The initial CRLDP implementation uses some workarounds to avoid changing the trust engine class signature. The workarounds should be removed to avoid filesystem hackery or global locking, and move the caching metadata into memory. Hardcoded settings should also be moved to runtime options.
Looking deeper, moving the PKIX validation itself behind a new API should decouple the "hard but defined" bits from the name-checking logic, which is simple to do, but hard to really follow or get right since it's all made up.
Fixed
Pinned fields
Click on the next to a field label to start pinning.
The initial CRLDP implementation uses some workarounds to avoid changing the trust engine class signature. The workarounds should be removed to avoid filesystem hackery or global locking, and move the caching metadata into memory. Hardcoded settings should also be moved to runtime options.