Falko Strenzke
April 17, 2018

The certification path validation, or short, the certificate validation, is the process of verifying that an X.509 certificate is valid and thus the public key contained in it may be trusted and used for cryptographic purposes. This operation is for instance embedded into the TLS handshake, but also into many more applications and protocols.

This rather complex operation is specified in the RFC 5280 and is highly error prone as countless vulnerability reports have demonstrated in the past (see for instance the "Frankencerts" project).

For this reason the German Federal Office for Information Security (BSI) contracted out a project to MTG AG and cryptosource, the subject of which was the assurance of the correctness of implementations of the certificate validation in cryptographic libraries and applications. The results of this project are now available on the BSI website.

As the main task of the project, we created a test specification and a new test tool that verifies this operation. The test specification consists of a set of positive and negative test cases, systematically covering all aspects of RFC 5280 and other application specific RFCs. The test specification, which is in the form of XML files, defines for each test case a set of certificates and revocation lists as well as the information whether the certificate validation using this test data should pass or not. The CPT basis tool parses the XML test case specifications and generates the test data. Furthermore, different tools for testing applications, especially TLS, and cryptography libraries have been created. These tools execute tests based on the test data generated by the CPT basis tool for different types of test subjects.

As the final part of the project, the tests were applied to ten different cryptography libraries and applications. The results are summarized in this report.