[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: X509_V_FLAG_PARTIAL_CHAIN support in OpenLDAP

To: Doug Leavitt <doug.leavitt@oracle.com>, openldap-devel@openldap.org
Subject: Re: X509_V_FLAG_PARTIAL_CHAIN support in OpenLDAP
From: Howard Chu <hyc@symas.com>
Date: Sat, 6 Jun 2015 19:35:45 +0100
In-reply-to: <55722B0D.4080400@oracle.com>
References: <55722B0D.4080400@oracle.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 SeaMonkey/2.37a1

Doug Leavitt wrote:

Hi,
OpenSSL now has X509_V_FLAG_PARTIAL_CHAIN support in the code base as of 1.0.2a.

I would like to submit a patch to enable X509_V_FLAG_PARTIAL_CHAIN support
in OpenLDAP libldap, assuming it exists in the version of OpenSSL being use to
build
OpenLDAP.

What's the use case? It appears that the feature has been in OpenSSL sincearound 2012, but I don't see much documentation or chatter about it. Why is ituseful, and do GnuTLS and MozNSS already support a similar feature?


Before I submit any patch I would like to know that would be acceptable
for integration.

Should support always be enabled if the version of OpenSSL has it
     e.g. ifdef on X509_V_FLAG_PARTIAL_CHAIN
Should it be a config time option check and ifdef enable if found in
    e.g. like the ifdef on HAVE_OPENSSL_CRL
Are there more requirements that is required in the patch, before it would
be accepted such as ldap_set_option support?

Thanks in advance,
Doug.



--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: X509_V_FLAG_PARTIAL_CHAIN support in OpenLDAP
  - From: Doug Leavitt <doug.leavitt@oracle.com>

References:
- X509_V_FLAG_PARTIAL_CHAIN support in OpenLDAP
  - From: Doug Leavitt <doug.leavitt@oracle.com>

Prev by Date: X509_V_FLAG_PARTIAL_CHAIN support in OpenLDAP
Next by Date: Relaxed mode for delta-sync MMR
Index(es):
- Chronological
- Thread