Status: New
Owner: ----
Labels: Type-Defect Priority-Unassigned
New issue 20967 by
fmuad...@gmail.com: Using an SSL certificate emitted by
an authority should be much simpler in Dart
https://code.google.com/p/dart/issues/detail?id=20967
PROBLEM: Using an SSL certificate emitted by an authority is TOO complex in
Dart. Many struggle and fail to do it. Read for example:
http://stackoverflow.com/questions/25873528/dart-use-ssl-emitted-by-an-authority
http://stackoverflow.com/questions/21685205/how-does-darts-bindsecure-function-find-ssl-certificates
http://stackoverflow.com/questions/25388750/dart-https-request-with-ssl-certificate-please
http://stackoverflow.com/questions/24048258/dart-http-server-and-importing-a-ssl-certificate
SOLUTION: Dart should support SSL certificate management natively,
simplifying and automating it. To do this the following improvements are
needed:
1 - Eliminate the need of external utilities (certutil, openssl,... etc.)
implementing their basic functionalities in the Dart framework. External
utilities are often untested and full of vulnerabilities (see the openssl
disaster for example). Only a google certified and tested library can be
fully trusted.
2 - Provide a single Dart function with few parameters for installing an
SSL certificate provided by an authority, and a single Dart function for
using it. One line of Dart code should be all it takes to do both
operations.
3 - Provide a simple SSL configuration class for additional, non standard
SSL options (expiration, revocation, handshake, strict transport security,
signature algorithm and key sizes, subdomain certificates, allowed
protocols, allowed cipher suites, forward secrecy, SNI, etc.).
4 - Provide a simple client class for testing and verifying SSL
certificates and HTTPS connections (expiration, revocation, handshake,
strict transport security, signature algorithm and key sizes, subdomain
certificates, allowed protocols, allowed cipher suites, forward secrecy,
SNI, etc.)
5 - Provide a function in the ssl configuration class to save and load
configuration options in a portable and human readable external json file.
6 - Extensive debugging, testing and strict code validation protocols
should be done on the library before each new release to ensure high
security and lack of vulnerabilities.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings