Most of the focus went into the encoding::asn1 module. The decoder has
been polished and is in a very good state. It is feature complete and it
will be ready for upstream eventually. I've also started to work on the
encoder, which is also working already for a subset of data types. The
missing one will be added when required.
I've also ported ec arithmetic for secp256 and secp384 and ecdsa
verification from BearSSL. This code is still waiting to be properly
cleaned up and the new ec module needs a proper API design. With those
two curves and RSA now all signature algorithms of the Mozilla trusted
certificates are supported, which is the default ca store for Linux
distributions.
I've done a small tool called `zert`, which you can use to dump and
verify certs against those trusted ones.
Currently I'm working on refactoring the crypto::x509 module. The goal
is to implement proper certificate path validation and host
verification. Currently there is only a certificate path validation
prototype to try things out and host name verification is missing
completely. Once this is done, I can implement proper certificate
verification in the TLS module.
That's all for now. Cheers.