Usable X.509 errors: Botan
Our goal is to simplify the ecosystem by consolidating the errors and their documentation (similarly to web documentation) and better explaining what the validation errors mean.
Correctly validating X.509 certificates turns out to be pretty complicated (e.g., Georgiev2012, Ukrop2019). Yet certificate validation is crucial for secure communication on the Internet (think TLS).
For every error, we aim to provide our redesigned documentation ( ), an example certificate ( ), original documentation provided by the library ( , unused or deprecated errors denoted by ). Furthermore, we provide links to corresponding errors from other libraries ( ). In the future, we plan on adding error frequencies based on IP-wide scans and elaborating on the consequences of individual errors.
Time validity errors
Errors occuring when a certificate is outside its validity period or when it is revoked by its CA.
Relevant links: Certificate Validity (RFC 5280), Certificate Revocation (RFC 5280)
(No detailed documentation provided by the library.)
Original error message:
Certificate is not yet valid (source)
Example certificates
Below you can download one or more example malformed certificates causing CERT_NOT_YET_VALID in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case NOT_YET_VALID (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing CERT_NOT_YET_VALID in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_ERR_CERT_NOT_YET_VALID
- GnuTLS: GNUTLS_CERT_NOT_ACTIVATED
- Mbed TLS: MBEDTLS_X509_BADCERT_FUTURE
- OpenJDK: PKIX_PATH_VALIDATION_FAILED, VALIDITY_CHECK_FAILED
(No detailed documentation provided by the library.)
Original error message:
Certificate has expired (source)
Example certificates
Below you can download one or more example malformed certificates causing CERT_HAS_EXPIRED in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case EXPIRED (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing CERT_HAS_EXPIRED in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_ERR_CERT_HAS_EXPIRED
- GnuTLS: GNUTLS_CERT_EXPIRED
- Mbed TLS: MBEDTLS_X509_BADCERT_EXPIRED
- OpenJDK: PKIX_PATH_VALIDATION_FAILED, VALIDITY_CHECK_FAILED
(No detailed documentation provided by the library.)
Original error message:
CRL response is not yet valid (source)
(No detailed documentation provided by the library.)
Original error message:
CRL has expired (source)
(No detailed documentation provided by the library.)
Original error message:
OCSP is not yet valid (source)
(No detailed documentation provided by the library.)
Original error message:
OCSP response has expired (source)
(No detailed documentation provided by the library.)
Original error message:
OCSP response is too old (source)
(No detailed documentation provided by the library.)
Original error message:
Certificate is revoked (source)
Trust or chain related errors
These errors occur when the trust chain to the root certificate is not built correctly or fails.
Relevant links: Certificate Paths (RFC 5280), Certificate Revocation Lists (RFC 5280), OCSP (RFC 2560)
(No detailed documentation provided by the library.)
Original error message:
Cannot establish trust (source)
Example certificates
Below you can download one or more example malformed certificates causing CANNOT_ESTABLISH_TRUST in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case SELF_SIGNED_END_ENTITY (see the generation script)
- Case SELF_SIGNED_INTERMEDIATE (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing CANNOT_ESTABLISH_TRUST in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
(No detailed documentation provided by the library.)
Original error message:
Certificate chain does not end in a CA certificate (source)
(No detailed documentation provided by the library.)
Original error message:
Certificate public key invalid, no HTTP support compiled in (source)
(No detailed documentation provided by the library.)
Original error message:
Certificate issuer not found (source)
Example certificates
Below you can download one or more example malformed certificates causing CERT_ISSUER_NOT_FOUND in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case CHAIN_LOOP (see the generation script)
- Case ISSUER_NO_MATCH_SUBJECT (see the generation script)
- Case TRUSTED_ONLY_INTERMEDIATE (see the generation script)
- Case UNKNOWN_ROOT_CN (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing CERT_ISSUER_NOT_FOUND in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
- GnuTLS: GNUTLS_CERT_SIGNER_NOT_FOUND, GNUTLS_E_SUCCESS
- Mbed TLS: MBEDTLS_X509_BADCERT_KEY_USAGE, MBEDTLS_X509_BADCERT_NOT_TRUSTED
- OpenJDK: UNABLE_TO_FIND_VALID_CERTIFICATION_PATH
(No detailed documentation provided by the library.)
Original error message:
Loop in certificate chain (source)
(No detailed documentation provided by the library.)
Original error message:
Certificate chain too long (source)
Example certificates
Below you can download one or more example malformed certificates causing CERT_CHAIN_TOO_LONG in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case BC_PATH_LEN_EXCEEDED (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing CERT_CHAIN_TOO_LONG in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
(No detailed documentation provided by the library.)
Original error message:
Unable to find certificate issusing OCSP response (source)
(No detailed documentation provided by the library.)
Original error message:
OCSP signature error (source)
(No detailed documentation provided by the library.)
Original error message:
OCSP bad status (source)
(No detailed documentation provided by the library.)
Original error message:
OCSP parsing valid (source)
(No detailed documentation provided by the library.)
Original error message:
OCSP URL not available (source)
(No detailed documentation provided by the library.)
Original error message:
OCSP server not available (source)
(No detailed documentation provided by the library.)
Original error message:
No revocation data (source)
Basic extension errors
Errors related to extensions in general or to the BasicConstraints standard extension.
Relevant links: Certificate Extensions (RFC 5280), BasicConstraints Extension (RFC 5280)
(No detailed documentation provided by the library.)
Original error message:
Unknown critical extension encountered (source)
Example certificates
Below you can download one or more example malformed certificates causing UNKNOWN_CRITICAL_EXTENSION in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case BC_PATH_LEN_NEGATIVE (see the generation script)
- Case EMPTY_IP_ADDR_BLOCKS (see the generation script)
- Case IP_ADDR_BLOCKS_NO_SUBSET (see the generation script)
- Case NC_MINIMUM_NOT_ZERO (see the generation script)
- Case NC_UNKNOWN_NAME_TYPE (see the generation script)
- Case PROXY_CA (see the generation script)
- Case PROXY_LENGTH_EXCEEDED (see the generation script)
- Case PROXY_NAME_NO_MATCH_ISSUER (see the generation script)
- Case PROXY_WITH_SAN (see the generation script)
- Case UNKNOWN_CRITICAL_EXTENSION (see the generation script)
- Case VALID_PROXY (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing UNKNOWN_CRITICAL_EXTENSION in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, X509_V_ERR_INVALID_EXTENSION, X509_V_ERR_UNNESTED_RESOURCE, X509_V_ERR_SUBTREE_MINMAX, X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE, X509_V_ERR_PATH_LENGTH_EXCEEDED, X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED, X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION, X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION, X509_V_OK
- GnuTLS: GNUTLS_E_SUCCESS, GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, GNUTLS_CERT_UNEXPECTED_OWNER, GNUTLS_CERT_SIGNER_NOT_CA
- Mbed TLS: MBEDTLS_ERR_X509_INVALID_EXTENSIONS
- OpenJDK: PKIX_PATH_VALIDATION_FAILED, UNRECOGNIZED_CRITICAL_EXTENSION, MINIMUM_NAME_CONSTRAINTS, UNSUPPORTED_HANDSHAKE_MESSAGE, CA_KEY_USAGE_FAILED
(No detailed documentation provided by the library.)
Original error message:
CA certificate not allowed to issue certs (source)
Example certificates
Below you can download one or more example malformed certificates causing CA_CERT_NOT_FOR_CERT_ISSUER in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case ISSUER_CA_FALSE (see the generation script)
- Case NO_CERTSIGN_IN_KEYUSAGE (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing CA_CERT_NOT_FOR_CERT_ISSUER in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_ERR_INVALID_CA, X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
- GnuTLS: GNUTLS_CERT_SIGNER_NOT_CA, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE
- Mbed TLS: MBEDTLS_X509_BADCERT_NOT_TRUSTED
- OpenJDK: PKIX_PATH_VALIDATION_FAILED, NOT_A_CA_CERTIFICATE, CA_KEY_USAGE_FAILED
(No detailed documentation provided by the library.)
Original error message:
Duplicate certificate extension encountered (source)
Example certificates
Below you can download one or more example malformed certificates causing DUPLICATE_CERT_EXTENSION in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case DUPLICATE_BC_EXTENSION (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing DUPLICATE_CERT_EXTENSION in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
(No detailed documentation provided by the library.)
Original error message:
Encountered extension in certificate with version < 3 (source)
Example certificates
Below you can download one or more example malformed certificates causing EXT_IN_V1_V2_CERT in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case V1_CERT_WITH_EXTENSIONS (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing EXT_IN_V1_V2_CERT in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_OK
- GnuTLS: GNUTLS_E_CERTIFICATE_ERROR
- Mbed TLS: MBEDTLS_ERR_X509_INVALID_FORMAT
- OpenJDK: FAILED_TO_PARSE_SERVER_CERTIFICATES
Name related errors
Errors signalizing problems with either hostname verification, NameConstaints standard extension or IP Address Delegation extension.
Relevant links: NameConstaints extension (RFC 5280), IP Address Delegation extension (RFC 3779), Certificate Common Name (RFC 5280)
(No detailed documentation provided by the library.)
Original error message:
Certificate does not match provided name (source)
Example certificates
Below you can download one or more example malformed certificates causing CERT_NAME_NOMATCH in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case EMPTY_SUBJECT_AND_NO_SAN (see the generation script)
- Case HOST_NO_MATCH_CN (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing CERT_NAME_NOMATCH in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_ERR_HOSTNAME_MISMATCH
- GnuTLS: GNUTLS_CERT_UNEXPECTED_OWNER
- Mbed TLS: MBEDTLS_X509_BADCERT_CN_MISMATCH
- OpenJDK: FAILED_TO_PARSE_SERVER_CERTIFICATES, NO_NAME_MATCHING
(No detailed documentation provided by the library.)
Original error message:
Certificate issuer does not match subject of issuing cert (source)
(No detailed documentation provided by the library.)
Original error message:
Certificate does not pass name constraint (source)
Example certificates
Below you can download one or more example malformed certificates causing NAME_CONSTRAINT_ERROR in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case NC_MAXIMUM_PRESENT (see the generation script)
- Case NC_PERMITTED_VIOLATION (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing NAME_CONSTRAINT_ERROR in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_ERR_SUBTREE_MINMAX, X509_V_ERR_PERMITTED_VIOLATION
- GnuTLS: GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, GNUTLS_CERT_UNEXPECTED_OWNER
- Mbed TLS: MBEDTLS_ERR_X509_INVALID_EXTENSIONS
- OpenJDK: PKIX_PATH_VALIDATION_FAILED, MAXIMUM_NAME_CONSTRAINTS, NAME_CONSTRAINTS_CHECK_FAILED
(No detailed documentation provided by the library.)
Original error message:
Distinguished name too long (source)
Usage and policy errors
Errors related to standard extensions CertificatePolicies, KeyUsage and ExtendedKeyUsage.
Relevant links: KeyUsage extension (RFC5280), ExtendedKeyUsage extension (RFC5280), CertificatePolicies extension (RFC5280)
(No detailed documentation provided by the library.)
Original error message:
Certificate does not allow the requested usage (source)
Example certificates
Below you can download one or more example malformed certificates causing INVALID_USAGE in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case ANY_EXT_KEY_USAGE (see the generation script)
- Case UNKNOWN_EXT_KEY_USAGE (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing INVALID_USAGE in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_ERR_INVALID_PURPOSE
- GnuTLS: GNUTLS_E_SUCCESS, GNUTLS_CERT_UNEXPECTED_OWNER
- Mbed TLS: MBEDTLS_X509_BADCERT_EXT_KEY_USAGE
- OpenJDK: EXT_KEY_USAGE_NO_TLS_SERVER
(No detailed documentation provided by the library.)
Original error message:
Certificate policy error (source)
(No detailed documentation provided by the library.)
Original error message:
Certificate contains duplicate policy (source)
(No detailed documentation provided by the library.)
Original error message:
CA certificate not allowed to issue CRLs (source)
(No detailed documentation provided by the library.)
Original error message:
OCSP issuer's keyusage prohibits OCSP (source)
Algorithm related errors
Various errors signalizing usage of invalid or deprecated algorithms.
Relevant links: Algorithm and Key Size Profile for PKI (RFC 7935), Suite B Profile for TLS (RFC 6460)
(No detailed documentation provided by the library.)
Original error message:
Signature method too weak (source)
Example certificates
Below you can download one or more example malformed certificates causing SIGNATURE_METHOD_TOO_WEAK in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case ISSUER_RSA_KEY_1024 (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing SIGNATURE_METHOD_TOO_WEAK in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_ERR_CA_KEY_TOO_SMALL
- GnuTLS: GNUTLS_CERT_INSECURE_ALGORITHM
- Mbed TLS: MBEDTLS_X509_BADCERT_BAD_KEY
(No detailed documentation provided by the library.)
Original error message:
Certificate signed with unknown/unavailable algorithm (source)
(No detailed documentation provided by the library.)
Original error message:
Certificate signature has invalid parameters (source)
(No detailed documentation provided by the library.)
Original error message:
Hash function used is considered too weak for security (source)
Example certificates
Below you can download one or more example malformed certificates causing UNTRUSTED_HASH in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case ISSUER_HASH_MD5 (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing UNTRUSTED_HASH in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_ERR_CA_MD_TOO_WEAK
- GnuTLS: GNUTLS_CERT_INSECURE_ALGORITHM
- Mbed TLS: MBEDTLS_X509_BADCERT_BAD_MD
- OpenJDK: PKIX_PATH_VALIDATION_FAILED, FAILED_SIGNATURE_ALGORITHM
Formatting errors
These errors occur when a field of the certificate/CRL contains invalid values or is badly formatted.
Relevant links: Certificate Signature (RFC 5280), Certificate Time formatting (RFC 5280), Certificate Signature Algorithm (RFC 5280)
(No detailed documentation provided by the library.)
Original error message:
Signature error (source)
Example certificates
Below you can download one or more example malformed certificates causing SIGNATURE_ERROR in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case INVALID_SIGNATURE (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing SIGNATURE_ERROR in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_ERR_CERT_SIGNATURE_FAILURE
- GnuTLS: GNUTLS_CERT_SIGNATURE_FAILURE
- Mbed TLS: MBEDTLS_X509_BADCERT_NOT_TRUSTED
- OpenJDK: PKIX_PATH_VALIDATION_FAILED, SIGNATURE_CHECK_FAILED
(No detailed documentation provided by the library.)
Original error message:
CRL bad signature (source)
(No detailed documentation provided by the library.)
Original error message:
Botan::Decoding_error (source)
Example certificates
Below you can download one or more example malformed certificates causing DECODING_ERROR in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case PUBKEY_INFO_INVALID_OID (see the generation script)
- Case V4_CERT (see the generation script)
- Case WRONG_SIGNATURE_ALGORITHM (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing DECODING_ERROR in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
(No detailed documentation provided by the library.)
Original error message:
Certificate serial number is negative (source)
(No detailed documentation provided by the library.)
Original error message:
Botan::Invalid_Argument (source)
(No detailed documentation provided by the library.)
Original error message:
Botan::Encoding_Error (source)
Example certificates
Below you can download one or more example malformed certificates causing ENCODING_ERROR in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case NC_EMPTY (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing ENCODING_ERROR in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_OK
- GnuTLS: GNUTLS_CERT_UNEXPECTED_OWNER
- Mbed TLS: MBEDTLS_ERR_X509_INVALID_EXTENSIONS
Uncategorized errors
These errors are not yet categorized, deprecated or not used at all.
(No detailed documentation provided by the library.)
Original error message:
No CRL with matching distribution point for certificate (source)
(No detailed documentation provided by the library.)
Original error message:
OCSP cert not listed (source)
(No detailed documentation provided by the library.)
Original error message:
OCSP requests not available (source)
(No detailed documentation provided by the library.)
Original error message:
Signature on OCSP response was found valid (source)
(No detailed documentation provided by the library.)
Original error message:
OCSP response accepted as affirming unrevoked status for certificate (source)
(No detailed documentation provided by the library.)
Original error message:
Valid CRL examined (source)
(No detailed documentation provided by the library.)
Original error message:
Verified (source)
Example certificates
Below you can download one or more example malformed certificates causing VERIFIED in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case BC_NOT_CRITICAL_CA (see the generation script)
- Case BC_PATH_LEN_IN_NON_CA (see the generation script)
- Case EMPTY_EXT_KEY_USAGE (see the generation script)
- Case EMPTY_KEY_USAGE_END_CERT (see the generation script)
- Case NC_EXCLUDED_VIOLATION (see the generation script)
- Case NEGATIVE_SERIAL_NUMBER (see the generation script)
- Case NO_KEY_USAGE_IN_CA (see the generation script)
- Case SAN_EMPTY_EMAIL (see the generation script)
- Case SAN_NULL_BYTE_IN_EMAIL (see the generation script)
- Case SIGNATURE_ALGORITHM_MISMATCH (see the generation script)
- Case VALID (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing VERIFIED in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
- OpenSSL: X509_V_OK, X509_V_ERR_INVALID_PURPOSE, X509_V_ERR_EXCLUDED_VIOLATION, X509_V_ERR_UNSUPPORTED_NAME_SYNTAX, X509_V_ERR_CA_KEY_TOO_SMALL
- GnuTLS: GNUTLS_E_SUCCESS, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, GNUTLS_CERT_UNEXPECTED_OWNER, GNUTLS_E_CERTIFICATE_ERROR
- Mbed TLS: MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_X509_BADCERT_KEY_USAGE
- OpenJDK: EXT_KEY_USAGE_NO_TLS_SERVER, PKIX_PATH_VALIDATION_FAILED, INCORRECT_KEY_USAGE_BITS, FAILED_TO_PARSE_SERVER_CERTIFICATES, SIGNATURE_CHECK_FAILED
(No detailed documentation provided by the library.)
Original error message:
Botan::TLS_Exception (source)
Example certificates
Below you can download one or more example malformed certificates causing TLS_EXCEPTION in Botan. If you are interested in generating these certificates yourself, see the corresponding generating script for each case on the project Github.
- Case END_ENTITY_RSA_KEY_1024 (see the generation script)
- Case ISSUER_PUBKEY_INFO_INVALID_OID (see the generation script)
- Case ISSUER_PUBKEY_INVALID_OID_AND_SIGNATURE (see the generation script)
Corresponding errors
What validation errors do other libraries give for certificates causing TLS_EXCEPTION in Botan? Below, you can see the basic overview based on the example certificates from the previous section. (The list may be incomplete.)
About the project
The project is developed at the Centre for Research on Cryptography and Security (CRoCS) at Masaryk University, Brno, Czech Republic by Martin Ukrop, Pavol Žáčik, Eric Valčík with the help of Michaela Balážová and Matěj Grabovský. For more details, see the ReadMe file in the project repository on GitHub.
The authors are grateful for the financial support by and Red Hat Czech and Kiwi.com.