[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] SSL certificates
From: |
Thorsten Glaser |
Subject: |
Re: [Lynx-dev] SSL certificates |
Date: |
Tue, 9 May 2006 10:25:07 +0000 (UTC) |
Thomas Dickey dixit:
>On Wed, Mar 29, 2006 at 08:23:45PM +0000, Thorsten Glaser wrote:
>> Hi people,
>>
>> to add to all the traffic on the list... I've implemented full
>> SSL certificate validation taking into account wildcard certificates
>> (only if the wildcard is the first character, I feel it's more secure
>> this way) and multiple CNs in the DN (as employed by e.g. cacert.org).
>But if I
>see a patch, I'll add it to my to-do list...
It did take me a while *blush* but here you are... reviewed on
a DEC VT420 ;) and tested via ssh onto a GNU/Linux box (and of
course, weeks of testing as part of the MirOS BSD base system).
I have, by no means, validated whether the code allows "more
than it should", but it does what it promises: verify against
hosts with more than one CommonName in the DistinguishedName,
such as cacert.org, and handle leading asterisks in certifi-
cates well (I did not implement middle asterisks for securi-
ty reasons).
>>*) http://mirbsd.mirsolutions.de/cvs.cgi/src/etc/ssl.certs.shar?rev=HEAD
>> Please feel free to use them. These are the certificates from MSIE 5
>> on Win2k, some Netscape, plus CAcert.org; old or invalid certificates
>> removed or (when applicable, e.g. Thawte Root Rollover) updated. I do
>> of course not warrant they're correct, but that's the "standard set"
>> trusted by "the others" too.
Did anyone look at this?
bye,
//mirabile
--
> emacs als auch vi zum Kotzen finde (joe rules) und pine für den einzig
> bedienbaren textmode-mailclient halte (und ich hab sie alle ausprobiert). ;)
Hallooooo, ich bin der Holger ("Hallo Holger!"), und ich bin ebenfalls
... pine-User, und das auch noch gewohnheitsmäßig ("Oooooooohhh"). [aus dasr]
lydiff
Description: Text document
- Re: [Lynx-dev] SSL certificates,
Thorsten Glaser <=