Am 19.05.2012 17:20, schrieb Andres Riancho: > Taras, > > On Sat, May 19, 2012 at 2:52 PM, Taras <ox...@oxdef.info> wrote: >> Andres, >> >> >>> - Just to make things clear regarding the static nature of it, I would >>> move self._min_expire_days to the module level and call it >>> MIN_EXPIRE_DAYS >> >> Hmm, I want to make possible to setup it as option. It can help >> users to force their PKI policy for scanning. >> >> >>> - After reading "issuer = cert.get_issuer()" I thought... maybe we >>> could dump the cert authority list from a browser (firefox?) and add a >>> simple check to verify that the cert.get_issuer() is in that list? >> >> It will be better if openssl wrapper could do it internally but yes, >> if there is no another way, we will need to have our own CA list. > > Totally agree with you again :) Do you know if openssl has an internal CA > list?
openssl uses CA from directory ssl/certs, which depends on the system you started openssl (most likely /etc/ssl/certs on *ix) you may try openssl ca to get an idea Note that you OS may do house keeping for these CAs, hence some may miss or some are there even if revoked. Hope this helps Achim ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
