Analyzing validation errors of TLS certificates in the wild

This thesis analyzes the situation about the outcomes of certificate chain validations happening on the Internet. The analysis is based on chains collected for various well-known network services, and it utilizes multiple cryptography libraries for their validation. The validation results are examined first in terms of their frequencies and subsequently as tuples of results from multiple libraries to compare the libraries’ behavior.


Faculty of Informatics

Date of Completion

spring 2021



Martin Ukrop


Róbert Šuška