[openssl-dev] [openssl.org #4622] OpenSSL doesn't recognise pre-rfc3820 proxy certs
Richard Levitte via RT
rt at openssl.org
Fri Jul 22 11:35:11 UTC 2016
Forgive me for being sloppy, I forgot to add a subject. Now added, it says what
the actual issue is.
On Fri Jul 22 11:32:27 2016, levitte wrote:
> Ticket derived from RT4602 (missing accessors)
>
> Reports have been coming in that in the grid world, there are two pre-
> rfc3820
> forms of proxy certs still being used.
>
> Old (pre-draft) format: Looks like a regular EE cert, but has been
> issued by
> another EE (real or proxy), and can be recognised by having the issuer
> name as
> subject name with an extra CN appended, either 'CN=proxy' or
> 'CN=limited proxy'
>
> draft format: looks like a RFC3820 proxy cert, but uses OID
> 1.3.6.1.4.1.3536.1.222 instead of the RFC3820 OID for proxyCertInfo.
>
> Cc to Mattias and Mischa, who have provided valuable info on this
> issue in
> RT4602. Guys, I hope it was ok to add you. If not, please tell me and
> I'll take
> you off this ticket.
>
> --
> Richard Levitte
> levitte at openssl.org
--
Richard Levitte
levitte at openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4622
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list