Some notes on current debugging mess.

svn path=/rcynic/README; revision=319

1 files changed, 27 insertions, 0 deletions

diff --git a/rcynic/README b/rcynic/README
new file mode 100644
index 00000000..a0dbf484
--- /dev/null
+++ b/rcynic/README
@@ -0,0 +1,27 @@
+-*- Text -*- 
+$Id$
+
+Notes on current debugging mess:
+
+Having some trouble checking CRLs.   As far as the code itself is
+concerned, we're dumping core calling X509_STORE_get_by_subject(),
+because we're not using a real X509_STORE, just a trusted_stack.
+
+But this is just the symptom.  The real issue goes deeper, and is
+architectural.  We're doing a minmimal signature check on the CRL,
+and accepting the CRL object if that works.  There are a bunch of
+other checks we probably ought to be doing.  x509_vfy.c does them as
+part of checking a certificate chain.
+
+Arguably, the right thing to do is for us to accept a CRL
+provisionally, check the cert that led us to load the CRL, and accept
+the CRL if the X509_validate_cert() call on the cert checks out.
+
+We still have a mess trying to figure out which CRL to use.  The
+URI-based code knows perfectly well which one to use, but the library
+is using certificate names.  If we believe that we really only care
+about checking the leaf CRL at any given time, we can turn off
+X509_V_FLAG_CRL_CHECK_ALL and just use X509_V_FLAG_CRL_CHECK.  For
+that matter, we really only need the leaf certificate in the CRL stack
+for this, so maybe we cut through all this complexity by loading the
+provisional CRL into a one-entry stack each time.