diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-07-31 07:58:08 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-07-31 07:58:08 +0000 |
commit | d2a5764d7767530050bc760fed82200683622979 (patch) | |
tree | 84a7d02640fd9f093bcfa1ceb0c65e6637939e9e /doc/TODO | |
parent | 0d5a5b3624ba1d63f1a10c40bdcf001cdcebbdad (diff) | |
download | gnutls-d2a5764d7767530050bc760fed82200683622979.tar.gz |
Added some default limits in the verification of certificate
chains, to avoid denial of service attacks. Also added
gnutls_certificate_set_verify_limits() to override them.
Diffstat (limited to 'doc/TODO')
-rw-r--r-- | doc/TODO | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -9,6 +9,8 @@ Current list: allow easy integration with TLS hardware. * Allow adding multiple subject alternative names. * Allow verifying of certificates on their reception. +* Enforce the constraints for verify_peers() or similar, to openpgp + verification functions as well. This needs to be checked a bit. * Verify added CRLs * Document the format for the supported DN attributes. * Add support for Certificate Extensions Profile for Qualified |