When Spark connects to an XMPP server, it typically starts to validate the certificate chain that is offered by the server.
When the server offers a chain where the end-entity (leaf) certificate does not contain the Basic Constraints extension, Spark throws an exception:
Spark, in this case, should not throw an exception. Basic Constraints should be present on all but the end-entity certificate. When validating a certificate chain, Spark should make sure that the pathLen attribute of the Basic Constraint extension is valid and the cA field is set to TRUE for each non-leaf certificate.