Automatically test the results of certificate validation in all libraries
Opened this issue · 4 comments
We test that OpenSSL validation is correct when building, test other libraries as well.
Actually, we do not test that the result is the same in each build, as we did in OpenSSL before.
I would leave this issue open. This is something that we would probably like to have in the future.
I've given this some more thought and it does not make much sense anymore. The behavior of some libraries will inevitably change for some of our certificates at some point, but we are not the ones to dictate how libraries should behave.
If we just want to check whether some library behavior changed, there may be easier ways (e.g. seeing how the mapping file compares to the previous one).
I would close this issue. What's your opinion, @mukrop?
If we just want to check whether some library behavior changed, there may be easier ways (e.g. seeing how the mapping file compares to the previous one).
I see. Though this feature was meant as a self-check, not as a way to analyze libraries. My motivation was to prevent us from deploying the version where all certificates throw "expired" just because Travis screwed the clock setting or we messed with something we were not supposed to.
Don't you find it a useful sanity check? How complicated would this be to add?