Closed wbond closed 8 years ago
There are three implementations of the trust_list
module, one for each OS:
Some OIDs need to be added for OS X: https://github.com/wbond/asn1crypto/issues/17
Additionally, we are going to need to add a "translation" layer for key purposes that will cover the "standard", OS X and Windows variations of OIDs. For instance, Windows uses 1.3.6.1.5.5.7.3.1
(a standard OID for server auth) for SSL, whereas OS X uses 1.2.840.113635.100.1.3
.
As of 41cb25705aabe33003c89dcc307c81cb23ee650b, oscrypto.trust_list
now includes trust information for each certificate in the store, and trust_list.get_path()
encodes the trust info into a format that OpenSSL understands.
Correct me if I am wrong: this issue is already fixed, and it will solve wbond/package_control#1079 and wbond/package_control#1002 in the next release, correct? So currently we just need to wait patiently for it?
@franklinyu This work will be used to replace the existing code in Package Control for grabbing OS trust roots.
Any chance this would get resolved soon? This is one of the things that drives me nuts with Sublime.
@uchuugaka Work on this issue will continue as time allows. The next step is to add asn1crypto and oscrypto to Package Control as relative imports, possibly with unused submodules removed.
Even if not fixed, is there at least a workaround to mute the message?
@FichteFoll Thank you!
Package Control will be switching to use
oscrypto.trust_list
for TLS trust roots to solve:In order to do this, we need to tweak
trust_list.get_list()
. Ideally we need:get_list()
by one or more key usage strings/extended key usage OIDsget_list()
that will return the list os trust roots along with aset()
of their key usage names and extended key usage OIDs