You should be able to implement your code using the callbacks, without having to add code to the library directly. This is, I believe, not available in 0.9.7g -- most of the callbacks were implemented in 0.9.8. (You should always be able to contribute in the contrib/ directory, though examples of how to use the library as-is without having to recompile it are likely more includable. An example of how to extend the authentication mechanism, though, is definitely useful.)
If you make the code available, this is an area that I have interest in, and would gladly help with making 0.9.8- and 0.9.9-capable. [more comments interspersed below] On 9/26/06, Dr Bob <[EMAIL PROTECTED]> wrote:
Initially I used X509 certificates for the authentication between peers, However I quickly realised that a hierarchical certificate structure was not ideal, and that a Web of Trust system would be required.
I would like to have a hybrid WoT and hierarchal system (i.e., if people I trust show that they trust a given issuer for a given domain, I'd like to be able to trust that issuer for that domain... such as [EMAIL PROTECTED] being able to issue to [EMAIL PROTECTED] and [EMAIL PROTECTED]). I think that this is probably possible with the OpenPGP "trusted introducers" concept?
So: (1) Is OpenSSL interested in including this work into the code base (provided its up-to-scratch etc...) ?
It's unlikely to be put into the main code base, as it adds a new set of security-related functions which would need to be audited, etc. As I suggested, though, it might do well in the contrib/ section (though I'm not a core developer, and have no commit access, so I can't prove that point). :)
(2) If so, is there anyone who could [guide/help] me to clean it up and correctly merge the code?
Run it through indent. Also, document your functions, what incoming constraints there are, and what output constraints you guarantee. I'd gladly help with the cleanup process (again, that's for 0.9.8 and 0.9.9 capability).
(3) What are the procedures for doing so (I'm new around here)
Umm... I would think that you could file a patch against the base OpenSSL distribution in rt, with the code appropriately located in contrib/. I don't know for certain, though. -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]