Massimiliano Pala <[EMAIL PROTECTED]> writes:
> "William M. Perry" wrote:
> > > Searching by e-mail doesn't mean you search certificate's e-mail, but the
> > > attribute
> > >
> > > email: someone@somewhere
> > >
> > > in the LDAP directory. When found the email, than you get the user's
>certificates.
> >
> > Yes, but you need to somehow get 'someone@somewhere' out of the
> > certificate in order to form your LDAP query. This is what I use the
> > rfc1485-ish format of X509_get_subject_name() to get.
>
> You can simply make the user send you his e-mail while requesting the
> certificate, then you have it: simply add an entry to the LDAP for him
> and add the email: attribute.
But this code is for use when _all_ you have is their certificate and you
need to verify it against an LDAP directory. Unfortunately, you cannot
search binary attributes in LDAP, otherwise you could just search on the
certificate.
-bp
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
