[Cryptography] GnuTLS -- time to look at the diff.

[Peter Gutmann]

Phillip Hallam-Baker <hallam at gmail.com> writes:

>People can write comprehensive test suites for certificate checking... but so
>far none has been mentioned so I don't think they did.

There's the NIST test suite, but (a) it's about a decade old, (b) there are
errors in it, and (c) it tests, among other things, a bunch of crazy stuff
that not only no-one cares about but that no sane implementation should
actually do.  It is a reasnably thorough test of your cert-handling code
though.

(I can't imagine the amount of therapy the poor person who created all the
certs had to go through afterwards to recover).

Peter.