I remember mentioning this a while back, but don't think anything ever came from it.
Are there any plans to add convenience functions for the hashes specified in draft-ietf-pkix-certstore-http? (This proposed document provides some implementation details for RFC2585, and basically maps a URL of the form query?attribute=value to a (multipart) MIME response containing the DER-encoded certificate(s) with Content-Type: application/pkix-cert or application/pkix-crl.) Specifically, the draft RFC borrows from Gutman to require base64-encoded SHA-1 hashes of the subject and issuer X509_NAME fields, the issuer X509_NAME concatenated with the serial number, the entire certificate (the "fingerprint"), and a base64-encoded subject key id. These are identified as sHash, iHash, iAndSHash, (fingerprint?) and sKID, respectively. I think Gutman also mentioned an aKID hash, but it's not mentioned in this document. I know that something similar is covered by the new OCSP routines, but the OCSP_CERTID doesn't provide all of the hashes or wrap it up into a nice base64-encoded string. Obviously OCSP provides a much cleaner interface, but it requires a larger investment than some CGI-BIN scripts to handle these simple lookups. But this implies that there code will be used by people unfamiliar with the library internals - there needs to either be some convenience functions and/or additional options to openssl x509. I can provide some simple (and probably horribly coded) code to implement these hashes, if somebody has a suggestion for a good name. Right now I'm using int b64_shash (char *, size_t, X509 *); int b64_ihash (char *, size_t, X509 *); int b64_iandshash (char *, size_t, X509 *); int b64_skid (char *, size_t, X509 *); int b64_fingerprint (char *, size_t, X509 *); but I'm not sure that either the prefix or signature would be good long-term choices. Bear ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]