Brian Smith
Brian Smith
According to https://gitlab.com/gnutls/gnutls/-/issues/802, gnutls uses `secure_getenv` for this feature. The risk for a a setuid/setgid executable in this feature is that SSLKEYLOGFILE might have been (in fact, probably was) inherited...
In many cases `$SSLKEYLOGFILE` will point into the user's `$HOME` and in many Unixy operating systems, files in `$HOME` are readadable by everybody by default. `$SSLKEYLOGFILE` is contains (potentially) very...
`emit_client_hello_for_retry` is a function that serializes a ClientHello message and sends it to the server. It is used for the initial ClientHello and also for a ClientHello that we send...
I would like to help add OCSP stapling support to Rustls by adding the necessary primitives to webpki. I filed three issues: 1. Client-side OCSP stapling support: https://github.com/briansmith/webpki/issues/26. 2. Server-side...
We have, in client/hs.rs: ```rust exts.push(ClientExtension::CertificateStatusRequest( CertificateStatusRequest::build_ocsp(), )); ``` and ```rust pub fn build_ocsp() -> Self { let ocsp = OCSPCertificateStatusRequest { responder_ids: ResponderIDs::new(), extensions: PayloadU16::empty(), }; Self::OCSP(ocsp) } ```...
There are many places where we do things like this: ```rust return Err(Error::General("No end-entity certificate in certificate chain".to_string())); ``` and ```rust return Err(Error::PeerMisbehavedError("client sent wrong binder".to_string())); ``` Each of these...
Currently many IPv6-related tests are disabled because Travis CI doesn't support IPv6 (see https://github.com/travis-ci/travis-ci/issues/5200 and related issues in their issue tracker). However, it should be made possible to enable IPv6...
I did `cargo install trust-dns` which installed a binary `named` in `/.cargo/bin/named`. There's nothing wrong with that, but I wonder if the names of trust-dns binaries should be prefixed with...
deckard is basically a set of scripted tests for DNS implementations, designed to be portable across implementations. If TRust-DNS implements an interpreter for the scripts, then it can reuse these...
In various CI/CD pipelines I am running both cargo-audit and cargo-deny. Recently I had to override a "unmaintained crate" warning and I was surprised to find I had to change...