add new TODO items relating to checking certs

author: Jacob Appelbaum <jacob@appelbaum.net> 2012-07-17 15:15:26 -0700
committer: Jacob Appelbaum <jacob@appelbaum.net> 2012-07-17 15:15:26 -0700
commit: 7a072e6c061113d19c77cbd61e742cd0e70c210b (patch)
tree: 99abd68d40b5c2a8a2c818ba7818d571f2bbdea9 /TODO
parent: a9e9833a3dd19ed0c61e9e627f9f6672c5bbc644 (diff)
download: tlsdate-7a072e6c061113d19c77cbd61e742cd0e70c210b.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/TODO b/TODO
index 22bd6bb..6423855 100644
--- a/TODO
+++ b/TODO
@@ -28,6 +28,9 @@ Here is a nice list of things to do to improve tlsdate:
 24)  Add OCSP check option
 25)  Block weak signature algorithms
 26)  Hard code block list of known horrible certs (extract from Chrome/FF)
+27)  Check CN and/or SAN field
+28)  Check that extended key usage is empty, or includes TLS Server Auth
+29)  extract the SubjectPublicKeyInfo from the certificates; match against
+     public keys
 
 Patches welcome!
-
author	Jacob Appelbaum <jacob@appelbaum.net>	2012-07-17 15:15:26 -0700
committer	Jacob Appelbaum <jacob@appelbaum.net>	2012-07-17 15:15:26 -0700
commit	7a072e6c061113d19c77cbd61e742cd0e70c210b (patch)
tree	99abd68d40b5c2a8a2c818ba7818d571f2bbdea9 /TODO
parent	a9e9833a3dd19ed0c61e9e627f9f6672c5bbc644 (diff)
download	tlsdate-7a072e6c061113d19c77cbd61e742cd0e70c210b.tar.gz