In message <[EMAIL PROTECTED]> on Mon, 03 Mar 2008 18:31:47 +0300, Vladimir Voznesensky <[EMAIL PROTECTED]> said:
vovic> Hello. vovic> vovic> I'm trying to use gLite (VOMS) proxy certificates with "CN=proxy" at the subject tail and X509v3 "Key Usage" extension to authenticate a client to a server. vovic> Plain certificates signed by CA work well. vovic> When I'm trying to use gLite-generated proxy certificate, the server responses "Unknown ca" (verification error 20). vovic> I use X509_STORE_set_flags(x509_store, X509_V_FLAG_ALLOW_PROXY_CERTS) for server security context. vovic> My OpenSSL version is 0x0090807fL . vovic> vovic> Does anybody know how to use grid proxy certificates in the right way? vovic> Have anybody tried vovic> http://www.openssl.org/docs/HOWTO/proxy_certificates.txt vovic> to use gLite proxies? OpenSSL supports proxy certificates according to RFC 3820, and thus require that there is a proxyCertInfo extension to be accepted as such. You're talking about older style proxy certificates, which have not been implemented in OpenSSL, and quite honestly, I hope noone does. Cheers, Richard -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
