On Thu, Jul 06, 2006, [EMAIL PROTECTED] wrote: > > Hi, > Can anyone please explain to to me the 'aux' field in the X509 > structure. > I understand it contains some trust settings. >
It also contains additional information such as a human readable name such as "Steve's Certificate". > I need to know- Can I create a certificate with trust settings, or are > these trust settings added later to the X509 structure initialised from > a certificate. > For security reasons when a certificate is obtained from an untrusted source the settings are empty. The functions PEM_*X509_AUX() will save/load any auxiliary information in a certificate. The format used is unique to OpenSSL. They can be modified using the x509 utility. > Also how these trust settings are internally used ? > The text name is used by the PKCS#12 code to exchange the friendlyName attribute. The trust settings currently are only applied to the root CA. They can be used to restrict the purposes the CA can be used for. So for example if a root is encountered which SSL server trust setting an error occurs if an attempt is made to verify it for SSL client use. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
