLebbU0fJBf880K1jWD3Z5SFyJXo057Mv0OPw5mttytE585ZI
y5JsaRXlsOoWGRXE3kUT/MKR1UoAgR54c8Bsh+9Dq2wqIK9mRn15zvBDeyHG6+cz
urLopziOUeWokxZN1syrEdKlhFoPYavm6t+PzIcpdxZwHA+V3jLJPfI=
-----END CERTIFICATE-----
Above certificates were extracted from a test case in webauthn-rs.
Based on the conclusion from #232 I think this is something we aren't likely to implement.