ocaml-x509 issues

Serial number at 0 can not be decoded with #167

2

During my tests, I decided to generate certificates in the fly via this code: ```ocaml module Ca = struct open Rresult let prefix = X509.Distinguished_name. [ Relative_distinguished_name.singleton (CN "Fuzzer") ]...

dinosaure

String

3

On top of #166

dinosaure

Remove P224 - see mirage/mirage-crypto#209

/cc @hannesm

dinosaure

Rename Authenticator.server_{cert,key}_fingerprint

By dropping the server_ prefix. The functions do not check that the certificate have extended key usage of server auth and could just as well be used to authenticate clients...

reynir

feature: ed448 support

1

Hi, Similarly to #137, ocaml-x509 does not support Ed448 (OID 1.3.101.113) at the moment. It's also mentioned in RFC8446, so opening this issue to track support.

emillon

Add support for name constraints

6

I don't have time to write the OCaml code for this, but I've already written the code to do this in both C++ for [mozilla::pkix](https://github.com/briansmith/mozillapkix) and [libwebpki](https://github.com/briansmith/webpki). The mozilla::pkix code...

briansmith

Put X509.Authenticator.authenticate into an IO monad?

6

Is this reasonable? What if a user's authentication routine requires I/O?

dsheets

ocaml-x509
ocaml-x509 copied to clipboard

Metadata

Serial number at 0 can not be decoded with #167

String

Remove P224 - see mirage/mirage-crypto#209

Rename Authenticator.server_{cert,key}_fingerprint

feature: ed448 support

Add support for name constraints

Put X509.Authenticator.authenticate into an IO monad?

← Metadata

Owner

Metadata

ocaml-x509 ocaml-x509 copied to clipboard

Metadata

Serial number at 0 can not be decoded with #167

String

Remove P224 - see mirage/mirage-crypto#209

Rename Authenticator.server_{cert,key}_fingerprint

feature: ed448 support

Add support for name constraints

Put X509.Authenticator.authenticate into an IO monad?

← Metadata

Owner

Metadata

ocaml-x509
ocaml-x509 copied to clipboard