P.S.: What's this talk of attempting an LDAP authenticationIt is common for CA's to "publish" their certificates by creating entries in an LDAP directory. The certificates are typically published under the subject's distinguished name.
when checking a cert's revocation status? Which server do you
try to authenticate to, and who is then looking up the cert in
some CRL? I know LDAP as well as directory schema but can't see
what you are referring to. I'd be grateful for a short explanation
or a pointer to a web page.
In addition, a CA will often publish a CRL to an LDAP directory, so that certificate users have a standard way to fetch a CRL and see if a certificate has been revoked. CRL's are often published under the DN *of the CA.*
There are all sorts of details, including delta-CRL's, the CRLdistributionPoint extension in a certificate, etc. As a starting point, look for draft-ietf-pkix-ldap-v3-05.txt in an IETF internet-drafts repository, such as http://www.ietf.org/ID.html
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
