Re: NameConstraints are not being applied (or I don't know how to enforce them?)

Dr. Stephen Henson Thu, 03 Jun 2010 12:05:49 -0700

On Thu, Jun 03, 2010, Victor Duchovni wrote:

> 
> Generally, OpenSSL does not verify peer names, only the certificate
> trust chain, and peername checks are left up to applications. Does
> OpenSSL trust chain validation include any checks on name constraints?
>


OpenSSL 1.0.0 does, sufficient to cover the PKITS RFC3280 tests.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: NameConstraints are not being applied (or I don't know how to enforce them?)

Reply via email to