add test vector with invalid basicconstraints (#3866)

* add test vector with invalid basicconstraints

* sigh

3 files changed, 38 insertions, 0 deletions

diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index ec6a1d0c..7918b152 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -163,6 +163,9 @@ X.509
 * ``bigoid.pem`` - A certificate with a rather long OID in the
   Certificate Policies extension.  We need to make sure we can parse
   long OIDs.
+* ``wosign-bc-invalid.pem`` - A certificate issued by WoSign that contains
+  a basic constraints extension with CA set to false and a path length of zero
+  in violation of :rfc:`5280`.
 
 Custom X.509 Vectors
 ~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index f72e0b0c..5eb896e3 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -97,4 +97,5 @@ verifier
 Verifier
 Verisign
 wildcard
+WoSign
 Xcode
diff --git a/vectors/cryptography_vectors/x509/wosign-bc-invalid.pem b/vectors/cryptography_vectors/x509/wosign-bc-invalid.pem
new file mode 100644
index 00000000..9c172591
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/wosign-bc-invalid.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3jCCBMagAwIBAgIHHZ1Yp4r/AjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQG
+EwJDTjEqMCgGA1UEChMhV29TaWduIGVDb21tZXJjZSBTZXJ2aWNlcyBMaW1pdGVk
+MScwJQYDVQQDEx5Xb1NpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgQ0EwHhcNMTMw
+NDA5MDYzOTE5WhcNMTYwNDExMTYwMTA4WjCBtzELMAkGA1UEBhMCQ04xEjAQBgNV
+BAgMCeW5v+S4nOecgTESMBAGA1UEBwwJ5bm/5bee5biCMS0wKwYDVQQKDCTlub/l
+t57mtbfnhLbmlbDnoIHnp5HmioDmnInpmZDlhazlj7gxLTArBgNVBAMMJOW5v+W3
+nua1t+eEtuaVsOeggeenkeaKgOaciemZkOWFrOWPuDEiMCAGCSqGSIb3DQEJARYT
+amFuZ29nb2NoYW5AbXNuLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAKHXZgyC1zV647ezNhAVENKEmE5e+r2TDZ+f49ki0KHmL3d1oBJeSkHXt6f+
+wXh45IuErTxkVGqt4chy+ayM00P7I6VqxF3YcsGrV2X5dQz4Z/vxQGzSnM8EhkNU
+t0IDEo9eO9bZ9vdMYlN26VSJpsll7a0MQUYTG9+k3G0FbhrA6kVK4SHOpZaoPfjD
+aznekJPS2WTOnk0OkvU8LlfEcPCCYW9iyX7yymAGntcFN6siznhguuOYyLXiOiSZ
+TE2rVmUcBBgh5peaCedOt7UrprkvDF0V4JFy7pdo6tPZ1L8xM5h0rWdWcMmxsg0C
+3YWuK7jLDm6Xufz7LfUC9blX1E8CAwEAAaOCAkEwggI9MA8GA1UdEwEB/wQFMAMC
+AQAwDgYDVR0PAQH/BAQDAgeAMB8GA1UdJQQYMBYGCCsGAQUFBwMDBgorBgEEAYI3
+AgEWMB0GA1UdDgQWBBQ7j0GVMxtKMuG9gcJJ3HNg31BnZDAfBgNVHSMEGDAWgBT1
+AqpL0+AajndQ1hq769+5g3CwTjCB6AYDVR0gBIHgMIHdMIHaBg0rBgEEAYKbUQED
+AwECMIHIMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3Lndvc2lnbi5jb20vcG9saWN5
+LzCBmgYIKwYBBQUHAgIwgY0wKBYhV29TaWduIGVDb21tZXJjZSBTZXJ2aWNlcyBM
+aW1pdGVkMAMCAQEaYUxpbWl0ZWQgTGlhYmlsaXR5LCBzZWUgdGhlIFdvU2lnbiBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXQgaHR0cDovL3d3dy53b3Np
+Z24uY29tL3BvbGljeS8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybHMud29z
+aWduLmNvbS9jb2RlLTMuY3JsMHcGCCsGAQUFBwEBBGswaTAxBggrBgEFBQcwAYYl
+aHR0cDovL29jc3Aud29zaWduLmNvbS9jbGFzczMvY29kZS9jYTA0BggrBgEFBQcw
+AoYoaHR0cDovL2FpYS53b3NpZ24uY29tL2NsYXNzMy5jb2RlLmNhLmNlcjAhBgNV
+HRIEGjAYhhZodHRwOi8vd3d3Lndvc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUAA4IB
+AQC2PSLgcv8nhlkhuRwLxfH5GptSq3FrThkB6NGoFbXMKCH/WTMnp2lbrTG+Y0yH
+sLgQkr6XVJyCdj4/ELAImFLX1oP5DqS0w7woIDLsP4AwrdXB9OQ/uUNkz14xAhQm
+MH4EzbmAMgx68hmXckGuN/VWEBFYv5dhbvRT+RJiEeIx/FuXZ0qnIks8Mz88+Chx
+/uU+tkuc8ikpy4UmTMD5q2eUtPv+TerKbSFyvjd92HCfI7MxpiPeGEjiUlKywifv
+lku3xjMj1siCbiD8Ebq2fX4YP0a7rtCzWwPQcvn41HUBI1DxOFn9v1v0WjolkmYG
+zGHGrEVvh6XDtJaP7bya8cFY
+-----END CERTIFICATE-----