[openssl-dev] OpenSSL and certain PEM formats
Erwann Abalea
erwann.abalea at opentrust.com
Wed Dec 17 17:13:49 UTC 2014
Le 17/12/2014 17:34, Salz, Rich a écrit :
>>> #define PEM_STRING_X509_PAIR "CERTIFICATE PAIR"
>>> (note, this is supposed to encapsulate a CertificatePair structure
>>> from X.509)
> This is not used anywhere in openssl. I just removed it and did a build :) The fact that the fields are named forward and backward, makes me think it was intended for SSL/TLS use. But as I said it's not used and I'll remove it soon.
It's an object type defined in X.509 to support cross-certification. It
can be used as an LDAP attribute (see RFC4523, section 2.3,
CertificatePair).
I haven't seen it used, and it doesn't need to have a PEM representation
(LDAP requires a binary transmission).
More information about the openssl-dev
mailing list