Shouldn't opessl asn.1 parser be more strict to DER?

[BbqGamer]

Openssl asn.1 parser accepts x509 certificates that are not compliant with DER specification. In particular ITU-T X.680 section 11.5, which says that defaults should not be encoded.

This caused confusion as I couldn't understand why other tools I was using couldn't parse the certificate (in particular python cryptography) but openssl could.
The certificate had encoded basicConstraints: CA = False as 30 03 01 01 00 when it should be just 30 00.

I think that openssl should support more strict parsing (if not by default then with some flags)
Is it worth creating an issue for this?

[t8m]

We already have #21620