Closed mben-romdhane closed 4 years ago
the motivation for deprecation was this blog article https://www.imperialviolet.org/2011/05/04/pinning.html
the deprecation was introduced in https://github.com/mirleft/ocaml-x509/commit/2073b7cf39f7acbc11b02e9d02c9a3b73a33259a (x509 0.5.0, Oct 2015). I still use certificate pinning myself, and plan to remove the deprecation of that function, and support both public key and certificate pinning in the API.
I removed the deprecated
tag from the functions, this will be part of the next release.
Thank you!
At the line below, it says that trust_cert_fingerprint is deprecated, and to use trust_key_fingerprint instead. https://github.com/mirleft/ocaml-x509/blob/a77022a12c2354de681818b66a0e4d1bcc7d68de/lib/x509.mli#L768 However, this is very useful to have, since many tools (e.g. openssl x509 -fingerprint) do a fingerprint of the certificate instead of the key. Forcing key fingerprints makes this feature inaccessible.