On Fri, Jan 08, 1999 at 02:58:38PM +0000, Simon Middleton wrote:
> Has anyone done any work on adding support for SGC/StepUp to SSLeay/OpenSSL?
>
> We would like to add this facility to the browser we use - as otherwise there
> is no way we can export strong crypto out of the UK. So not withstanding the
> aesthetic/ethical complaints people might have about it I'd like to see it
> included.
>
> Or is it the case that it is not something that belongs in the SSL library
> but needs to be handled outside it in the driving code?
If you're talking about adding SGC extensions to certificates, you can
do this with cafix, adding the Netscape SGC option. Didnt try with
Microsoft's own extension, but I think it'll be similar.
If you want an export browser (e.g. MSIE or Netscape) to connect doing
strong cryptography, it's more difficult. Those browsers look for the
SGC X.509v3 extension, but then, the certificate must be issued by
"Microsoft SGC Root" or "Verisign Class 3".
Easiest thing is fortifying a browser, or trying to (as I tried but
didnt test) overwrite Class 3 self-sign certificate with yours. :)
--
Jonathan Ruano <[EMAIL PROTECTED]> ICQ#1252101 AIM:Tlabok Y!Kobalt14
Intercomputer soft, s.a (Any other pager?).
Dpto. de Tecnologia
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
