1 2This directory contains X509 certificate tests generated by the 3Netflix "bettertls" suite from https://github.com/Netflix/bettertls 4cloned at commit 8950fdf2a46eaa357aa8d338c871f2cbc00e86e5 in July 2020. 5 6The certificates are in "certificates", generated by running the 7generator with gradle as per the directions. They are named 8corresponding to the number of the test, currently from 1 to 3645. 9 10In the directory "scripts" are the "expects.json" which contains the 11expected results for each certificate, generated as per the 12instructions with bettertls. This includes a description of what the 13issues are with each certificate. The "expects.json" output was then 14converted to the simple output format used by us here using the 15"convert.perl" script in that directory. 16 17"validate.c" runs X509_verify against each certificate, trying with 18both a required name of "localhost.local" for the "DNS" test and 19the ip of 127.0.0.1 for the "IP" test, so each cert is tested 20twice (once expecting the DNS name to validate, and once for the IP). 21 22The output from validate.c is checked by check.perl against "known" 23and "expected" 24 25-An expected value of OK means the cert is valid. 26-An expected value of ERROR means the cert is invalid. 27-An expected value of WEAK-OK means the cert could be considered valid 28 but may be rejected. 29 30As anything is fixed in libressl, the known file should be updated 31to indicate your improved result, and prevent future regressions. 32