[Lynx-dev] SSL certificates

[Thorsten Glaser]

Hi people,

to add to all the traffic on the list... I've implemented full
SSL certificate validation taking into account wildcard certificates
(only if the wildcard is the first character, I feel it's more secure
this way) and multiple CNs in the DN (as employed by e.g. cacert.org).

The code can be seen at the moment at the following address:
http://mirbsd.mirsolutions.de/cvs.cgi/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c?rev=HEAD

Please look at it; once I received a comment from Tom Dickey I will
prepare a standard unidiff against 2.8.6dev.17, test that and submit
it for inclusion into 2.8.6dev.18 (I hope it can make it).
I didn't prepare a patch yet because I want to test it a bit more
locally (works for at least two testcases; no regression in "normal"
behaviour until now) and because I would like to hear some comments
on how I've done things (of course, the #if 0'd stuff will not be
seen in the patch I am going to submit).

If I get annoyed enough I might also implement some other means of
validation for certificates covering multiple vhosts, because my
operating system (MirOS BSD) is of course supposed to be as secure
as OpenBSD; running SSL/TLS by default (lynx, sendmail) and distri-
buting a collection of CA certificates in the standard installation*
is part of this agenda.

*) http://mirbsd.mirsolutions.de/cvs.cgi/src/etc/ssl.certs.shar?rev=HEAD
   Please feel free to use them. These are the certificates from MSIE 5
   on Win2k, some Netscape, plus CAcert.org; old or invalid certificates
   removed or (when applicable, e.g. Thawte Root Rollover) updated. I do
   of course not warrant they're correct, but that's the "standard set"
   trusted by "the others" too.

bye,
//mirabilos
-- 
I believe no one can invent an algorithm. One just happens to hit upon it
when God enlightens him. Or only God invents algorithms, we merely copy them.
If you don't believe in God, just consider God as Nature if you won't deny
existence.              -- Coywolf Qi Hunt