The ecosystem of TLS certificates is rather complicated. Just OpenSSL has over 75 different possible errors only related to certificate validation, some of them somewhat cryptic. Furthermore, other libraries have incompatible error sets, complicating knowledge transfer.
Usable X.509 Errors (
https://x509errors.org) is a project attempting to improve the situation. It compares errors from commonly used libraries (OpenSSL, GnuTLS, Botan, mbedTLS), consolidating the corresponding documentation from all those libraries in a single place. It tries to explain what the validation errors mean by devising better documentation and providing ready-to-use sample certificates for testing.
The presented research is a part of the academic cooperation of Red Hat Czech and Masaryk University.
Video Stream