[SSL Observatory] Fresh observatory data ? Survey other ports/protocols ?
George Macon
george.macon at gmail.com
Thu Apr 28 15:30:21 PDT 2011
On 4/28/11 6:01 PM, Andy Isaacson wrote:
> Perhaps adding a CLI tool to the Mozilla tree so that we can check it
> out and build it, or something like that?
>
> If we were to just copy stuff out of Mozilla's tree, it'll diverge from
> their code over time. That would be sad, I think.
>
The script I wrote earlier to look at unqualified names already uses the
Mozilla command line tools certutil and vfychain. The code parses the
results, but isn't modular and only cert verification is currently
implemented.
It might be a good idea to define an abstract interface to these tools
so that openssl, NSS, pyasn1, and whatever someone comes up with next
can be easily switched in and out. Do you already have such a thing in
progress in relation to your work with pyasn1?
-George Macon
More information about the Observatory
mailing list