Hello, some recent changes in openssl (1.0.0) done by Stephen Henson are about an addition to have policy checking in path validation.
I am trying to find out how to configure a small hierarchy with one root and one operational CA, i.e. one that issues certs to end entities, in the following way: The operational CA (by itself as a standalone CA) has two policies i.e. it may create end entities with a OID 1 and others with OID 2 as a certificatePolicy. The root CA is a trust anchor for some application, let's say a web server or some email signature validator. The root CA wants to issue a certificate that limits a valid path only for those end entity certs with, let's say OID 1, and for the others the path would not be valid. I think that 'openssl verify' in 1.0.0-beta2 should be usable as is for testing. TIA for any hint. Peter Sylvester ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
