Message372627
I have yet another use case for the function implemented by this patch (i.e. retrieving the cert chain actually sent by the server, regardless of whether that gives a path to a trust anchor). I'm implementing a network forensics tool, and one of the situations it's supposed to detect is when a man-in-the-middle is attempting to substitute its own cert for a site's "legitimate" cert (yes, possibly having suborned a public CA in order to do so). To make all of the planned heuristics for this work correctly, I need to record exactly what came over the wire.
If it would be useful for me to dust off the patch and/or implement the _other_ function that people requested (retrieve the chain that OpenSSL concluded was a valid chain to an accepted trust anchor) I can probably scare up time to do so in the next week or two. I imagine it's too late for 3.8 patch releases at this point, but assuming I did this, could it make 3.9? |
|
Date |
User |
Action |
Args |
2020-06-29 20:42:38 | zwol | set | recipients:
+ zwol, jcea, pitrou, christian.heimes, asmodai, njs, maker, Hiroaki.Kawai, underrun, dstufft, dsoprea, miki725, mmasztalerczuk, chet, joernheissler, chaen, chrisburr, kwatsen |
2020-06-29 20:42:38 | zwol | set | messageid: <1593463358.72.0.880314233606.issue18233@roundup.psfhosted.org> |
2020-06-29 20:42:38 | zwol | link | issue18233 messages |
2020-06-29 20:42:38 | zwol | create | |
|