x509-parser icon indicating copy to clipboard operation
x509-parser copied to clipboard

Published 20 hours ago verified publisher icon rusticata

Switch verify feature from ring to openssl?

Open chifflier opened this issue 4 years ago • 2 comments

Followup of #69

Ring is a nice library, but it is not sure it is the best for our purpose: x509-parser needs to be able to verify all kind of cryptographic signatures (even old/deprecated/not ideal but correct algorithms). ring aims at providing a secure by default API, but our criteria is compatibility with previous implementations, so openssl may be a better choice.

chifflier avatar Feb 22 '21 12:02 chifflier

fwiw the new ring 0.17 cross-compiles easier, which is handy for our project, but apparently it needs a higher minimum Rust version https://github.com/rusticata/x509-parser/pull/148/commits/5132fdc51bfe14406ecbfd6f01a9592dad51eca1

ReactorScram avatar Dec 21 '23 23:12 ReactorScram

but apparently it needs a higher minimum Rust version

Indeed :-) There's some ongoing discussion in https://github.com/rusticata/x509-parser/pull/148

cpu avatar Dec 21 '23 23:12 cpu