Andres, > - Just to make things clear regarding the static nature of it, I would > move self._min_expire_days to the module level and call it > MIN_EXPIRE_DAYS Hmm, I want to make possible to setup it as option. It can help users to force their PKI policy for scanning.
> - After reading "issuer = cert.get_issuer()" I thought... maybe we > could dump the cert authority list from a browser (firefox?) and add a > simple check to verify that the cert.get_issuer() is in that list? It will be better if openssl wrapper could do it internally but yes, if there is no another way, we will need to have our own CA list. > Regards, > > On Fri, May 18, 2012 at 2:46 PM,<ox...@users.sourceforge.net> wrote: >> Revision: 5014 >> http://w3af.svn.sourceforge.net/w3af/?rev=5014&view=rev >> Author: oxdef >> Date: 2012-05-18 10:46:08 +0000 (Fri, 18 May 2012) >> Log Message: >> ----------- >> 1. added soon expire check; 2. refactoring; 3. ssl errors now are vuln >> objects >> >> Modified Paths: >> -------------- >> branches/ssl/plugins/audit/sslCertificate.py >> >> This was sent by the SourceForge.net collaborative development platform, the >> world's largest Open Source development site. >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> W3af-svn-notify mailing list >> w3af-svn-not...@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-svn-notify > > > -- Taras http://oxdef.info ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
