Hello, I send that message to the openssl-dev list because the same problem is likely to have occurred or to occur in a near future to openssl developpers.
I am currently developping an implementation of the certification path validation algorithm described in section 6.1 of RFC 3280. I need some test certificates to check the correctness of my implementation. I have already come accross the test suite from the NIST: http://csrc.nist.gov/pki/testing/x509paths.html These certificates are great, and my software now handles them as specified (rejecting what needs to be rejected, accepting what needs to be accepted), but they do not test all the features I wish to support. Namely, the following are of chief interest to me and I have come accross no publicly available certificate that use them: -- policy qualifiers (CPS URI and user notices) -- policy mappings -- name constraints -- subjectAltName extension -- DSS signing while using the DSS parameters from another certificate So my questions are: 1. Is there any test suite available somewhere, which covers my needs ? 2. I heard the NIST is preparing an advanced test suite which might be of some help; is there any info about when this test suite will be ready ? 3. If there is no reference test suite available, should it be assumed that there exists no tested, and, therefore with high probability no correct, implementation of the certification path validation algorithm which handles the policy mappings and name constraints ? Thanks for any information, --Thomas Pornin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
