OSX/shared_regressions/si-18-certificate-parse/TODOFailureCerts/TODODescriptions.txt

   1 parse_fail_too_big.cer succeeds because we ignore extra data after the cert.
   2
   3 parse_fail_basic_constraints_notCA_pathlen.cer
   4 We don’t enforce (from RFC 5280):
   5    CAs MUST NOT include the pathLenConstraint field unless the cA
   6    boolean is asserted and the key usage extension asserts the
   7    keyCertSign bit.
   8
   9 parse_fail_ec_not_on_curve.cer
  10 We don’t check that the point is on the curve until we use the key (e.g. for verifying a signature).
  11
  12 spki_fail_tag_4.cer
  13 SecECPublicKeyInit doesn’t read the parameters of the algorithm ID.