Andrew Ayer
Andrew Ayer
I see your point. Unfortunately, it's not trivial to distinguish these two cases. If the server sends a chain that's not signed by a trusted root, whatsmychaincert doesn't immediately know...
Thanks for the pointer - I'll take a look at this. Ideally, whatsmychaincert should ask you what clients you want to support, take the intersection of their trust stores, and...
This would be nice, but it's low priority: STARTTLS is annoying to implement because it's intertwined with the application protocol, and whatsmychaincert is mainly focused on the browser use-case which...
For reference: https://github.com/benbe/ssltest/blob/master/src/de/dogcraft/ssltest/tests/STARTTLS.java Indeed, that doesn't look awful. I thought XMPP would be worse. Though IIRC the XMPP STARTTLS support in OpenSSL's s_client was broken for a while, so there...
> // Time that the message was first received at the administrative domain of the > // verifier. Note, this must not be set to a user-controlled value. If zero,...
The 0.8.0 binary links with libcrypto from OpenSSL 3 and should work with the latest version of Ubuntu.
`$XDG_STATE_HOME` is for application state, whereas `$XDG_DATA_HOME` is intended for things like font or icon files (the sort of stuff that is found in `/usr/share`), though many applications put state...
The RHEL 7 kernel had getrandom backported in 2017, per https://access.redhat.com/errata/RHSA-2017:1842: > BZ - 1330000 - kernel: Backport getrandom system call So in practice Go programs would continue to work...
Technically it's more correct to omit the NULL parameter, but it's common practice in the WebPKI to include it (I surveyed OCSP responses from Sectigo, Let's Encrypt, DigiCert, and Google...
I'm curious why you believe Sectigo and DigiCert's OCSP responders use Go? And it's not just them - Microsoft, GlobalSign, Entrust, Identrust, ssl.com also include the NULL parameter in OCSP...