Skip to content

Latest commit

 

History

History
40 lines (39 loc) · 3.06 KB

TODO.md

File metadata and controls

40 lines (39 loc) · 3.06 KB
Raw

pki-lint TODO list

  • Create new development branch for gs-certlint module to fix multiple bugs and/or contact upstream devs
  • Support custom error levels for certain messages depending on context?
  • Add support for optional downloading of AIA certificates to attempt to build missing chains.
  • Add support for OpenSSL CRL validation along the entire chain (use -crl_check_all).
  • Add basic test PKI structure for post-build unit testing.
  • Refactor LLVM / clang++ installation to use upstream source.
  • Fix linking for ASN1_TIME_to_tm() function (currently breaking travis-ci build)
  • Fix remaining shellcheck warnings and remove exclusions from make check target.
  • Check/fix zlint output processing for accuracy.
  • Fix cases where output is null (eg. certain GlobalSign lint output not processed).
  • Add PEM file name filtering to OpenSSL verify commands.
  • Fix CRL download error handling and add console output.
  • Add filename filtering to AWS certlint output.
  • Make CRL errors critical (currently treated as warnings).
  • Fix empty line before exit line after NSS output in lint.sh script.
  • Fix AWS cablint/certlint processing for 'Notice' messages.
  • Exit build.sh script on first sudo failure while attempting to update cache.
  • Fix OpenSSL CRL validation in lint.sh script (must handle DER-encoded CRL files).
  • Fix lint.sh print_debug minimum verbosity level (is currently zero).
  • Minimize the number of required commands to run lint.sh to simplify release.
  • Fix Makefile targets to actually check all build output instead of just individual files.
  • Add --update option to build.sh for updating Git submodules.
  • For release, include libssl libcrypto.so used in x509lint source directory (used static link for libcrypto.a).
  • Either compile Go lint scripts, or handle instances where Go is not installed in lint.sh wrapper.
  • Add option to build.sh to only install missing dependencies.
  • Update Ruby commands to redirect stderr and cleanly inform the user.
  • Check for the correct Ruby version in lint.sh script.
  • Update all third-party linting modules to latest versions.
  • Fix output coloring (use regex to check if info/warn/err/etc.).
  • Add argument to specify OpenSSL validation auth_level.
  • Update README.md to document added arguments.
  • Fix NOTES.md markdown.
  • Fix lints/README.md markdown formatting.
  • Cleanup dependency package handling in build.sh script.
  • Add Ruby and Golang version checks to lint.sh script.
  • Update README.md to include more detailed information.
  • Add support for vfychain command (eg. vfychain -v -pp -u 11 -a ca/subCA.crt -a ca/int.crt -t -a ca/root.crt)
  • Add support for certutil verification (eg. certutil -u Y -d sql:${HOME}/.pki/nssdb)