[Cryptography] GnuTLS -- time to look at the diff.

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Mar 7 03:04:52 EST 2014

Phillip Hallam-Baker <hallam at gmail.com> writes:

>People can write comprehensive test suites for certificate checking... but so
>far none has been mentioned so I don't think they did.

There's the NIST test suite, but (a) it's about a decade old, (b) there are
errors in it, and (c) it tests, among other things, a bunch of crazy stuff
that not only no-one cares about but that no sane implementation should
actually do.  It is a reasnably thorough test of your cert-handling code

(I can't imagine the amount of therapy the poor person who created all the
certs had to go through afterwards to recover).


More information about the cryptography mailing list