Dear Thomas, The consortium that I am currently in have some test suites for policy mapping, or more specifically cross certification situation. But I am not sure how much our test suites are suitable for your needs.
Now we evaluate the test suites using several implementations. There will be published around March 2003. For more information, please contact me directly. -Kiyoshi Kiyoshi Watanabe > Hello, > > I send that message to the openssl-dev list because the same problem > is likely to have occurred or to occur in a near future to openssl > developpers. > > I am currently developping an implementation of the certification path > validation algorithm described in section 6.1 of RFC 3280. I need > some test certificates to check the correctness of my implementation. > > I have already come accross the test suite from the NIST: > http://csrc.nist.gov/pki/testing/x509paths.html > > These certificates are great, and my software now handles them as > specified (rejecting what needs to be rejected, accepting what needs to > be accepted), but they do not test all the features I wish to support. > Namely, the following are of chief interest to me and I have come > accross no publicly available certificate that use them: > -- policy qualifiers (CPS URI and user notices) > -- policy mappings > -- name constraints > -- subjectAltName extension > -- DSS signing while using the DSS parameters from another certificate > > So my questions are: > > 1. Is there any test suite available somewhere, which covers my needs ? > > 2. I heard the NIST is preparing an advanced test suite which might be > of some help; is there any info about when this test suite will be ready ? > > 3. If there is no reference test suite available, should it be assumed > that there exists no tested, and, therefore with high probability no > correct, implementation of the certification path validation algorithm > which handles the policy mappings and name constraints ? > > > Thanks for any information, > > > --Thomas Pornin > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
