I've been working with proxy certificates for quite awhile, albeit skeptically. I'm wondering, now that there's support for proxy validation in OpenSSL, if there's any reason I can't create command line mechanisms for the common proxy operations.
The operations I'm thinking of are proxy creation, destruction and information. >From my experience, the real work is implementing the proxy creation mechanism, since proxy validation appears to be finished and destruction is simply a matter of removing the proxy file. I was thinking of something that looked like: openssl x509 -createproxy -in usercert.pm -out /tmp/proxy_x509_<uid> openssl x509 -validateproxy -in /tmp/proxy_x509_<uid> openssl x509 -destroyproxy -in /tmp/proxy_x509_<uid> although, I'm not opposed to the proxy stuff to work like this: openssl x509proxy -create -in usercert.pm -out /tmp/proxy_x509_<uid> openssl x509proxy -validate -in /tmp/proxy_x509_<uid> openssl x509proxy -destroy -in /tmp/proxy_x509_<uid> I'm wondering what thoughts are about this modification? Does it seem like something that's good to add? If so, is this a reasonable approach? Thanks for your feedback, --Ivan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
