Changes between Version 2 and Version 3 of CertMgr/ToDo

Timestamp:

Jun 26, 2007, 11:13:11 PM (17 years ago)

Author:

wehlhard

Comment:

up todo

CertMgr/ToDo

@@ -1 +1 @@
 = Issues =
- * Jabber (and possibly others) use the purple_ssl_connect_fd function to build an SSL connection over a previously existing ProxyConnection. Since all the SSL side sees is the file descriptor in this case, hostname verification is impossible. (29 May)
- * talk.google.com gives back a gmail.com certificate?! (29 May)
  * Design issue: In my design, the Certificate struct has an ptr to a GnuTLS certificate structure to hold its internal data. This has the consequence that the SSL connection system and X.509 handling must both be provided by GnuTLS; if, say, SILC provides the X.509 handling, and GnuTLS the SSL connections, everything grinds to a gruesome segfaulty halt.
 
- Should I address this? The only workaround I can think of is to keep a pointer to the PEM-formatted certificate in the Certificate struct instead, but that will require any consumers of the Certificate to have PEM encoding/decoding and constantly decode it from PEM for every use. (June 19)
+ Should I address this? The only workaround I can think of is to keep a pointer to the PEM-formatted certificate in the Certificate struct instead, but that will require any consumers 
+ * How to ensure that VerificationRequests get properly trashed in unusual conditions (such as canceling an SSL connection)? (June 26)
+of the Certificate to have PEM encoding/decoding and constantly decode it from PEM for every use. (June 19)
 = Resolved Issues =
  * It looks like PKCS12 (the certificate import/export format) is supported by both libNSS and GnuTLS.
+ * Jabber "connect with fd" problem solved by porting a change from soc.2007.xmpp (29 May, June 26)
 
 = TODO =