-
Notifications
You must be signed in to change notification settings - Fork 5
/
TODO.txt
36 lines (20 loc) · 1.06 KB
/
TODO.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Impl:
-) Debug the problem with the signature validation of the test 4.13.19 NIST
Other:
-) Add bouncycastle 1.46 library dependency when available in ETICS
Report bugs:
BC bug - line PKIXCertPathReviewer:2417 (1.46 version)
NPE possible if DistributionPoint extension
has no DistributionPointName defined, what is perfectly fine according to the spec.
if (crlDistPoints != null)
{
DistributionPoint[] distPoints = crlDistPoints.getDistributionPoints();
for (int i = 0; i < distPoints.length; i++)
{
DistributionPointName dp_name = distPoints[i].getDistributionPoint();
BC - many problems with CRLs e.g. when SelfIssued certificates are in chain in PKIXCerPathReviewer.
BC - PKIXCertPathReviewer bug - NC checking is always ignoring the last (EE) certificate.
Should do this only when it is self-signed and not last.
BC - PKIXCertPathReviewer bug - NC checking is ignoring mail component checks.
BC - PKIXCertPathReviewer - should share logic with JCA cert path validator. Many things
missing or wrong.