mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 21:01:31 +00:00
cowork
6b60b6fa84
Pure doc work. Three new subsections added to docs/testing-guide.md: Part 21.99 — RFC 7030 EST test vectors - /cacerts response framing (§4.1.3) - /simpleenroll request framing (§4.2.1) - /serverkeygen multipart response (§4.4.2) Part 23.99 — RFC 5280 SAN/EKU test vectors - IPv4 SAN encoding (§4.2.1.6, [7] OCTET STRING 4 bytes) - IPv6 SAN encoding (§4.2.1.6, 16 bytes; v4-mapped canonicalization) - IDN dNSName (§4.2.1.6 + RFC 3490 Punycode) - otherName UPN (§4.2.1.6, [0] AnotherName SEQUENCE) - EKU encoding (§4.2.1.12, SEQUENCE OF OID + standard OIDs) - EKU criticality (§4.2.1.12 + CA/B Forum BR §7.1.2.7) Part 24.99 — RFC 6960 OCSP / RFC 5280 §5 CRL test vectors - OCSP response status (§4.2.2.3, tryLater vs HTTP 5xx) - OCSP ResponderID byName vs byKey (§4.2.2.2) - OCSP nonce extension (§4.4.1, browser-cache-friendly handling) - CRL TBSCertList nextUpdate (§5.1.2 + CA/B Forum BR §7.2.2) - CRL reason codes (§5.3.1, reserved 7 + out-of-range rejection) - CRL IDP extension (§5.2.5, partitioned vs full) - CRL no-delta (§5.2.4, certctl emits full CRLs only) Each vector cites RFC section + provides ASN.1 byte snippet where relevant + names the certctl pin location (file + test name) so a reviewer can spot wire-level drift without re-reading the RFC. Verification - grep -cE '^### [0-9]+\.99' docs/testing-guide.md == 3 (the new subs) - grep -cE '^## Part [0-9]+:' docs/testing-guide.md == 56 (unchanged) - file size: 8266 lines (+~190 from baseline) Audit deliverables - gap-backlog.md M-008 row: full strikethrough + closure note enumerating all three subsections + the 14 specific test vectors - coverage-audit-2026-04-27/extension-progress.md: P.2 marked DONE Closes: M-008 Bundle: P.2-extended (Coverage Audit Extension)