Towards Practical, End-to-End Formally Verified X.509 Certificate Validators with Verdict

Paper: Validating X.509 certificates is a critical part of Internet security, but the relevant standards are complex and ambiguous. Most X.509 validators also intentionally deviate from these standards in idiosyncratic ways, often for security or backward compatibility. Unsurprisingly, the result is a long history of security vulnerabilities.

In this work, we present Verdict, the first end-to-end formally verified X.509 certificate validator with customizable validation policies. Verdict's formal guarantees cover certificate parsing, path building, and path validation. To make Verdict practical to both verify and to use, we specify its correctness generically in terms of a user-supplied validation policy written concisely in first-order logic, with a proof-producing compiler to efficient Rust code.

To demonstrate Verdict's expressiveness, we use Verdict's policy framework to implement the X.509 validation policies in Google Chrome, Mozilla Firefox, and OpenSSL, and formally prove that they conform to a subset of RFC requirements. We instantiate Verdict with each policy and show that Verdict matches the corresponding baseline's behavior and state-of-the-art performance on over ten million certificates from Certificate Transparency logs.

Artifact: This artifact includes the source code of Verdict, as well as forks of six other X.509 validators we evaluate against: Chrome, Firefox, OpenSSL, ARMOR, CERES, and Hammurabi.
We also provide scripts to automate all three main evaluations we perform in the paper.

Usage:

- verdict-bench-image.tar.gz is the main Docker image for artifact evaluation.
- artifact-appendix.pdf is the Artifact Appendix containing instructions to evaluate the artifact image.
- [optional] verdict-bench-repo.tar.gz is the source code and build files of the Docker image.
- [optional] verdict-repo.tar.gz is the main repository of the Verdict implementation.

For usage of the Docker image, see artifact-appendix.pdf. In Section A.4.2 (E2), there is also a description of the contents of verdict-repo.tar.gz.