Hi, I've realized that the Fedora defensive guide [0] is the only guide we have to introduce the C TLS and crypto libraries we have, as well as provide a defensive style in using them. However, it is quite out- dated, and misses information which may be standard requirement in the future (e.g., support for HSMs). For that, I've taken the liberty to update the text on crypto libraries, as well as the TLS libraries, i.e., gnutls, Bob Relyea reviewed text on NSS, and we added a section on using Hardware Security Modules with openssl, gnutls and NSS.
The existing updates are in: https://pagure.io/defensive-coding-guide/pu ll-requests However, what is missing now, is updating the code samples for openssl with code that is safe to use with both 1.1.0 and 1.0.0, review the section on HSMs+openssl, and add a section on setting up a server with openssl. Anyone who knows openssl well enough to volunteer for any of the tasks above? regards, Nikos [0]. https://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html -- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
