d7b65da678
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17556 ec53bebd-3082-4978-b11e-865c3cabbd6b
57 lines
1.2 KiB
Plaintext
57 lines
1.2 KiB
Plaintext
$Id$
|
|
|
|
x501 name
|
|
parsing
|
|
comparing (ldap canonlisation rules)
|
|
|
|
DSA support
|
|
DSA2 support
|
|
|
|
Rewrite the pkcs11 code to support the following:
|
|
|
|
* Keep as many sessions open to the card as long as possible.
|
|
* Avoid trying to login to the card over and over.
|
|
* Reset the pin on card change.
|
|
* Ref count the lock structure to make sure we have a
|
|
prompter when we need it.
|
|
* Add support for CK_TOKEN_INFO.CKF_PROTECTED_AUTHENTICATION_PATH
|
|
|
|
x509 policy mappings support
|
|
|
|
CRL delta support
|
|
|
|
crypto
|
|
make signing alg depend on signer if not given
|
|
|
|
tests
|
|
nist tests
|
|
name constrains
|
|
policy mappings
|
|
http://csrc.nist.gov/pki/testing/x509paths.html
|
|
|
|
building path using Subject/Issuer vs SubjKeyID vs AuthKeyID
|
|
negative tests
|
|
all checksums
|
|
conditions/branches
|
|
|
|
pkcs7
|
|
handle pkcs7 support in CMS ?
|
|
|
|
certificate request
|
|
generate pkcs10 request
|
|
from existing cert
|
|
generate CRMF request
|
|
pk-init KDC/client
|
|
web server/client
|
|
jabber server/client
|
|
email
|
|
|
|
|
|
x509 issues:
|
|
|
|
OtherName is left unspecified, but its used by other
|
|
specs. creating this hole where a application/CA can't specify
|
|
policy for SubjectAltName what covers whole space. For example, a
|
|
CA is trusted to provide authentication but not authorization.
|
|
|