Fix.

author: Simon Josefsson <simon@josefsson.org> 2007-02-13 11:48:03 +0000
committer: Simon Josefsson <simon@josefsson.org> 2007-02-13 11:48:03 +0000
commit: 672bb6fadf6ad0720b3a6ae0c30f625998f79b3a (patch)
tree: 115c6ece99fdf29dc7cc4956f55803079b62cd3b /tests/x509paths
parent: 4fe447c6abd44368ac5e63319db4080995eef9e9 (diff)
download: gnutls-672bb6fadf6ad0720b3a6ae0c30f625998f79b3a.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/tests/x509paths/README b/tests/x509paths/README
index cdc7f8b618..e2e85b2107 100644
--- a/tests/x509paths/README
+++ b/tests/x509paths/README
@@ -9,3 +9,24 @@ http://csrc.nist.gov/pki/testing/x509paths_old.html
 
 Because of unclear license, they are not distributed with GnuTLS
 currently.
+
+See the PDF for information regarding the self tests.  Particular
+comments on individual tests below.  The 'XXX' marks real bugs.
+
+Chain 13-14,65: We probably should not fail fatally, although this is
+not a real problem.
+
+Chain 15-18: We should succeed, the reason we don't is that we use
+memcmp for DN comparisons.
+
+Chain 19: I don't understand why this test should fail?  The chain
+seems fine to me.
+
+Chain 28-29: We fail to check keyCertSign (non-)critical key usage in
+intermediate certificates.  XXX
+
+Chain 31-32: The CRL is issued by a issuer without CRLSign
+(non-)critical keyCertSign.  We don't check the CRL, so this is not a
+real problem.
+
+Chain 54-63: We don't check path length constraints properly. XXX
author	Simon Josefsson <simon@josefsson.org>	2007-02-13 11:48:03 +0000
committer	Simon Josefsson <simon@josefsson.org>	2007-02-13 11:48:03 +0000
commit	672bb6fadf6ad0720b3a6ae0c30f625998f79b3a (patch)
tree	115c6ece99fdf29dc7cc4956f55803079b62cd3b /tests/x509paths
parent	4fe447c6abd44368ac5e63319db4080995eef9e9 (diff)
download	gnutls-672bb6fadf6ad0720b3a6ae0c30f625998f79b3a.tar.gz