mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux-packaging-mono/mcs/class/System/Test/System.Security.Cryptography.X509Certificates/pkits/README
Jo Shields a575963da9 Imported Upstream version 3.6.0 
Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14
2014-08-13 10:39:27 +01:00

58 lines
2.1 KiB
Plaintext
Raw Blame History

In September 2002 NIST (National Institute of Standards and Technology)
released the "Public Key Interoperability Test Suite" (PKITS). The document
contains (a lot of) tests that ensure compliance with RFC3280.
In order to use Mono PKITS unit tests you need to have all the test cases
data downloaded, uncompressed and installed correctly. You can do all this
with a simple
% make
You can turn off the PKITS test by doing a
% make off
And turn them back on (without redownloading everything) with a
% make on
You can remove everything, except the downloaded ZIP files, by doing a
% make clean
And "really" remove everything with a
% make clean-all
Notes
* In order to work properly a number of Root(Trusted) and CA certificates
and CRL must be installed in the user store. You should be aware that they
exists when PKITS is install. It's even possible (but would be a bug) that
some remains after uninstallation. Please use certmgr to ensure your user
certificate store is "clean".
* The x509build.exe tool can be used to diagnose problems. Unlike the unit
tests, which stop at the first bad assertion, the tool will display all
available information on the whole certificate chain.
* The Makefile is to be used with Mono only (any platform). If you want to
run the tests on MS runtime then keep in mind that:
* it use it's own certificate stores. You'll need to register the
root and CA certificates and CRL with it;
* the MS X509Chain implementation is a wrapper around CryptoAPI.
The results you'll see will depends on your operating system (newer
versions of Windows are more RFC3280 compliant than earlier ones).
* The last (sub-)point is important because it means we can't compare Mono
results with the MS framework (as they depends on the operating system).
The goal of adding this test suite is to check for regressions against
RFC3280 (which is more useful for interop with other implementation and,
eventually, will match MS results on some new operating system).
* Most of the tests will start failing in April 2011 as the certificates
validity period will be over.
Reference in New Issue View Git Blame Copy Permalink