What next?
Hal Murray
halmurray at sonic.net
Sun Mar 17 23:41:45 UTC 2024
(I found some more notes...)
We should test the config file stuff to see that all the options at least get
past the parser. Better would be to actually run the code.
We should check FIPS mode. Do any of the CI options include FIPS?
I got half way there by building OpenSSL to include FIPS mode but I haven't
made the config file to use it.
I'd like a script that checks the certificates. When do they expire?
I'd like a script that finds out who signed a certificate and pokes around in
my local certificate collection and tells me a filename so I can add that to a
server line in the config file. The idea is to make sure that we are using
the right root-cert rather than one from a CA that was arm twisted by your
local repressive govt or broken into by the KBG or NSA.
I'd like some code that goes through the NTS-KE dance and prints the answer.
Extra credit if it can request various options.
--
These are my opinions. I hate spam.
More information about the devel
mailing list