mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux-packaging-mono/mcs/class/System/Test/System.Security.Cryptography.X509Certificates/pkits
History
Xamarin Public Jenkins (auto-signing) e79aa3c0ed Imported Upstream version 4.6.0.125 
Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4
2016-08-03 10:59:49 +00:00
..
Makefile
Imported Upstream version 3.6.0
2014-08-13 10:39:27 +01:00
README
Imported Upstream version 3.6.0
2014-08-13 10:39:27 +01:00
x509build.cs
Imported Upstream version 3.6.0
2014-08-13 10:39:27 +01:00

README 

In September 2002 NIST (National Institute of Standards and Technology) 
released the "Public Key Interoperability Test Suite" (PKITS). The document
contains (a lot of) tests that ensure compliance with RFC3280.

In order to use Mono PKITS unit tests you need to have all the test cases
data downloaded, uncompressed and installed correctly. You can do all this
with a simple

	% make

You can turn off the PKITS test by doing a

	% make off

And turn them back on (without redownloading everything) with a

	% make on

You can remove everything, except the downloaded ZIP files, by doing a

	% make clean

And "really" remove everything with a

	% make clean-all


Notes

* In order to work properly a number of Root(Trusted) and CA certificates
and CRL must be installed in the user store. You should be aware that they
exists when PKITS is install. It's even possible (but would be a bug) that
some remains after uninstallation. Please use certmgr to ensure your user
certificate store is "clean".

* The x509build.exe tool can be used to diagnose problems. Unlike the unit
tests, which stop at the first bad assertion, the tool will display all
available information on the whole certificate chain.

* The Makefile is to be used with Mono only (any platform). If you want to
run the tests on MS runtime then keep in mind that:

	* it use it's own certificate stores. You'll need to register the
	root and CA certificates and CRL with it;

	* the MS X509Chain implementation is a wrapper around CryptoAPI.
	The results you'll see will depends on your operating system (newer
	versions of Windows are more RFC3280 compliant than earlier ones).

* The last (sub-)point is important because it means we can't compare Mono
results with the MS framework (as they depends on the operating system).
The goal of adding this test suite is to check for regressions against 
RFC3280 (which is more useful for interop with other implementation and,
eventually, will match MS results on some new operating system).

* Most of the tests will start failing in April 2011 as the certificates
validity period will be over.