~apreiml/x509test

remove CLA request
change xf to ok for soon-generalized-time

As the spec says, CAs conforming MUST always encode certifcates this
way. Currently root certs in the moziall trust store do not follow this
rule. Hence the libs SHOULD be graceful handling generalized times
before 2050.
change xf to ok for subject-t61

Though the chapter on subject dn doesn't say anything about T61, the
ASN.1 schema still includes it. Hence it SHOULD not be T61 when creating
certs. But also libs SHOULD handle it gracefully.
add hare-tls zert tool
fix certtool option
rework display: show result as list or html table
add display List command

shows a list of passed tests for given tool
migrate script to python3
mention original project in README
eff6c150 — David Drysdale 2 years ago
scripts: specify python 2.7
b7068328 — David Drysdale 2 years ago
Move from Travis to GitHub Action
d50777bb — David Drysdale 3 years ago
README: fix link typo
00dd6892 — David Drysdale 4 years ago
Use UTF-16BE in BMPString example (#6)

X.690-0207 has:

8.21.8 For the BMPString type, the octet string shall contain the octets specified in ISO/IEC 10646-1, using the 2-octet BMP form (see 13.1 of ISO/IEC 10646-1). Signatures shall not be used.
af069fef — David Drysdale 5 years ago
Use @ as invalid DNS character

A '*' label is OK for a DNS name, to indicate a wildcard cert
(as described in RFC6125 s6.4.3), and leading digits are OK
(from RFC1123 s2.1), so "*.123google.com" is not an invalid
DNS name.

So use '@' instead, which is also outside of the rules of
RFC1034 s3.5.

Fixes #3
d87b1475 — David Drysdale 5 years ago
Test EKU with an empty OID value
b5602d95 — David Drysdale 5 years ago
Test SAN with non-IA5 domain
394cbefd — David Drysdale 5 years ago
Test RSA pubkey with non-minimally encoded INTEGER
bf68226d — David Drysdale 5 years ago
Add ECDSA secp192r1 public key example

192 bits of ECDSA is considered too short, see
https://www.keylength.com/en/4/
e5b40dc3 — David Drysdale 5 years ago
Spot non-fatal errors from certcheck
9ca346ef — David Drysdale 5 years ago
Add test of ExtendedKeyUsage with no usages
Next