Changes between Initial Version and Version 1 of CertMgr/ToDo

Timestamp:

Jun 19, 2007, 4:18:01 PM (17 years ago)

Author:

wehlhard

Comment:

create a separate todo list

CertMgr/ToDo

@@ +1 @@
+= Issues =
+ * Jabber (and possibly others) use the purple_ssl_connect_fd function to build an SSL connection over a previously existing ProxyConnection. Since all the SSL side sees is the file descriptor in this case, hostname verification is impossible. (29 May)
+ * talk.google.com gives back a gmail.com certificate?! (29 May)
+
+= Resolved Issues =
+ * It looks like PKCS12 (the certificate import/export format) is supported by both libNSS and GnuTLS.
+
+= TODO =
+ * General paranoia
+ * Look at how the SILC prpl does its key management, especially the organization of the API used to check certs and interact with the user to verify them.
+ * Add some way of passing useful error messages back up out of the SSL interface (23 May)
+ * Fix purple_ssl_init in sslconn.c; it doesn't do anything (23 May)
+  * Talking to nosnilmot suggests that this ought to just be removed outright (24 May)
+ * Figure out libNSS everything. (25 May)
+ * Why am I getting single-byte serial numbers from servers? (25 May)
+ * Work out how to use Glib functions for time checking on certificates. (29 May)
+ * Stall the timeouts on the TCP connection while waiting for user input on SSL? (29 May)
+ * Worry about ensuring that plugins don't kill in-use ciphers/certschemes when unloaded? (29 May)
+ * GnuTLS and NSS should probably be configured to use g_malloc and g_free for paranoia's sake (1 June)
+
+= Tasks done =
+ * Figure out how to get key fingerprints out of GnuTLS (25 May, 25 May))
+