Background ========== - Priority scale: High, Medium and Low - Complexity scale: C1, C2, C4 and C8. The complexity scale is exponential, with complexity 1 being the lowest complexity. Complexity is a function of both task 'complexity' and task 'scope'. The general rule of thumb is that a complexity 1 task should take 1-2 weeks for a person very familiar with the codebase. Higher complexity tasks require more time and have higher uncertainty. Higher complexity tasks should be refined into several lower complexity tasks once the task is better understood. DBus API ======== - Add builder APIs for appending fixed-size array data. Currently arrays are built one element at a time which can get pretty expensive for large arrays. A function that appends multiple fixed elements at once to the gvariant and dbus1 builders is needed. Priority: Medium Complexity: C4 Kernel Crypto ============= - Add support for getsockname (getname) in the Linux kernel for sockets of type AF_ALG. Currently this is not implemented and the kernel returns EOPNOTSUPP. Priority: Low Complexity: C2 TLS Support =========== - Implement tls_cert_find_certchain When the server sends its certificate, it should be sending the full certificate chain, where each certificate directly verifies the preceding one in the list. The root CA certificate can be optionally omitted. Since we are given a server certificate and a location with all CA certificates we need to find a cert chain path to satisfy the above condition. The location can either be a directory (e.g. /etc/ssl/certs), or a PEM file with all CA certificates concatenated inside. Alternatively, we can assume that the user would be providing a certchain file with the entire server certchain in some file format (e.g. PEM) which contains all the required certificates concatenated into a single file. The client certificate might require similar handling. Priority: Medium Complexity: C2 - Implement Suite B Profile for TLS Described in RFC 6460 Priority: Medium Complexity: C8