From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Salz, Rich
Sent: Sunday, March 29, 2015 09:31
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Certification Path Building / non-hierachical PKI
Are there any plans or patches for such a feature?
We have no plans for this.
It should be relatively straightforward to implement a non-hierarchical X.509
PKI in an OpenSSL-based application using the certificate verification
callback, though. The necessary graph algorithms are well-known and I believe
there are existing open-source implementations (or it could be done in some
language other than C that's more amenable to graph processing). It's not
trivial, but between the RFC and a basic understanding of graph processing it's
pretty clear what needs to be done.
A larger concern is probably the processing time for checking certification
paths; as the RFC points out, this kind of graph-path processing grows quickly
with the size of the graph.
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for malware by Websense. www.websense.com
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users