33 lines
1.6 KiB
Markdown
33 lines
1.6 KiB
Markdown
|
# BoringSSL pki - Web PKI Certificate path building and verification library
|
||
|
|
|
||
|
|
This directory and library should be considered experimental and should not be
|
||
|
|
depended upon not to change without notice. You should not use this.
|
||
|
|
|
||
|
|
It contains an extracted and modified copy of chrome's certificate
|
||
|
|
verifier core logic.
|
||
|
|
|
||
|
|
It is for the moment, intended to be synchronized from a checkout of chrome's
|
||
|
|
head with the IMPORT script run in this directory. The eventual goal is to
|
||
|
|
make both chrome and google3 consume this.
|
||
|
|
|
||
|
|
## Current status:
|
||
|
|
* Some of the Path Builder tests depending on chrome testing classes and
|
||
|
|
SavedUserData are disabled. These probably need either a mimicing
|
||
|
|
SaveUserData class here, or be pulled out into chrome only.
|
||
|
|
* This contains a copy of der as bssl:der - a consideration for
|
||
|
|
re-integrating with chromium. the encode_values part of der does not include
|
||
|
|
the base::time or absl::time based stuff as they are not used within the
|
||
|
|
library, this should probably be split out for chrome, or chrome's der could
|
||
|
|
be modified (along with this one and eventually merged together) to not use
|
||
|
|
base::time for encoding GeneralizedTimes, but rather use boringssl posix
|
||
|
|
times as does the rest of this library.
|
||
|
|
* The Name Constraint limitation code is modified to remove clamped_math
|
||
|
|
and mimic BoringSSL's overall limits - Some of the tests that test
|
||
|
|
for specific edge cases for chrome's limits have been disabled. The
|
||
|
|
tests need to be changed to reflect the overall limit, or ignored
|
||
|
|
and we make name constraints subquadratic and stop caring about this.
|
||
|
|
* Fuzzer targets are not yet hooked up.
|
||
|
|
|
||
|
|
|
||
|
|
|