Hi all
> o Steve is currently working on (in no particular order):
> Proper (or at least usable) certificate chain verification.
> Private key, certificate and CRL API and implementation.
> Checking and bugfixing PKCS#7 (S/MIME code).
> Various X509 issues: character sets, certificate request
extensions.
About X.509 and PKCS#Y: OpenSSL allows to generate e.g. a
PKCS#10 which contains more than one CN. As much as I
know only a subset of specific RDN's are allowed to appear
repeated. Well we can say that the related application is responsible
that such a struct is generated correctly. But what about the parsing?
When I have a PKCS#10 with two CN RDN's and I enter
"openssl req -in csr-.txt -verify" it outputs "verify OK". That's okay
for the signature but not for the correctness of the structure.
Is there a plan to handle that?
> OPEN ISSUES
>
> o internal_verify doesn't know about X509.v3 (basicConstraints
> CA flag ...)
I'm still interested in the design, API and realisation of the X.509
verification
stuff. I hope that we can have a view into the specification, design and API
spec.
Kind regards
Rene
--
-----------------------------------------------------------
Rene G. Eberhard
Mail : [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
