So, am I right that OpenSSL has the means to make these PKCS7 files and the only new code development would be a network program to open connections and send and receive the appropriate stuff?
Yes. The hardest part (and it isn't that hard) is assembling / disassembling the PKCS7 structures.
I wonder if some of the code could be cribbed fro some of those projects. Are any of them open source :-)
Probably your best bet is OpenSCEP : http://openscep.othello.ch/ Having said that, openca looks very promising and has SCEP support in the CVS tree at the moment. OpenSCEP is quite lightweight & specific, whereas OpenCA is trying to be a full blown CA / RA etc.
If somebody else is actively working on this, please warn me off...
If you get something working I for one would be extremely grateful. Not many SCEP implementations support CRL retieval via SCEP, which for VPN access is critical. The PIX can use LDAP to get the CRL, but I understand it uses a weird path to get it.
Regards,
Jon.
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
