Additional testcases

[woodruffw]

#1 is old and not super well organized, so I'm copying things that haven't yet been done into this new issue.

RFC 5280

• implementations should reject EC keys not in namedCurve format (see Add an explicit curve test #173)
• implementations should reject v1 certificates that contain v3 extensions
• implementations should reject DNS Name Constraints of the form .foo (leading period is valid in URI constraints and others, but not in DNS constraints) (PyCA harness, fix SAN #207)
• implementations should reject OtherName OIDs that they don't know (limbo: add othername NC testcase #228)
• implementations should check the time type:
  • 1950 <= validity < 2050 should be UTCTime
  • validity < 1950 || validity >= 2050 should be GeneralizedTime

CABF

• 7.1.4.3: If present, Subject.commonName MUST contain exactly one entry that is one of the values contained in the subjectAltName extension, and MUST be encoded as follows
  • For IPv4 addresses, must be an IPv4Address per RFC 3986 S. 3.2.2
  • For IPv6 addresses, must be be encoded in the text representation specified in RFC 5952 S. 4.
  • For FQDNs or wildcard domain names, must be a char-for-char copy of the dNSName entry from subjectAltName; P-labels must not be converted to their Unicode representation.
• 7.1.2.7.6 and 7.1.2.7.10: extKeyUsage is required in subscriber certificates, and MUST contain id-kp-serverAuth (MAY contain id-kp-clientAuth), and MUST NOT contain any other id-kp-*, anyExtendedKeyUsage, or the Precertificate Signing Certificate OID (1.3.6.1.4.1.11129.2.4.4)
• 7.1.2.10.6: CA EKUs are similar to subscriber cert EKUs

Regressions

• CVE-2024-0567 from gnutls (https://gitlab.com/gnutls/gnutls/-/issues/1521)

General

• Implementations should (generally) not be permissive around times close to expiries (e.g. a cert that expired 5 seconds before validation should generally not be accepted)

Client verification

• Implementations should treat the *@example.com email NC as a literal email address with an inbox of *, not as a wildcard pattern for example.com.

CRLs

• xfail: CRL has wrong version (not 2, i.e. literal 1)
• xfail: thisUpdate and nextUpdate must use the same date encoding rules as the rest of RFC 5280
• xfail: revokedCertificates must not be present if empty (i.e. must not be an empty SEQUENCE OF)
• xfail: Basic true positive timely revocation check
• pass: CRL contains revocation but not active yet (revocation date in the future)
• xfail: CRL root is missing cRLSign: TRUE
• pass: CRL revokes a similar-but-differ cert (same except for serial number, which is all that matters)
• xfail: CRL has the wrong issuer (signed by root but issuer name does not match)

Other test suites

• NIST PKITS (RFC 3280)
• Chrome's test suite: https://github.com/chromium/chromium/tree/main/net/data/ssl/certificates
• PITTv3: https://github.com/carl-wallace/rust-pki/tree/main/pittv3

[alex]

We need a test case for DoS in name constraint handling: openssl/openssl#4393

[woodruffw]

We need a test case for DoS in name constraint handling: openssl/openssl#4393

Opened #204 for these. Will investigate why OpenSSL appears to pass its own DoS test.

[woodruffw]

Some more cases that someone dropped on the GnuTLS issue tracker:

• https://gitlab.com/gnutls/gnutls/-/issues/1673
• https://gitlab.com/gnutls/gnutls/-/issues/1672
• https://gitlab.com/gnutls/gnutls/-/issues/1671
• https://gitlab.com/gnutls/gnutls/-/issues/1669
• https://gitlab.com/gnutls/gnutls/-/issues/1688
• https://gitlab.com/gnutls/gnutls/-/issues/1676
• https://gitlab.com/gnutls/gnutls/-/issues/1675
• https://gitlab.com/gnutls/gnutls/-/issues/1674

(Some of these might already be present.)