Skip to content
This repository has been archived by the owner on Jul 29, 2022. It is now read-only.

QUESTION Can we verify version 1 x509 cert and integrating with Rustls #2

Open
amrx101 opened this issue Jun 25, 2020 · 3 comments
Open

QUESTION Can we verify version 1 x509 cert and integrating with Rustls #2

amrx101 opened this issue Jun 25, 2020 · 3 comments

Comments

@amrx101
Copy link

amrx101 commented Jun 25, 2020

Hi I came here from this.

I am using a legacy version 1 x509 certificate which doesn't have v3 extensions and SANs. This results in BadDer error from WebPKI. This is an info request for:

  • Can I use this to verify a version 1 x509 certificate.
  • How do I hook this with TLS verifier of Rustls.

Thanks
@amrx101 amrx101 changed the title Can we verify version 1 x509 cert and integrating with Rustls QUESTION Can we verify version 1 x509 cert and integrating with Rustls Jun 25, 2020
@Demi-Marie
Copy link
Contributor

Verifying version 1 certificates is definitely in-scope for this project. That said, how do you plan on verifying the certificate chain? x509-signature can’t build certificate chains on its own, and doesn’t know how to parse DNs either. You will need to do both yourself.

@Demi-Marie
Copy link
Contributor

I won’t be able to implement either of those features in the near future, but I would be willing to review PRs that added them.

@amrx101
Copy link
Author

amrx101 commented Jun 25, 2020

Noted

@mleonhard mleonhard mentioned this issue Sep 13, 2020
Open
@detly detly mentioned this issue Nov 24, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amrx101 @Demi-Marie