1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
things we might want to do -*- outline -*-
* Map LDAP error codes
* Optimize lookup
** Use the most likely server first.
This is the server where a baseDN has been given and that baseDN is
contained in the search pattern.
* name subordination (nameRelativeToCRLIssuer)
is not yet supported by Dirmngr.
* CRL DP URI
The CRL DP shall use an URI for LDAP without a host name. The host
name shall be looked by using the DN in the URI. We don't implement
this yet. Solution is to have a mapping DN->host in our ldapservers
configuration file.
* Support certs-only CMS messages
Some sites store their certificates under userSMIMECertificate. To
handle them we need to parse a CMS message and break of all
certificates. Requested by Neil Dunbar. I have added some code
fragments to ldap.c but it needs to be finished.
* Various problems with German SigG certs
We need to implement the chain-validation-model and come up with a
way to verify the intermediate certificates. There are no CRLs
available and using OCSP with the same responder is point less.
Needs more investigation.
* Test OCSP responder redirection.
We need to figure out an OCSP responder actually using rediection.
|
