Yes, it's in "openssl x509 -in cert.pem -noout -text". We noticed
that it's possible to ask grid-proxy-init to set a path-length with an
option, but I assume you're not doing that, otherwise you would
already know why the path length was a particular value.
Also, in some other mail you mentioned used myproxy-init also, I
believe. If that is true, I would be interested to see the value both
before and after you load it into myproxy.
Charles
On Aug 4, 2008, at 8:41 AM, Byteh39d wrote:
I'm also using grid-proxy-init. How'd you extract that snippet
below, an "openssl x509" query?
On Aug 1, 2008, at 4:19 PM, Charles Bacon <[EMAIL PROTECTED]> wrote:
I am reminded by someone who knows more than I do that the pathlen
only shows up in proxies.
How are you getting your proxy? When I run grid-proxy-init, I get:
Proxy Certificate Information: critical
Path Length Constraint: infinite
Policy Language: Inherit all
Charles
On Aug 1, 2008, at 2:56 PM, Charles Bacon wrote:
Beats me. When I look at my cert with openssl x509 -text, I don't
see a path length constraint.
Charles
On Aug 1, 2008, at 2:34 PM, I8abyte wrote:
On Fri, Aug 1, 2008 at 9:50 AM, Charles Bacon <[EMAIL PROTECTED]>
wrote:
On Aug 1, 2008, at 6:45 AM, I8abyte wrote:
I tinkered with the -xo and the -xi options but no luck but I'm
not
sure I'm doing it correctly. The <dcau>false</dcau> inside the
<rftOptions> block did nothing, it still complains about the CA
path
length. I'd still like to hear your take on it, or anyone
else's.
My naive question is, who's your issuer and why did they put a
pathlen 2
restriction on your certificate? It seems like either they
could remove
that restriction or you could get a different issuer.
Charles
I have trusted CAs ... I've cleared the diags ... does it matter
one
red-cent what the path length is besides zero "0"? I thought
anything
over "0" was chain-able ... educate me or point me elsewhere...
