Hi, unless I didn't look careful enough I think we might still be missing the current_cert (and current_issuer) from the X509_STORE_CTX, as advertised in https://github.com/openssl/openssl/blob/master/doc/HOWTO/proxy_certificates.txt#L204 and used in e.g. https://github.com/italiangrid/voms/blob/master/src/sslutils/sslutils.c and many other places for verifying the proxy chain or is there a better/other solution for that?
Best wishes, Mischa On Fri, Jul 22, 2016 at 03:26:26PM +0000, Richard Levitte via RT wrote: > In addition to github PR 1294, there's now also PR 1339 which adds the > function to set the EXFLAG_PROXY flag on a given certificate. > > Also, PR 1295 has been updated. Instead of a function that returns a lock, > there is now a lock and an unlock function. > > To me, it seems that that covers what's being asked for. Perhaps not exactly > (the setters are for X509_STORE only), but should be workable. > > (writing this from my mobile, sorry for the lack of github links) > > -- > Richard Levitte > levi...@openssl.org > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602 > Please log in as guest with password guest if prompted > > -- > To unsubscribe, send mail to 829272-unsubscr...@bugs.debian.org. -- Nikhef Room H155 Science Park 105 Tel. +31-20-592 5102 1098 XG Amsterdam Fax +31-20-592 5155 The Netherlands Email msa...@nikhef.nl __ .. ... _._. .... ._ ... ._ ._.. ._.. .._.. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4624 Please log in as guest with password guest if prompted
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
