Hi all, To properly validate the certificate, the steps in RFC5280 Section 6 need to be followed. This allows for validation of the certificate, as well as the chain back to a trusted Root.
OpenSSL 1.0.1 has most of the pieces in place to do this, but there are a few areas where you would need to supplement this with additional code, specifically surrounding obtaining and evaluating the revocation information. Doing this properly and efficiently can be a bit tricky (especially in high volume environments), but there exists tools like Pathfinder (http://www.carillon.ca/tools/pathfinder) that can handle this for you. Have fun. Patrick. On 2013-04-10, at 9:28 PM, Salz, Rich wrote: > The proper term is proof of possession. SSL/TLS define how to do it in the > protocol spec. > > /r$ > > -- > Principal Security Engineer > Akamai Technology > Cambridge, MA > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org --- Patrick Patterson Chief PKI Architect Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
