search

mozilla / tls-observatory

An observatory for TLS configurations, X509 certificates, and more.
Mozilla Public License 2.0
528 stars 88 forks source link

Add validation_type column to certificates #75

Open april opened 8 years ago

april commented 8 years ago

It would be great to see if a given cert was an EV, DV, or OV cert really easily. You can currently look at x509_certificatePolicies (although possibly broken, see #74) and see the OIDs, but it's a bit of a nightmare to go from that to the type.

That said, DV certs should generally have OID 2.23.140.1.2.1, with OID 2.23.140.1.2.2 standing for OV certs. EV certs are complicated, see:

https://en.wikipedia.org/wiki/Extended_Validation_Certificate#Extended_Validation_certificate_identification

jvehent commented 8 years ago

This require a little bit of code. We should add a function that looks up the right extension and compares the OIDs with the list in the link you provided. Definitely a nice to have, but maybe something we should address in the future and not right away, so we can focus on bug fixes for the time being.