~apreiml/hare-tls

1

Status Report

Details
Message ID
<11733aef-98e6-444f-a9df-da762ee06667@strohwolke.at>
DKIM signature
missing
Download raw message
Most of the focus went into the encoding::asn1 module. The decoder has 
been polished and is in a very good state. It is feature complete and it 
will be ready for upstream eventually. I've also started to work on the 
encoder, which is also working already for a subset of data types. The 
missing one will be added when required.

I've also ported ec arithmetic for secp256 and secp384 and ecdsa 
verification from BearSSL. This code is still waiting to be properly 
cleaned up and the new ec module needs a proper API design. With those 
two curves and RSA now all signature algorithms of the Mozilla trusted
certificates are supported, which is the default ca store for Linux 
distributions.

I've done a small tool called `zert`, which you can use to dump and 
verify certs against those trusted ones.

Currently I'm working on refactoring the crypto::x509 module. The goal 
is to implement proper certificate path validation and host 
verification. Currently there is only a certificate path validation 
prototype to try things out and host name verification is missing 
completely. Once this is done, I can implement proper certificate 
verification in the TLS module.

That's all for now. Cheers.
Details
Message ID
<CWES6PM3EO0B.3ABJ8T8HUSECC@taiga>
In-Reply-To
<11733aef-98e6-444f-a9df-da762ee06667@strohwolke.at> (view parent)
DKIM signature
missing
Download raw message
Great work!
Reply to thread Export thread (mbox)