Daniel McCarney
Daniel McCarney
After https://github.com/rustls/rustls-platform-verifier/pull/50 lands we should be able to enable the stapled OCSP test in the real world verification test suite: https://github.com/rustls/rustls-platform-verifier/blob/65b2a97aff062585d91c97ae3b7b1d17fbcd7b62/rustls-platform-verifier/src/tests/verification_real_world/mod.rs#L221-L239 As described in [this comment](https://github.com/rustls/rustls-platform-verifier/blob/65b2a97aff062585d91c97ae3b7b1d17fbcd7b62/rustls-platform-verifier/src/tests/verification_real_world/mod.rs#L32-L43) (which should also be...
Presently this crate uses [`jni-rs`](https://github.com/jni-rs/jni-rs) v0.19 as an optional dependency for doc generation, and a required dependency for the Android OS target. The latest release stream, 0.21.x, "makes extensive breaking...
Presently the [mock verification test cases](https://github.com/rustls/rustls-platform-verifier/blob/9ac0577af77bed385803839131d9f371f6bd14f2/rustls-platform-verifier/src/tests/verification_mock/) are generated [using Go](https://github.com/rustls/rustls-platform-verifier/blob/9ac0577af77bed385803839131d9f371f6bd14f2/rustls-platform-verifier/src/tests/verification_mock/ca.go) It's likely possible to rewrite these test helpers in Rust, making maintenance a little bit easier. For inspiration, consider a...
The folks at Trail of Bits have been working on a Rust based certificate path building and validation backend for use in PyCa Cryptography. As part of that work they've...
In #42 we adopted some upstream work that included a new `GeneralDnsNameRef` enum that had a `DnsName` variant for a standard `DnsNameRef` (no wildcards, can be used for subject matching)...
In https://github.com/rustls/webpki/pull/66 we've staged support for using Certificate Revocation Lists (CRLs) to make revocation decisions during path building. The code in that branch performs CRL signature verification as part of...
As a breaking API change `rcgen` should refuse to generate certificates with duplicate extensions. [RFC 5280 §4.2](https://www.rfc-editor.org/rfc/rfc5280#section-4.2) says: > A certificate MUST NOT include more than one instance of a...
Presently the `AddDNSOneChallenge` function is quite simple and adds the provided content under the provided host: https://github.com/letsencrypt/challtestsrv/blob/285efd6fac122954c72d2f32bf1f6e3f7c50ffb5/dnsone.go#L9-L15 That means callers have to add the `_acme-challenge.` prefix for RFC 8555 DNS-01...
Similar to [`negotiated_cipher_suite()`](https://docs.rs/rustls/latest/rustls/struct.CommonState.html#method.negotiated_cipher_suite) it feels like there's utility in knowing the key exchange group that was used for the connection. In particular it also let us tighten up some FFHDE...
**Checklist** * [x] I've searched the issue tracker for similar requests - https://github.com/rustls/rustls/issues/199 covers the general case. We want a more specific issue for server-side support. **Is your feature request...