Usable X.509 errors: OpenSSL
Validating X.509 certificates correctly turns out to be pretty complicated (e.g. Georgiev2012, Ukrop2019). Yet certificate validation is absolutely crucial for secure communication on the Internet (think TLS).
Our goal is to simplify the ecosystem by consolidating the errors and their documentation (similarly to web documentation) and by explaining better what the validation errors mean.
For every error, we aim to provide our redesigned documentation ( ), an example certificate ( ), original documentation provided by the library ( , unused or deprecated errors denoted by ), and links to corresponding errors from other libraries ( ). In the future, we plan on adding error frequencies based on IP-wide scans and elaborating on the consequences of individual errors.
We extend the existing research on security, TLS and documentation design. Details are described in the frequently asked questions on a separate page.FAQ with details
About the project
The project is developed at the Centre for Research on Cryptography and Security (CRoCS) at Masaryk University, Brno, Czech Republic by Martin Ukrop, Pavol Žáčik, Eric Valčík with the help of Michaela Balážová and Matěj Grabovský. For more details, see the ReadMe file in the project repository on GitHub.