diff options
author | Jacob Appelbaum <jacob@appelbaum.net> | 2012-07-17 15:15:26 -0700 |
---|---|---|
committer | Jacob Appelbaum <jacob@appelbaum.net> | 2012-07-17 15:15:26 -0700 |
commit | 7a072e6c061113d19c77cbd61e742cd0e70c210b (patch) | |
tree | 99abd68d40b5c2a8a2c818ba7818d571f2bbdea9 /TODO | |
parent | a9e9833a3dd19ed0c61e9e627f9f6672c5bbc644 (diff) | |
download | tlsdate-7a072e6c061113d19c77cbd61e742cd0e70c210b.tar.gz |
add new TODO items relating to checking certs
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -28,6 +28,9 @@ Here is a nice list of things to do to improve tlsdate: 24) Add OCSP check option 25) Block weak signature algorithms 26) Hard code block list of known horrible certs (extract from Chrome/FF) +27) Check CN and/or SAN field +28) Check that extended key usage is empty, or includes TLS Server Auth +29) extract the SubjectPublicKeyInfo from the certificates; match against + public keys Patches welcome! - |