Skip to content

crocs-muni/usable-cert-validation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

436 Commits

.bundle

.bundle

 
 

.github/workflows

.github/workflows

 
 

.well-known

.well-known

 
 

_data

_data

 
 

_guides

_guides

 
 

_includes

_includes

 
 

_layouts

_layouts

 
 

_pages

_pages

 
 

_plugins

_plugins

 
 

assets

assets

 
 

revocation

revocation

 
 

utils

utils

 
 

validation

validation

 
 

.firebaserc

.firebaserc

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

CONTRIBUTORS.md

CONTRIBUTORS.md

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

LICENSE.md

LICENSE.md

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

_config.yml

_config.yml

 
 

firebase.json

firebase.json

 
 

requirements.txt

requirements.txt

 
 

robots.txt

robots.txt

 
 

Repository files navigation

Usable certificate validation

Build Status

A research initiative to make TLS certificate validation usable.

What problems do we want to solve?

The system of working with (validating) TLS certificates:

  • It is complicated, even a bit chaotic.
  • There are multiple different tools to do the same thing.
  • The tools are not unified (they work and behave differently).
  • Yet certificate validation is important and frequent (e.g. TLS on the Internet).

So in short, what do we want to do?

Our goal is to simplify the ecosystem by consolidating the errors and their documentation and by explaining better what the validation errors mean. A similar (although much larger) effort was done by Mozilla for browser documentation in 2017.

In the ideal case, we aim for a unified, accessible, widely-used and academically interesting taxonomy of certificate validation errors and accompanying usable documentation. For every error, we aim to provide an example certificate, documentation from OpenSSL and other TLS libraries.

In the future, we plan the possibility of reorganization based on the other libraries (currently, the web is organized by OpenSSL), adding the error frequencies based on IP-wide scans and elaborating on the consequences of individual errors.

Local build

To build TLS clients, the development versions of the following libraries are required:

On Ubuntu 20.04 LTS or Fedora 33 you can install them using the appropriate of the following commands:

# Ubuntu 20.04
apt install libssl-dev libgnutls28-dev botan libbotan-2-dev libmbedtls-dev openjdk-16-jdk libcurl4-openssl-dev
# Fedora 33
dnf install openssl-devel gnutls-devel botan2-devel mbedtls-devel java-latest-openjdk-devel libcurl-devel

The necessary Python packages are locally installed by running make install. Building the certificate chains requires the following Python packages: setuptools, asn1tools and pycryptodomex. Running certificate validation further requires shyaml, yq, jq and pyYAML for parsing and manipulating YAML files.

The website is build using Jekyll. To develop locally, install Jekyll (e.g. according to this guide. Then run make local and see the website served at localhost:4000.

Authors

The project is developed at the Centre for Research on Cryptography and Security of Masaryk University in Brno, Czech Republic. The main contributors are listed in CONTRIBUTORS.md.

About

Research initiative to make TLS certificate validation usable.

x509errors.org

Topics

documentation x509 hacktoberfest certificate-validation tls-certificates

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

19 stars

Watchers

3 watching

Forks

3 forks
Report repository

Contributors 8

Languages