[botan-devel] Remote DoS/crash in TLS code

Jack Lloyd lloyd at randombit.net
Sun Dec 25 13:02:39 EST 2011


There is a ticket open for it
(http://bugs.randombit.net/show_bug.cgi?id=97), but I have done no
work on OCSP beyond scanning the RFC. It would obviously be useful
though, for both SSL and general X.509/PKI work. OCSP should be
relatively self-contained, so it could be a good candidate for being
developed as a seperate project and then merged in, if someone wants
to work on it (hint hint).

I suspect whatever time I have for botan in 2012 will be on TLS work
and on redesiging the X.509 path validation/certificate store
interfaces, so if I end up being the one to write the OCSP support it
will likely not happen until 2013.

-Jack

On Sun, Dec 25, 2011 at 06:14:21PM +0100, tobeki at gmx.de wrote:
> Hi Jack,
> 
> I think it's a lot of work, but is supporting OCSP for Botan in process of 
> planning?



More information about the botan-devel mailing list