evReady/src/pkix/lib/pkixocsp.cpp (6 lines):
	- line 130: // TODO: needs test
	- line 140: // TODO: check for revocation of the OCSP responder certificate unless no-check
	- line 466: // TODO: more specific error code for bad version?
	- line 493: // TODO: Do we even need to parse this? Should we just skip it?
	- line 566: // parse it. TODO: We should mention issues like this in the explanation of
	- line 719: // TODO: support SHA-2 hashes.


evReady/src/pkix/lib/pkixcheck.cpp (2 lines):
	- line 364: // TODO: Users may configure arbitrary certificates as trust anchors, not
	- line 629: // TODO: add check for self-signedness?


evReady/src/pkix/lib/pkixnames.cpp (2 lines):
	- line 710: // TODO: At some point, we may add APIs for matching DirectoryNames.
	- line 888: // TODO: Ask to have spec updated to say ""Conforming CAs [...] SHOULD


crlVerification/utils/crl.go (2 lines):
	- line 29: // @TODO test this fmting
	- line 39: // @TODO test this fmting


cacheck/ccadb/db.py (1 line):
	- line 330: #TODO: is_technically_constrained2?


crlVerification/utils/serial.go (1 line):
	- line 29: // @TODO test this fmting


evReady/src/pkix/include/pkix/pkixtypes.h (1 line):
	- line 326: // TODO: Taking the output buffer as (uint8_t*, size_t) is counter to our


capi/lib/expiration/expiration.go (1 line):
	- line 58: // @TODO try to figure certutil's error codes. It uses non zero codes when the answer is


capi/lib/service/verifyChain.go (1 line):
	- line 26: // @TODO richer conveyance back over HTTP to the client


evReady/src/pkix/lib/pkixbuild.cpp (1 line):
	- line 162: // TODO: this doesn't account for subjectAltNames!


capi/lib/lint/x509lint/x509lint.go (1 line):
	- line 86: // @TODO We currently have no notion as why this happens, so we are ignoring it for now.


evReady/src/pkix/include/pkix/pkixnss.h (1 line):
	- line 54: // TODO: Taking the output buffer as (uint8_t*, size_t) is counter to our