@hkrn While some tinker with this, I suggest checking out #OffensiveOpenSSL, a #OpenSSL fork by @lattera. The first goal of the project is to rid ourselves of all sanity checks unrelated to memory safety. You'll be surprised how certificates may be interpreted. For example, ever wondered if a notAfter date is before the notBefore date with X.509 certificates? #fuckaroundandfindout https://git.hardenedbsd.org/shawn.webb/articles/-/blob/master/infosec/offensive-openssl/2023-02-03_introduction/article.md