Hi Richard,
that's like I did it till now. Anyway I don't like that solution for
several reasons, which is why I also want to evaluate the idea of
defining an own "certificate". I am aware of the fact that TLS requires
X.509 according to the standard, but that does not bar me from
evaluating it against other "certificates". It might make sense for
certain applications although I agree it does not sound good if you
first hear about it. I can explain you why I think it might make sense
via personal mail, if you are interested in it. It is not that I don't
want to discuss it in public, but I guess it is off-topic for the list
and I don't want to fill everybody's mailbox with that :)
Regards
Carolin
Richard Salz wrote:
You should use a standard certificate and add your own extensions. Don't
try to create your own certificate format -- there's no need. Then you
just implement your own verify callback that looks for those extensions
and their value.
/r$
--
Visiting Member, IBM Academy
STSM, DataPower Chief Programmer
WebSphere DataPower SOA Appliances
http://www.ibm.com/software/integration/datapower/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
