[SSL Observatory] Finding Diginotar issued certs in observatory data

Walter Goulet wgoulet at gmail.com
Mon Sep 5 15:56:55 PDT 2011


Hi,

I've seen several posts where folks have attempted to find all certs rooted
to Diginotar CA certs. I was wondering what approaches are being used to
return the set of affected certs. Some of you may recall a few months ago I
had posted this exact question to the forum and had posted a patch to
OpenSSL I wrote which prints out the certs at the top of the cert chain (at
least according to OpenSSL's verification code). At the time, I was told
that approach may be incomplete and miss some cross-certified cert chains.
I'd be interested to hear how Mozilla and others have parsed the Observatory
data to find the affected certs.

Walter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110905/6fa00016/attachment.html>


More information about the Observatory mailing list