via RT
2016-07-22 15:51:16 UTC
Hi,
unless I didn't look careful enough I think we might still be missing
the current_cert (and current_issuer) from the X509_STORE_CTX, as
advertised in
https://github.com/openssl/openssl/blob/master/doc/HOWTO/proxy_certificates.txt#L204
and used in e.g.
https://github.com/italiangrid/voms/blob/master/src/sslutils/sslutils.c
and many other places for verifying the proxy chain or is there a
better/other solution for that?
Best wishes,
Mischa
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email ***@nikhef.nl
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
unless I didn't look careful enough I think we might still be missing
the current_cert (and current_issuer) from the X509_STORE_CTX, as
advertised in
https://github.com/openssl/openssl/blob/master/doc/HOWTO/proxy_certificates.txt#L204
and used in e.g.
https://github.com/italiangrid/voms/blob/master/src/sslutils/sslutils.c
and many other places for verifying the proxy chain or is there a
better/other solution for that?
Best wishes,
Mischa
In addition to github PR 1294, there's now also PR 1339 which adds the function to set the EXFLAG_PROXY flag on a given certificate.
Also, PR 1295 has been updated. Instead of a function that returns a lock, there is now a lock and an unlock function.
To me, it seems that that covers what's being asked for. Perhaps not exactly (the setters are for X509_STORE only), but should be workable.
(writing this from my mobile, sorry for the lack of github links)
--
Richard Levitte
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
Please log in as guest with password guest if prompted
--
--Also, PR 1295 has been updated. Instead of a function that returns a lock, there is now a lock and an unlock function.
To me, it seems that that covers what's being asked for. Perhaps not exactly (the setters are for X509_STORE only), but should be workable.
(writing this from my mobile, sorry for the lack of github links)
--
Richard Levitte
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
Please log in as guest with password guest if prompted
--
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email ***@nikhef.nl
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4624
Please log in as guest with password guest if prompted
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4624
Please log in as guest with password guest if prompted