blob: ecdfa8d5b6a199bb1ca6dc3371a2cc3332134a81 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
Handle private_key_ops better, esp wrt ->key_oid
Better support for keyex negotiation, DH and ECDH.
x501 name
parsing
comparing (ldap canonlisation rules)
DSA support
DSA2 support
Rewrite the pkcs11 code to support the following:
* Reset the pin on card change.
* Ref count the lock structure to make sure we have a
prompter when we need it.
* Add support for CK_TOKEN_INFO.CKF_PROTECTED_AUTHENTICATION_PATH
x509 policy mappings support
CRL delta support
Qualified statement
https://bugzilla.mozilla.org/show_bug.cgi?id=277797#c2
Signed Receipts
http://www.faqs.org/rfcs/rfc2634.html
chapter 2
tests
nist tests
name constrains
policy mappings
http://csrc.nist.gov/pki/testing/x509paths.html
building path using Subject/Issuer vs SubjKeyID vs AuthKeyID
negative tests
all checksums
conditions/branches
pkcs7
handle pkcs7 support in CMS ?
certificate request
generate pkcs10 request
from existing cert
generate CRMF request
pk-init KDC/client
web server/client
jabber server/client
email
x509 issues:
OtherName is left unspecified, but it's used by other
specs. creating this hole where a application/CA can't specify
policy for SubjectAltName what covers whole space. For example, a
CA is trusted to provide authentication but not authorization.
|
