Ticket derived from RT4602 (missing accessors) Reports have been coming in that in the grid world, there are two pre-rfc3820 forms of proxy certs still being used.
Old (pre-draft) format: Looks like a regular EE cert, but has been issued by another EE (real or proxy), and can be recognised by having the issuer name as subject name with an extra CN appended, either 'CN=proxy' or 'CN=limited proxy' draft format: looks like a RFC3820 proxy cert, but uses OID 1.3.6.1.4.1.3536.1.222 instead of the RFC3820 OID for proxyCertInfo. Cc to Mattias and Mischa, who have provided valuable info on this issue in RT4602. Guys, I hope it was ok to add you. If not, please tell me and I'll take you off this ticket. -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4622 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
