[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: X509_V_FLAG_PARTIAL_CHAIN support in OpenLDAP

Doug Leavitt wrote:
OpenSSL now has X509_V_FLAG_PARTIAL_CHAIN support in the code base as of 1.0.2a.

I would like to submit a patch to enable X509_V_FLAG_PARTIAL_CHAIN support
in OpenLDAP libldap, assuming it exists in the version of OpenSSL being use to

What's the use case? It appears that the feature has been in OpenSSL since around 2012, but I don't see much documentation or chatter about it. Why is it useful, and do GnuTLS and MozNSS already support a similar feature?

Before I submit any patch I would like to know that would be acceptable
for integration.

Should support always be enabled if the version of OpenSSL has it
     e.g. ifdef on X509_V_FLAG_PARTIAL_CHAIN
Should it be a config time option check and ifdef enable if found in
    e.g. like the ifdef on HAVE_OPENSSL_CRL
Are there more requirements that is required in the patch, before it would
be accepted such as ldap_set_option support?

Thanks in advance,

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/