Bonjour,
In the 4.2 paragraph, talking about revocation, you explicitely write
that your code examples don't check for revocation. Depending on your
target audience, this might not be a wise choice.
In the same part, you're referring to a post by Ben Laurie about how
hard it is to detect revoked certificates, and thus how "useless" it is
to revoke a certificate, because applications don't check for
revocation, or do it with a soft-fail behavior. That's something public
CAs want to be changed, and the lack of revocation check in your
examples won't help.
--
Erwann ABALEA
Le 27/10/2012 17:00, Alban D. a écrit :
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html
It is not trivial and so I thought this reference material could be
useful to people on this mailing list.
Thanks,
Alban D.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org