Dr. Stephen Henson wrote:
On Mon, Feb 23, 2004, Chris Brook wrote:
Is there any support in crypto->x509(v3) for certificate policy
processing/checking as described in X.509 or PKIX? I had a quick look
through the code but did not see anything? Or is it planned since it is
required for some of the PKI compliance tests?
This gets pretty complex with pathLengthConstraints, Name Constraints, User
and Authority Constrained policies. Perhaps someone is planning a
contribution.
Not that I know of. I was asked about the possibility of adding support by
someone last year. After lots of discussions nothing happened. I haven't
heard anything more for a couple of months.
I could resurrect it if there was sufficient interest.
Are we talking about proper checking of ASN.1 subtype constraints, or of
something more higher level?
--
Lev Walkin
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
