[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] SSL certificates

From: Thorsten Glaser
Subject: Re: [Lynx-dev] SSL certificates
Date: Tue, 9 May 2006 10:25:07 +0000 (UTC)

Thomas Dickey dixit:

>On Wed, Mar 29, 2006 at 08:23:45PM +0000, Thorsten Glaser wrote:
>> Hi people,
>> to add to all the traffic on the list... I've implemented full
>> SSL certificate validation taking into account wildcard certificates
>> (only if the wildcard is the first character, I feel it's more secure
>> this way) and multiple CNs in the DN (as employed by e.g.

>But if I
>see a patch, I'll add it to my to-do list...

It did take me a while *blush* but here you are... reviewed on
a DEC VT420 ;) and tested via ssh onto a GNU/Linux box (and of
course, weeks of testing as part of the MirOS BSD base system).

I have, by no means, validated whether the code allows "more
than it should", but it does what it promises: verify against
hosts with more than one CommonName in the DistinguishedName,
such as, and handle leading asterisks in certifi-
cates well (I did not implement middle asterisks for securi-
ty reasons).

>>   Please feel free to use them. These are the certificates from MSIE 5
>>   on Win2k, some Netscape, plus; old or invalid certificates
>>   removed or (when applicable, e.g. Thawte Root Rollover) updated. I do
>>   of course not warrant they're correct, but that's the "standard set"
>>   trusted by "the others" too.

Did anyone look at this?

> emacs als auch vi zum Kotzen finde (joe rules) und pine für den einzig
> bedienbaren textmode-mailclient halte (und ich hab sie alle ausprobiert). ;)
Hallooooo, ich bin der Holger ("Hallo Holger!"), und ich bin ebenfalls
... pine-User, und das auch noch gewohnheitsmäßig ("Oooooooohhh").  [aus dasr]

Attachment: lydiff
Description: Text document

reply via email to

[Prev in Thread] Current Thread [Next in Thread]