Next: Added Configuration Options
Up: Architecture
Previous: Architecture
The following additions shall be made to the existing code.
- On start-up, lynx-cert will create
LOCAL_CERT_DIR if
necessary.
- The information page (
LYShowInfo) will be modified
to display information about the security of the connection.
- Lynx-cert will respond to the SSLv3 CertificateRequest
message. Lynx-cert will check to see if the user has an applicable
certificate and sends it (along with the corresponding
CertificateVerify message, if necessary) in its response. This will
be handled by the underlying SSLeay library.
- The MIME types
application/x-x509-ca-cert and
application/x-x509-user-cert will be recognized and handled
correctly. Users shall be prompted for an appropriate course of
action. (See the user interface section.)
- The KEYGEN tag will be handled. All attempts will be
made to introduce a sufficient amount of entropy into the key
generation process (in addition to entropy provided by SSLeay, which
in some cases, is insufficient).
Lynx-cert will support 512, 768 and 1024 bit key sizes.
- A new command will be added to bring up the certificate
management system. The interface of this system is described in the
user interface section. Features implemented will meet all the
specifications and requirements of all three groups.
Note that lynx-cert will look in an additional system directory
(configurable; see below) for CA certificates. The contents of this
directory may also be edited, if the user has the necessary
privileges to read and write in the directory.
All certificate specific changes to the code will require that both
the USE_SSL and USE_CERTS symbols be defined.
Team Athena