@bascule Are you going to do the cert chain building & verification too?
@BRIAN_____ so yeah I started writing this: https://github.com/tarcieri/pkixnames … /cc @sleevi_
-
-
-
@BRIAN_____ I was thinking something hyperspecific around hostname verification -
@bascule Be forewarned that it's dangerous to do hostname verification using a distinct implementation from name constraint enforcement. -
@BRIAN_____ seems like that should be solved here? https://github.com/sfackler/rust-openssl/issues/206 … -
@bascule My idea is to do a Rust wrapper around mozilla::pkix and then rewrite mozilla::pkix top-down to make it (obviously-)safely async. -
@BRIAN_____ that's probably the best path for Servo, but maybe not things like hyper or rust-openssl in general... -
@bascule What's a viable near-term alternative? "rm -Rf crypto/xx09* crypto/asn1" is the only thing I'd do w/ the OpenSSL X.509 code, IMO. - 2 more replies
New conversation -
-
-
@bascule@BRIAN_____@sleevi_ seems like a pretty simple function, or am I missing something? -
@pzb@BRIAN_____@sleevi_ the actual behavior is a tad more complicated than what appears in the README, I assure you ;) -
@bascule@BRIAN_____@sleevi_ here is my version in ruby :) https://gist.github.com/83697ee2d96210725550 … -
@pzb@BRIAN_____@sleevi_ here is my version in Ruby: https://github.com/ruby/openssl/pull/12/files … -
-
@BRIAN_____@pzb@sleevi_ this implementation was the MVP for getting a change upstream, and yes, I'd like to circle back on it -
@bascule Good point. That change was a big improvement and it's not reasonable to demand everything be fixed in one commit.
End of conversation
New conversation -
-
-
@bascule FWIW, strict conformance to RFC 6125 != perfect, because RFC 6125 is both too strict and not strict enough, and b/c of its options. -
@BRIAN_____ I don't mean "strict conformance", I mean not implementing all of the MAYs as a matter of taste -
@bascule Useful things to document: (1) Are CN-IDs supported, (2) what forms of wildcards are supported, and (3) what is considered a TLD? -
@BRIAN_____ presently (1) left as an exercise to the user (2) only "*." prefix (3) you're already asking me about the deepest rabbit hole :(
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.