I suspect that there will shortly be plenty of interest, at least on the U.S. side, as the US Gov and DoD in particular are pushing hard into the world of PKI. That means compliance testing of all the path processing stuff which of course includes the policies and constraints aforementioned. So if you are feeling motivated....... Chris
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson Sent: Monday, February 23, 2004 5:23 PM To: [EMAIL PROTECTED] Subject: Re: openssl cert policy handling On Mon, Feb 23, 2004, Chris Brook wrote: > Is there any support in crypto->x509(v3) for certificate policy > processing/checking as described in X.509 or PKIX? I had a quick look > through the code but did not see anything? Or is it planned since it is > required for some of the PKI compliance tests? > This gets pretty complex with pathLengthConstraints, Name Constraints, User > and Authority Constrained policies. Perhaps someone is planning a > contribution. Not that I know of. I was asked about the possibility of adding support by someone last year. After lots of discussions nothing happened. I haven't heard anything more for a couple of months. I could resurrect it if there was sufficient interest. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
