"William M. Perry" wrote:
> But this code is for use when _all_ you have is their
> certificate and you
> need to verify it against an LDAP directory. Unfortunately,
> you cannot
> search binary attributes in LDAP, otherwise you could just
> search on the
> certificate.
One solution I've seen is to calculate an md5 of the certs and
use that for identification aka. in a multiple CA environment,
each cert is stored on the ldap server with an md5 of the CA
and an md5 of the cert. Other entries would be the contents of
the DN, validity period, cert status, pem and der encoded cert.
Works wuite well, and could IMO be a resonable alternative to the
current cert database used by openssl.
vh.
Mads Toftum, QDPH
---
"Of course, in Perl culture, almost nothing is prohibited. My feeling is
that
the rest of the world already has plenty of perfectly good prohibitions, so
why invent more?"
-- Larry Wall (Open Sources, 1999 O'Reilly and Associates)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
