Recently the JSSE certificate validation has started to fail for certificate chains advertised by well known sites, namely https://mail.yahoo.com and https://foursquare.com.
Here is the exception stack trace:
sun.security.validator.ValidatorException: Violated path length constraints
I've inspected the certificate chains, and in all cases, the basic constraint has a valid value.
Is there a known bug in JSSE that does not handle basic constraint properly?
I've reviewed the online version of source code for SimpleValidator however that version seems to be not consistent with latest JRE 6 update (30).
The validation error can be consistently reproduced with the following code snippet:
X509Certificate chain = ... ; // server certificate chain
String authType = ...; // the authentication type used by certificate chain
// The attached example uses "RSA"