@BRIAN_____ so yeah I started writing this: https://github.com/tarcieri/pkixnames … /cc @sleevi_
-
-
@BRIAN_____ I was thinking something hyperspecific around hostname verification -
@bascule Be forewarned that it's dangerous to do hostname verification using a distinct implementation from name constraint enforcement. -
@BRIAN_____ seems like that should be solved here? https://github.com/sfackler/rust-openssl/issues/206 … -
@bascule My idea is to do a Rust wrapper around mozilla::pkix and then rewrite mozilla::pkix top-down to make it (obviously-)safely async. -
@BRIAN_____ that's probably the best path for Servo, but maybe not things like hyper or rust-openssl in general... -
@bascule What's a viable near-term alternative? "rm -Rf crypto/xx09* crypto/asn1" is the only thing I'd do w/ the OpenSSL X.509 code, IMO. -
@bascule Not trolling. I've written ~200 patches for BoringSSL, and 1 of the 1st was "Remove PEM, PKCS#8, PKCS#12, X.509, ASN.1, & EVP." - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.