Hello,
I need to prove to our customer that OpenSC performs some sort of sanity
checking before loading a certificate on to a smart card. I know that
PKCS15-init does some kind of checking because when I attempt to load a
certificate on the card after modifying it with a text editor, it fails
Brian Thomas wrote:
I need to prove to our customer that OpenSC performs some sort of
sanity checking before loading a certificate on to a smart card.
Sanity checking of what?
If the requirement is not qualified any further then that is one
stupid requirement.
PKCS15-init does some kind of
, February 25, 2011 11:19 AM
To: opensc-devel@lists.opensc-project.org
Subject: Re: [opensc-devel] Documentation sanity checks
Brian Thomas wrote:
I need to prove to our customer that OpenSC performs some sort of
sanity checking before loading a certificate on to a smart card.
Sanity checking of what
On Feb 25, 2011, at 7:22 PM, Brian Thomas wrote:
The subject of the requirement is to verify that malformed or
incomplete certificates cannot be loaded on to the card.
I'd assume OpenSSL (which is used to read and parse the certificates) does some
basic syntax/format checks.
But go on, verify
Brian Thomas wrote:
The subject of the requirement is to verify that malformed or
incomplete certificates cannot be loaded on to the card.
As you may know, X.509 is a low level standard, so what is considered
malformed in one circumstance may be unproblematic in another.
Much more specific
Peter Stuge wrote:
As for incomplete, that suggests to me going beyond a technical
requirement, ie. does the CN actually include all subject's middle
initials?
Or at least to policy; is subject OU required and missing?
//Peter
___
opensc-devel