Brian Smith
Brian Smith
In particular, prepare for allowing IP addresses in an API-compatible way.
The current API for configuration has intentionally been narrow because when I started this project I intended to support only a narrow set of use cases, and also this project...
Now we don't have an API that lets a TLS server validate a user client certificate. So, for example, if I try to authenticate to a website using my smartcard...
Currently, constructing an `EndEntityCert` will fail unless the certificate is a v3 certificate with a subjectAltName extension. Instead, the following should happen: * If the certificate version is the default...
* Creating some automation for releasing that enforces that a git tag is associated with each release. * Document the git tag in the Cargo.toml if possible. * Document how...
Right now, many (most? almost all?) PRs submitted to this project don't have tests with them. This is because this project doesn't have any infrastructure to make it easy to...
As the title says. This is related to #29. We might need different limits for end-entity and intermediate certificates.
`UnknownIssuer` is a name that comes from my historical involvement in other certificate validation libraries. It isn't a good name. We should change it to something that better says "we...
Do for webpki what we propose for *ring* in https://github.com/briansmith/ring/issues/1256. Over the weekend, I merged PR #225 which minimizes the permissions of the GitHub token, and did the same for...
Multiple times people have asked for a way to learn something more than `UnknownIssuer` when webpki fails to build a path. For example, if the end-entity certificate is signed using...