On Feb 28, 2014, at 8:01 AM, Bernhard Amann <bernhard(a)ICSI.Berkeley.EDU> wrote:
On Feb 28, 2014, at 6:37 AM, Seth Hall <seth(a)icir.org> wrote:
On Feb 28, 2014, at 6:04 AM, Bernhard Amann <bernhard(a)ICSI.Berkeley.EDU> wrote:
-event x509_extension(f: fa_file, ext:
+event x509_extension(f: fa_file, cert: X509::Certificate, ext: X509::Extension)
Would it make more sense to leave the cert out? Seems like state we should collect in
script land instead of passing it through from the core each time.
The “cert” only is a record in the events. So - the only thing that is passed around is a
pointer. The actual certificate string is not passed to script land anymore (when I am
will be able to get it if you really want to, but it will not be exposed by default).
An opaque type is passed around - this makes certificate verification possible without
having to re-parse
them with OpenSSL.
I thought that that is ok. Or are you meaning something else?
Followup - Seth convinced me that I am doing it wrong :) The record will disappear from