linux-packaging-mono/mcs/class/System/Test/System.Security.Cryptography.X509Certificates/pkits/README

In September 2002 NIST (National Institute of Standards and Technology) 
released the "Public Key Interoperability Test Suite" (PKITS). The document
contains (a lot of) tests that ensure compliance with RFC3280.

In order to use Mono PKITS unit tests you need to have all the test cases
data downloaded, uncompressed and installed correctly. You can do all this
with a simple

	% make

You can turn off the PKITS test by doing a

	% make off

And turn them back on (without redownloading everything) with a

	% make on

You can remove everything, except the downloaded ZIP files, by doing a

	% make clean

And "really" remove everything with a

	% make clean-all


Notes

* In order to work properly a number of Root(Trusted) and CA certificates
and CRL must be installed in the user store. You should be aware that they
exists when PKITS is install. It's even possible (but would be a bug) that
some remains after uninstallation. Please use certmgr to ensure your user
certificate store is "clean".

* The x509build.exe tool can be used to diagnose problems. Unlike the unit
tests, which stop at the first bad assertion, the tool will display all
available information on the whole certificate chain.

* The Makefile is to be used with Mono only (any platform). If you want to
run the tests on MS runtime then keep in mind that:

	* it use it's own certificate stores. You'll need to register the
	root and CA certificates and CRL with it;

	* the MS X509Chain implementation is a wrapper around CryptoAPI.
	The results you'll see will depends on your operating system (newer
	versions of Windows are more RFC3280 compliant than earlier ones).

* The last (sub-)point is important because it means we can't compare Mono
results with the MS framework (as they depends on the operating system).
The goal of adding this test suite is to check for regressions against 
RFC3280 (which is more useful for interop with other implementation and,
eventually, will match MS results on some new operating system).

* Most of the tests will start failing in April 2011 as the certificates
validity period will be over.
Imported Upstream version 3.6.0 Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14 2014-08-13 10:39:27 +01:00			`In September 2002 NIST (National Institute of Standards and Technology)`
			`released the "Public Key Interoperability Test Suite" (PKITS). The document`
			`contains (a lot of) tests that ensure compliance with RFC3280.`

			`In order to use Mono PKITS unit tests you need to have all the test cases`
			`data downloaded, uncompressed and installed correctly. You can do all this`
			`with a simple`

			`% make`

			`You can turn off the PKITS test by doing a`

			`% make off`

			`And turn them back on (without redownloading everything) with a`

			`% make on`

			`You can remove everything, except the downloaded ZIP files, by doing a`

			`% make clean`

			`And "really" remove everything with a`

			`% make clean-all`


			`Notes`

			`* In order to work properly a number of Root(Trusted) and CA certificates`
			`and CRL must be installed in the user store. You should be aware that they`
			`exists when PKITS is install. It's even possible (but would be a bug) that`
			`some remains after uninstallation. Please use certmgr to ensure your user`
			`certificate store is "clean".`

			`* The x509build.exe tool can be used to diagnose problems. Unlike the unit`
			`tests, which stop at the first bad assertion, the tool will display all`
			`available information on the whole certificate chain.`

			`* The Makefile is to be used with Mono only (any platform). If you want to`
			`run the tests on MS runtime then keep in mind that:`

			`* it use it's own certificate stores. You'll need to register the`
			`root and CA certificates and CRL with it;`

			`* the MS X509Chain implementation is a wrapper around CryptoAPI.`
			`The results you'll see will depends on your operating system (newer`
			`versions of Windows are more RFC3280 compliant than earlier ones).`

			`* The last (sub-)point is important because it means we can't compare Mono`
			`results with the MS framework (as they depends on the operating system).`
			`The goal of adding this test suite is to check for regressions against`
			`RFC3280 (which is more useful for interop with other implementation and,`
			`eventually, will match MS results on some new operating system).`

			`* Most of the tests will start failing in April 2011 as the certificates`
			`validity period will be over.`