Don't allow blacklisted certificates (or keys) to ever be whitelisted #166
Comments
adamdecaf
added a commit
that referenced
this issue
Feb 25, 2018
Start off using Chromiums certificate blacklist for our own blacklist. Fixes: #166
adamdecaf
changed the title
This was referenced Mar 3, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are a bunch of certificates which are blacklistd from major products. We need to never allow these through.
Chromium has a good list, but I'd like to not directly implement that. Perhaps
go generatea file?https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/
To support checking public/private keys we'll need to expand
whitelist.Whitelist.The text was updated successfully, but these errors were encountered: