The TLS package does not address the matter of managing trust stores and the test procedures in FCS_TLSC_EXT.1.3 requiring modification of a trust store might impose additional requirements if the PP or PP-Module doesn't require trust store management.

FCS_TLSC_EXT.1.3, Test 1, is replaced as follows:

Test 1a: The evaluator shall demonstrate that a server using a certifcate with a valid certification path successfully connects.

Test 1b: The evaluator shall modify the certificate chain used by the server in test 1a to be invalid and demonstrate that a server using a certificate without a valid certification path to a trust store element of the TOE results in an authentication failure.

Test 1c [conditional]: If the TOE trust store can be managed, the evaluator shall modify the trust store element used in Test 1a to be untrusted and demonstrate that a connection attempt from the same server used in Test 1a results in an authentication failure.

Test 1 is modified to account for TOEs that are able to manage trust stores and those that are not.