I've tried.
It seems not to support.
Ok, thank you.
Vladimir Voznesensky wrote:
Dear Richard,
Does OpenSSL accept 1.3.6.1.4.1.3536.1.222 extension as proxyCertInfo
in "CN=1234567890" proxies?
Thanks.
Richard Levitte wrote:
In message <[EMAIL PROTECTED]> on Mon, 03 Mar 2008
18:31:47 +0300, Vladimir Voznesensky <[EMAIL PROTECTED]> said:
vovic> Hello.
vovic> vovic> I'm trying to use gLite (VOMS) proxy certificates with
"CN=proxy" at the subject tail and X509v3 "Key Usage" extension to
authenticate a client to a server.
vovic> Plain certificates signed by CA work well.
vovic> When I'm trying to use gLite-generated proxy certificate, the
server responses "Unknown ca" (verification error 20).
vovic> I use X509_STORE_set_flags(x509_store,
X509_V_FLAG_ALLOW_PROXY_CERTS) for server security context.
vovic> My OpenSSL version is 0x0090807fL .
vovic> vovic> Does anybody know how to use grid proxy certificates in
the right way?
vovic> Have anybody tried
vovic> http://www.openssl.org/docs/HOWTO/proxy_certificates.txt
vovic> to use gLite proxies?
OpenSSL supports proxy certificates according to RFC 3820, and thus
require that there is a proxyCertInfo extension to be accepted as
such.
You're talking about older style proxy certificates, which have not
been implemented in OpenSSL, and quite honestly, I hope noone does.
Cheers,
Richard
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
