1# BoringSSL pki - Web PKI Certificate path building and verification library 2 3This directory and library should be considered experimental and should not be 4depended upon not to change without notice. You should not use this. 5 6It contains an extracted and modified copy of chrome's certificate 7verifier core logic. 8 9It is for the moment, intended to be synchronized from a checkout of chrome's 10head with the IMPORT script run in this directory. The eventual goal is to 11make both chrome and google3 consume this. 12 13## Current status: 14 * Some of the Path Builder tests depending on chrome testing classes and 15 SavedUserData are disabled. These probably need either a mimicing 16 SaveUserData class here, or be pulled out into chrome only. 17 * This contains a copy of der as bssl:der - a consideration for 18 re-integrating with chromium. the encode_values part of der does not include 19 the base::time or absl::time based stuff as they are not used within the 20 library, this should probably be split out for chrome, or chrome's der could 21 be modified (along with this one and eventually merged together) to not use 22 base::time for encoding GeneralizedTimes, but rather use boringssl posix 23 times as does the rest of this library. 24 * The Name Constraint limitation code is modified to remove clamped_math 25 and mimic BoringSSL's overall limits - Some of the tests that test 26 for specific edge cases for chrome's limits have been disabled. The 27 tests need to be changed to reflect the overall limit, or ignored 28 and we make name constraints subquadratic and stop caring about this. 29 * Fuzzer targets are not yet hooked up. 30 31 32 33