From 2845c8f1f5c51e66ee2e32333183a7383ce1ff88 Mon Sep 17 00:00:00 2001
From: Seth Schoen <schoen@eff.org>
Date: Thu, 15 Nov 2012 23:31:28 -0800
Subject: [PATCH] two CSR sanity-checking todo items

---
 server-ca/chocolate.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server-ca/chocolate.py b/server-ca/chocolate.py
index 064412f29..e06f024fa 100755
--- a/server-ca/chocolate.py
+++ b/server-ca/chocolate.py
@@ -252,6 +252,10 @@ class session(object):
             self.die(r, r.BadRequest, uri="https://ca.example.com/failures/priorrequest")
             return
         # Process the request.
+        # TODO: check that each element of the CA/B Forum Baseline
+        # Requirements is enforced here or elsewhere.
+        # TODO: check that the request involves a public key algorithm
+        # that we support.
         if not all([safe("recipient", recipient), safe("csr", csr)]):
             self.die(r, r.BadRequest, uri="https://ca.example.com/failures/illegalcharacter")
             return