7cb535d4b5
When scanning the file system for root certificates, expired certificates are skipped and therefore not used for verification in TLS sessions. There is only this one check, however, so a long-running server will need to periodically rescan for a new Certificate.Bundle and strategically start using it for new sessions. In this commit I made the judgement call that applications would like to opt-in to root certificate rescanning at a point in time that makes sense for that application, as opposed to having the system clock potentially start causing connections to fail. Certificate verification checks the subject only, as opposed to both the subject and the issuer. The idea is that the trust chain analysis will always check the subject, leading to every certificate in the chain's validity being checked exactly once, with the root certificate's validity checked upon scanning. Furthermore, this commit adjusts the scanning logic to fully parse certificates, even though only the subject is technically needed. This allows relying on parsing to succeed later on.
A general-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
Resources
- Introduction
- Download & Documentation
- Chapter 0 - Getting Started | ZigLearn.org
- Community
- Contributing
- Code of Conduct
- Frequently Asked Questions
- Community Projects
Installation
- download a pre-built binary
- install from a package manager
- build from source
- bootstrap zig for any target
License
The ultimate goal of the Zig project is to serve users. As a first-order effect, this means users of the compiler, helping programmers to write better software. Even more important, however, are the end-users.
Zig is intended to be used to help end-users accomplish their goals. Zig should be used to empower end-users, never to exploit them financially, or to limit their freedom to interact with hardware or software in any way.
However, such problems are best solved with social norms, not with software licenses. Any attempt to complicate the software license of Zig would risk compromising the value Zig provides.
Therefore, Zig is available under the MIT (Expat) License, and comes with a humble request: use it to make software better serve the needs of end-users.
This project redistributes code from other projects, some of which have other licenses besides MIT. Such licenses are generally similar to the MIT license for practical purposes. See the subdirectories and files inside lib/ for more details.