Daniel McCarney
Daniel McCarney
Just wanted to mention I'm likely going to start looking at this problem space in the coming week. @jbr Happy to collaborate if you have thoughts or any work-in-progress on...
> CRL support I've started to sketch out the first piece for CRL support, parsing the DER representation: https://github.com/rustls/webpki/pull/44
CRL support in webpki landed w/ v0.101.0, the Rustls support for using it with the provided webpki-based client verifiers landed in v0.21.3. I'm going to leave this issue open because...
I think [aws-lc-rs](https://github.com/aws/aws-lc-rs) has broader [signature algorithm support](https://docs.rs/aws-lc-rs/latest/aws_lc_rs/signature/index.html#statics). Since it's API compatible with *ring* you can use it with webpki today with just [a Cargo patch](https://github.com/cpu/webpki/commit/5d12964fab1295e41777bc6c26ab21e40eedec70) as long as you...
> we are getting hit by [UnsupportedSignatureAlgorithm](https://github.com/rustls/webpki/blob/febe4090182b62586ca9b6088bcb687abf39a7bf/src/signed_data.rs#L199), resulting in the generic UnknnownIssuer showing up in our application. @chris-henderson-alation Separate question: Are you using Rustls v0.21.4+? I expected we would be...
> > Are you using Rustls v0.21.4+ > > Cargo.lock indicates 0.21.5. Thanks, I'll dig deeper on that front.
> Thanks, I'll dig deeper on that front. @chris-henderson-alation Could you expand more on how you're using Rustls when you get the `UnknownIssuer` err working with an `ecdsa-with-SHA512` certificate chain?...
Since it seems like https://github.com/rustls/rustls/issues/521 is the right path forward to resolve support for additional signature algorithms I'm going to close this issue out. Following #521 will be the best...
> I suggest you add an API to webpki's EndEntityCert that takes a private key and returns Ok(()) if and only if the private key corresponds to the public key...
We should implement this field - @jsha @rolandshoemaker ~I remember the question of pagination/truncation of the "orders" field came up before w.r.t this spec feature. What are your thoughts about...