Path Building vs Path Verifying: Implementation Showdown

OpenSSL

  • The OpenSSL public and internal APIs assume there is only a singular issuer certificate.
  • It applies the X.509v3 extensions and application policies (like algorithm checks) after chain building.
  • It checks revocation after chain building.

LibreSSL

BoringSSL

GnuTLS

Botan

Other Libraries

When Browsers Got It Wrong

MacOS Expired Intermediates

NSS: A Tale of Three Verifiers

Android

Windows CryptoAPI

Closing Thoughts

Footnotes

--

--

--

I work on certs and stuff. Tweets are my own, etc. etc.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Flux Multi-Cluster Multi-Tenant by Example

A New Begining in AWS Cloud Computing after a Very long Scratchy approach to diving into Tech!

Implementing Acceptance Test-Driven Development (ATDD)

What Is a Binary Breaking Change?

vs — map, flatMap and compactMap

Jenkins Integration with Github and Maven

Recognizing Parts of Speech in given Sentence using Apache OpenNLP

How I used Node & Puppeteer with Docker to generate PDFs

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ryan Sleevi

Ryan Sleevi

I work on certs and stuff. Tweets are my own, etc. etc.

More from Medium

CS373 Spring 2022: Dinesh Krishnan Balakrishnan

Postmorten of a 500 internal error!

Is Godot Git-friendly? | Wannabe Indie Gamedev #11

File Transfer Resume with FTP & SFTP

Choose the Resume option in your FTP client.