GitHub - 0xxon/tls-validation-measurement: validation code for certificate & small nss patch for repeated certificate validation

0xxon / tls-validation-measurement Public

Notifications You must be signed in to change notification settings
Fork 4
Star 3

validation code for certificate & small nss patch for repeated certificate validation

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
README		README
analyze_bad_cert_domain.pl		analyze_bad_cert_domain.pl
countCrlsetEntries.pl		countCrlsetEntries.pl
nss.patch		nss.patch
verifyChains.pl		verifyChains.pl

Repository files navigation

Tools for validating certificate chains against using NSS.

nss.patch: 
  Small patch against nss, which disables the crl issuer cache. This makes
  it possible to check large volumes of chains, without the results being
  tainted because old certificates are still being held in memory

analyze_bad_cert_domain.pl
  Analyze the reasons for certificate<->hostname mismatches in greater detail.
  Requires the dev-hostname branch of the NSS bindings at
  https://github.com/0xxon/perl-nss.

countCrlSetEntries.pl
  Count the entries in a crl set as created by https://github.com/agl/crlset-tools

verifyChains.pl
  Mass-checking of certificate chains using NSS.
  Requires a patched version of NSS using nss.patch and the mozilla-functions branch
  of the NSS bindings at https://github.com/0xxon/perl-nss.

  Please see the comments in the script - it describes the input file format as well
  as the locations where the certificates files are expected to be.