Richard Levitte via RT
2016-07-20 17:10:53 UTC
Hi Richard,
set the
EXFLAG_PROXY flag correctly? In what situations does that happen?
That may be
worth a bug report of its own.
this ties into my earlier question and example of verifying proxy
certificates. What if I want to explicitly *set* the EXFLAG_PROXY for
a
stack of certificates?
I assume you only want that flag set for actual proxy certs a no other. If youI guess having a more restrictive accessor that only sets the
EXFLAG_PROXY bit could work. I suggested the more general solution
of
having set/clear accessors for arbitrary flags since it was - well
more
general.
So let me ask this in a different manner, does OpenSSL 1.1 still notEXFLAG_PROXY bit could work. I suggested the more general solution
of
having set/clear accessors for arbitrary flags since it was - well
more
general.
set the
EXFLAG_PROXY flag correctly? In what situations does that happen?
That may be
worth a bug report of its own.
certificates. What if I want to explicitly *set* the EXFLAG_PROXY for
a
stack of certificates?
simply want to make sure the certs in a stack are properly flagged by OpenSSL,
call X509_check_purpose for each of them.
how would I do that? how can I ensure that
OpenSSL 1.1 will automagically trigger this flag for me? Is there a
'get_*' function to determine which flags were set during certificate
verification?
thanks for any pointers or advice,
The function to retrieve the extension flags is X509_get_extension_flags(). YouOpenSSL 1.1 will automagically trigger this flag for me? Is there a
'get_*' function to determine which flags were set during certificate
verification?
thanks for any pointers or advice,
call that for each X509*.
Incidently, this function calls X509_check_purpose to make sure the caches are
properly built up...
--
Richard Levitte
***@openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4602
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev