[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: X509_V_FLAG_PARTIAL_CHAIN support in OpenLDAP
Doug Leavitt wrote:
Hi,
OpenSSL now has X509_V_FLAG_PARTIAL_CHAIN support in the code base as of 1.0.2a.
I would like to submit a patch to enable X509_V_FLAG_PARTIAL_CHAIN support
in OpenLDAP libldap, assuming it exists in the version of OpenSSL being use to
build
OpenLDAP.
What's the use case? It appears that the feature has been in OpenSSL since
around 2012, but I don't see much documentation or chatter about it. Why is it
useful, and do GnuTLS and MozNSS already support a similar feature?
Before I submit any patch I would like to know that would be acceptable
for integration.
Should support always be enabled if the version of OpenSSL has it
e.g. ifdef on X509_V_FLAG_PARTIAL_CHAIN
Should it be a config time option check and ifdef enable if found in
e.g. like the ifdef on HAVE_OPENSSL_CRL
Are there more requirements that is required in the patch, before it would
be accepted such as ldap_set_option support?
Thanks in advance,
Doug.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/