« Metal Hurlant home page
« JSObject. It’s not just for Java anymore.
As3 Eval updated »

Still Alive

My work life has been very distracting these past few months. I’m not quite out of the woods yet, but things should calm down a bit over the next few weeks, which should give me a chance to have some fun here again.

My apologies to folks reporting bugs or asking for advice. Your pleas are not lost on me, and I’ll make a point to fix the known bugs, and generally try to be a wee bit more helpful.

As much as it itches me, I’ll try hard not to start some new project yet, at least not until I feel better about the state of the existing stuff.

Anyway, here’s my tentative TODO list for now:

  • isSigned() chokes on a certificate served for www.openssl.org. That’s probably a clue my ASN-1 parsing sucks. I have an incomplete but potentially much better parsing method for ASN-1 (based on *gasp* actually reading a spec), so that might be the way to go there.
  • There’s something rotten in my BigInteger implementation, which seems to result in RSA key lengths being occasionally off.
  • Fix some TLS bugs (Andy’s parsing bugs, at least)
  • Implement some missing bits of TLS (to at least get https://api.del.icio.us/v1/tags/get to load.)
  • Check RSAKeyTest::testPem2(), since it might be broken.
  • Update the Eval library with a recent tamarin dump, and fix the newline problem in the test app.

If I’m missing something in that list, feel free to remind me.

Explore posts in the same categories: sadness

This entry was posted on Wednesday, March 12th, 2008 at 2:13 am and is filed under sadness. You can comment below, or link to this permanent URL from your own site.

9 Comments on “Still Alive”

  1. Gabe Says:
    March 13th, 2008 at 8:11 am

    In order to handle wild cards in certificate names need the following patch below. This makes it so *.s3.amazonaws.com cert works.

    TLSEngine: line 691, instead of ==, do regex.

    var escaped:String = regexEscape(firstCert.getCommonName());
    var reg:String = escaped.replace(/\\\*/g, “[^.]+”)
    if (new RegExp(reg).exec(_otherIdentity)) {

    The function to escape regular expression characters:

    // Regexp.escape(’\\*?{}.’) #=> \\\\\*\?\{\}\.
    private function regexEscape(s:String):String {
    return s.replace(/([\\*?{}.])/g, “\\$1″);
    }

    And the *.s3.amazonaws.com becomes: [^.]+\.s3\.amazonaws\.com

  2. Remi Frenay Says:
    March 13th, 2008 at 11:43 am

    Hi Henri,

    I’ve been using your PDML code and I think it’s a very useful project.
    At this moment the your project has not been updated for 4 years, so I
    guess your busy with other things.
    If you want I can help you with putting new life into this project. I
    can help you with : php code, documentation, forum.

    ps: Sorry that I’m using your blog to post you about this but the email adres on sourceforge doesn’t work anymore.

    Regards,
    Remi Frenay

  3. Sergejack Says:
    March 27th, 2008 at 2:34 am

    The zip file supposed to contain the SWC file actually contain a XML and a SWF file.
    I’m quite new to Flex so pardon my ignorance if those files are usable as a library, but isn’t it a mishandling?

  4. Jarosia Says:
    April 6th, 2008 at 12:38 am

    in eval is it possible to import classes, i.e Dictionary?

  5. Thijs Triemstra Says:
    April 9th, 2008 at 7:16 pm

    Hi, I see the downloads page doesn’t provide any MD5 sigs for the released packages. Any reason? Or does it not make sense to provide those and am I just being paranoid? ;)

    Thanks for the great library!

  6. Stephen Says:
    April 18th, 2008 at 2:53 pm

    I’m trying to use dispose and in IVMode.as line 63, there is a reference to iv and not lastIV, which I suspect is a bug. That should probably be fixed in the next release.

  7. Ben Says:
    April 25th, 2008 at 9:41 am

    I’m looking into a way to generate a dynamic proxy of an arbitrary interface definition in AS3. Because it is not possible to dynamically type cast a dynamically constructed object to an interface in AS3, I though it may be possible to use the Eval library to compile generated code at runtime and load it into the interpreter. Looking through the source it seems that the “implements INTERFACE” tokens get lexed but the parsing of this is not yet implemented. I see you have some mild plans to update the library sometime soon. Would this update encompass being able to generate dynamic instances of interfaces?

  8. ken larkin Says:
    May 13th, 2008 at 2:12 am

    Shouldn’t the verify function return a bool to say whether the signature is valid. How do I use the verify function to check using a public key wheather a string was actually signed by a particular private key.

    Please help,
    Thanks,
    Ken

  9. Ben Says:
    May 24th, 2008 at 2:57 pm

    I’m trying the TLSEngine out against a local installation of Stunnel (4.24) with a self-signed cert.

    The handshake breaks down in the loadCertificates function because the firstCert is the parent cert from the store, so a “Cannot verify certificate” error is thrown.

    When I run the TLSTest against the 5 publicly available servers listed there, everything is fine.

    The main difference seems to be that the cert chains are longer in the TLSTest example than when I run it against the Stunnel socket.

    It is possible that my Stunnel cert is wrong?

    Ben

Comment: