Spark should not reject end-entity certificates without basic constraints
Description
When Spark connects to an XMPP server, it typically starts to validate the certificate chain that is offered by the server.
When the server offers a chain where the end-entity (leaf) certificate does not contain the Basic Constraints extension, Spark throws an exception:
Spark, in this case, should not throw an exception. Basic Constraints should be present on all but the end-entity certificate. When validating a certificate chain, Spark should make sure that the pathLen attribute of the Basic Constraint extension is valid and the cA field is set to TRUE for each non-leaf certificate.
When Spark connects to an XMPP server, it typically starts to validate the certificate chain that is offered by the server.
When the server offers a chain where the end-entity (leaf) certificate does not contain the Basic Constraints extension, Spark throws an exception:
Spark, in this case, should not throw an exception. Basic Constraints should be present on all but the end-entity certificate. When validating a certificate chain, Spark should make sure that the pathLen attribute of the Basic Constraint extension is valid and the cA field is set to TRUE for each non-leaf certificate.