{"id":13482522,"url":"https://github.com/crocs-muni/usable-cert-validation","last_synced_at":"2026-01-31T03:35:28.303Z","repository":{"id":40007352,"uuid":"196382775","full_name":"crocs-muni/usable-cert-validation","owner":"crocs-muni","description":"Research initiative to make TLS certificate validation usable.","archived":false,"fork":false,"pushed_at":"2024-05-10T20:55:39.000Z","size":1026,"stargazers_count":20,"open_issues_count":34,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-10T06:17:01.808Z","etag":null,"topics":["certificate-validation","documentation","hacktoberfest","tls-certificates","x509"],"latest_commit_sha":null,"homepage":"https://x509errors.org","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crocs-muni.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-07-11T11:38:10.000Z","updated_at":"2025-06-13T09:13:13.000Z","dependencies_parsed_at":"2024-01-13T18:17:04.858Z","dependency_job_id":"d6307a32-d052-456f-957c-df325b7a9223","html_url":"https://github.com/crocs-muni/usable-cert-validation","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/crocs-muni/usable-cert-validation","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crocs-muni%2Fusable-cert-validation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crocs-muni%2Fusable-cert-validation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crocs-muni%2Fusable-cert-validation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crocs-muni%2Fusable-cert-validation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crocs-muni","download_url":"https://codeload.github.com/crocs-muni/usable-cert-validation/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crocs-muni%2Fusable-cert-validation/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28928148,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-31T02:59:34.861Z","status":"ssl_error","status_checked_at":"2026-01-31T02:59:05.369Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate-validation","documentation","hacktoberfest","tls-certificates","x509"],"created_at":"2024-07-31T17:01:02.892Z","updated_at":"2026-01-31T03:35:28.282Z","avatar_url":"https://github.com/crocs-muni.png","language":"Java","funding_links":[],"categories":["Java"],"sub_categories":[],"readme":"# Usable certificate validation\n\n[![Build Status](https://travis-ci.org/crocs-muni/usable-cert-validation.svg?branch=master)](https://travis-ci.org/crocs-muni/usable-cert-validation)\n\nA research initiative to make TLS certificate validation usable.\n\n## What problems do we want to solve?\n\nThe system of working with (validating) TLS certificates:\n\n* It is complicated, even a bit chaotic.\n* There are multiple different tools to do the same thing.\n* The tools are not unified (they work and behave differently).\n* Yet certificate validation is important and frequent (e.g. TLS on the Internet).\n\n## So in short, what do we want to do?\n\nOur goal is to simplify the ecosystem by consolidating the errors and their documentation and by explaining better what the validation errors mean. A similar (although much larger) effort was done [by Mozilla for browser documentation](https://blog.mozilla.org/blog/2017/10/18/mozilla-brings-microsoft-google-w3c-samsung-together-create-cross-browser-documentation-mdn/) in 2017.\n\nIn the ideal case, we aim for a unified, accessible, widely-used and academically interesting taxonomy of certificate validation errors and accompanying usable documentation. For every error, we aim to provide an example certificate, documentation from OpenSSL and other TLS libraries.\n\nIn the future, we plan the possibility of reorganization based on the other libraries (currently, the web is organized by OpenSSL), adding the error frequencies based on IP-wide scans and elaborating on the consequences of individual errors.\n  \n## Local build\n\nTo build TLS clients, the development versions of the following libraries are required:\n\n* [OpenSSL](https://www.openssl.org/)\n* [GnuTLS](https://www.gnutls.org/) (also requires [libcurl](https://curl.se/libcurl/))\n* [Botan](https://botan.randombit.net/), preferentially version 2\n* [mBedTLS](https://tls.mbed.org/)\n* [OpenJDK](https://openjdk.java.net/)\n\nOn Ubuntu 20.04 LTS or Fedora 33 you can install them using the appropriate of the following commands:\n\n```bash\n# Ubuntu 20.04\napt install libssl-dev libgnutls28-dev botan libbotan-2-dev libmbedtls-dev openjdk-16-jdk libcurl4-openssl-dev\n# Fedora 33\ndnf install openssl-devel gnutls-devel botan2-devel mbedtls-devel java-latest-openjdk-devel libcurl-devel\n```\n\nThe necessary Python packages are locally installed by running `make install`. Building the certificate chains requires the following Python packages: [setuptools](https://pypi.org/project/setuptools/), [asn1tools](https://github.com/eerimoq/asn1tools) and [pycryptodomex](https://pypi.org/project/pycryptodomex/). Running certificate validation further requires [shyaml](https://github.com/0k/shyaml), [yq](https://kislyuk.github.io/yq/), [jq](https://stedolan.github.io/jq/) and [pyYAML](https://github.com/yaml/pyyaml) for parsing and manipulating YAML files.\n\nThe website is build using [Jekyll](https://jekyllrb.com/). To develop locally, install Jekyll (e.g. according to [this guide](https://help.github.com/en/articles/setting-up-your-github-pages-site-locally-with-jekyll). Then run `make local` and see the website served at `localhost:4000`.\n\n## Authors\n\nThe project is developed at the [Centre for Research on Cryptography and Security](https://www.fi.muni.cz/research/crocs/) of [Masaryk University](http://www.muni.cz/) in Brno, Czech Republic. The main contributors are listed in [CONTRIBUTORS.md](CONTRIBUTORS.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrocs-muni%2Fusable-cert-validation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrocs-muni%2Fusable-cert-validation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrocs-muni%2Fusable-cert-validation/lists"}