Certification Path Building / non-hierachical PKI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Salz, Rich
> Sent: Sunday, March 29, 2015 09:31
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] Certification Path Building / non-hierachical PKI
> 
> > Are there any plans or patches for such a feature?
> 
> We have no plans for this.

It should be relatively straightforward to implement a non-hierarchical X.509 PKI in an OpenSSL-based application using the certificate verification callback, though.  The necessary graph algorithms are well-known and I believe there are existing open-source implementations (or it could be done in some language other than C that's more amenable to graph processing). It's not trivial, but between the RFC and a basic understanding of graph processing it's pretty clear what needs to be done.

A larger concern is probably the processing time for checking certification paths; as the RFC points out, this kind of graph-path processing grows quickly with the size of the graph.

-- 
Michael Wojcik
Technology Specialist, Micro Focus



This message has been scanned for malware by Websense. www.websense.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux