Added some default limits in the verification of certificate

chains, to avoid denial of service attacks. Also added gnutls_certificate_set_verify_limits() to override them.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2004-07-31 07:58:08 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2004-07-31 07:58:08 +0000
commit: d2a5764d7767530050bc760fed82200683622979 (patch)
tree: 84a7d02640fd9f093bcfa1ceb0c65e6637939e9e /doc/TODO
parent: 0d5a5b3624ba1d63f1a10c40bdcf001cdcebbdad (diff)
download: gnutls-d2a5764d7767530050bc760fed82200683622979.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/doc/TODO b/doc/TODO
index ba7b8e5814..b9cdf4eb46 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -9,6 +9,8 @@ Current list:
   allow easy integration with TLS hardware.
 * Allow adding multiple subject alternative names.
 * Allow verifying of certificates on their reception.
+* Enforce the constraints for verify_peers() or similar, to openpgp 
+  verification functions as well. This needs to be checked a bit.
 * Verify added CRLs
 * Document the format for the supported DN attributes.
 * Add support for Certificate Extensions Profile for Qualified
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2004-07-31 07:58:08 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2004-07-31 07:58:08 +0000
commit	d2a5764d7767530050bc760fed82200683622979 (patch)
tree	84a7d02640fd9f093bcfa1ceb0c65e6637939e9e /doc/TODO
parent	0d5a5b3624ba1d63f1a10c40bdcf001cdcebbdad (diff)
download	gnutls-d2a5764d7767530050bc760fed82200683622979.tar.gz