webpki icon indicating copy to clipboard operation
webpki copied to clipboard
verified publisher icon rustls

Integrate C2SP x509-limbo test suite

Open cpu opened this issue 2 years ago • 1 comments

The folks at Trail of Bits have been working on a Rust based certificate path building and validation backend for use in PyCa Cryptography. As part of that work they've built x509-limbo, "A suite of testvectors for X.509 certificate path validation".

There's a harness in that repo for testing against briansmith/webpki, and I inquired about adding a harness for this repo. In that issue there was a suggestion that x509-limbo is designed to be integrated into other repository test suites. We should consider doing that in this repo that like we did with the BetterTLS suite.

cpu avatar Nov 15 '23 20:11 cpu

JFYI: I've gone ahead and made an in-tree harness here: https://github.com/trailofbits/x509-limbo/pull/105 🙂

(I still highly recommend that rustls integrate it directly into its own test-suite, however: our in-tree harnesses don't filter implementations by intended compatibility/feature support, so the results here can be overly pessimistic/misleading depending on which niches of CABF and 5280 you're trying to support.)

woodruffw avatar Nov 27 '23 13:11 woodruffw