[openssl.org #4622]

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #4622]

Rich Salz via RT
Ticket derived from RT4602 (missing accessors)

Reports have been coming in that in the grid world, there are two pre-rfc3820
forms of proxy certs still being used.

Old (pre-draft) format: Looks like a regular EE cert, but has been issued by
another EE (real or proxy), and can be recognised by having the issuer name as
subject name with an extra CN appended, either 'CN=proxy' or 'CN=limited proxy'

draft format: looks like a RFC3820 proxy cert, but uses OID
1.3.6.1.4.1.3536.1.222 instead of the RFC3820 OID for proxyCertInfo.

Cc to Mattias and Mischa, who have provided valuable info on this issue in
RT4602. Guys, I hope it was ok to add you. If not, please tell me and I'll take
you off this ticket.

--
Richard Levitte
[hidden email]

--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4622
Please log in as guest with password guest if prompted

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev