In message <[EMAIL PROTECTED]> on Mon, 23 Feb 2004 16:26:38 -0800, Lev Walkin <[EMAIL PROTECTED]> said:
vlm> Dr. Stephen Henson wrote: vlm> > On Mon, Feb 23, 2004, Chris Brook wrote: vlm> > vlm> > vlm> >>Is there any support in crypto->x509(v3) for certificate policy vlm> >>processing/checking as described in X.509 or PKIX? I had a quick look vlm> >>through the code but did not see anything? Or is it planned since it is vlm> >>required for some of the PKI compliance tests? vlm> >>This gets pretty complex with pathLengthConstraints, Name Constraints, User vlm> >>and Authority Constrained policies. Perhaps someone is planning a vlm> >>contribution. vlm> > vlm> > vlm> > Not that I know of. I was asked about the possibility of adding support by vlm> > someone last year. After lots of discussions nothing happened. I haven't vlm> > heard anything more for a couple of months. vlm> > vlm> > I could resurrect it if there was sufficient interest. vlm> vlm> Are we talking about proper checking of ASN.1 subtype constraints, or of vlm> something more higher level? We're talking at the X.509/PKIX level. You might want to read RFC3280. ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsv�gen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
