You don’t realize how difficult X509 certificate verification is until you actually try to implement it. Jesus.
-
-
Replying to @davidcadrian
All of Google's and mozilla:pkix and webpki are pretty good. What are you planning to do differently?
1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
I need to discern between expired but otherwise valid (e.g. “was_valid”)
3 replies 0 retweets 0 likes -
Replying to @davidcadrian @BRIAN_____
and also name error, but otherwise valid (e.g. valid chain, but name error) “valid_name”
3 replies 0 retweets 0 likes -
Replying to @davidcadrian
That should be easy with most libs because normally name checking is a separate call from certificate verification.
1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
I want to avoid checking signatures twice, which is the case in many libs if you check names separate from chains
1 reply 0 retweets 0 likes
Replying to @davidcadrian
In the more modern ones I mentioned, that shouldn't be an issue.
1:53 PM - 19 Mar 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.