What next?

[Hal Murray]

(I found some more notes...)


We should test the config file stuff to see that all the options at least get 
past the parser.  Better would be to actually run the code.

We should check FIPS mode.  Do any of the CI options include FIPS?
I got half way there by building OpenSSL to include FIPS mode but I haven't 
made the config file to use it.



I'd like a script that checks the certificates.  When do they expire?

I'd like a script that finds out who signed a certificate and pokes around in 
my local certificate collection and tells me a filename so I can add that to a 
server line in the config file.  The idea is to make sure that we are using 
the right root-cert rather than one from a CA that was arm twisted by your 
local repressive govt or broken into by the KBG or NSA.



I'd like some code that goes through the NTS-KE dance and prints the answer.  
Extra credit if it can request various options.


-- 
These are my opinions.  I hate spam.