commoncriteria / X509

The Unlicense
0 stars 0 forks source link

Feedback regarding FIA_X509_EXT.1 testing #29

Open jfisherbah opened 4 months ago

jfisherbah commented 4 months ago

For FIA_X509_EXT.1 Test 4, the test to validate an 'expired certificate' implies that the validity period of the cert is in the past. Should there also be a test for when it's in the future, i.e. attempt to use a certificate that hasn't become valid yet? It seems preferable to test the failure conditions on both ends of the validity period if feasible.

jfisherbah commented 2 months ago

Test updated to show range testing for both notBefore and notAfter values, consistent with the request of the issue. Believe this can be closed.