Hello. On 2009-07-13 14:59:48, Victor Duchovni wrote: > > > If you accept client certificates issued by foreign (not controlled by > > > you) CAs, you would have to find a way to map between certificate and > > > user. > > > Here would be a mepping from issuer name / serial number of the client > > > cert sufficient... > > > > Right, I'll keep that in mind. > > I would use the public-key fingerprint, unless the trust chain is verified > from a fixed set of trusted issuers.
Did you mean fingerprints instead of caching certs or instead of issuer/serial? xw ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
