Thomas Reinke wrote:
>
> Thanks for the reply. For the most part, I think I understand what
> you're saying, except that I have one gap in my knowledge.
>
> If I can bother you to complete one more little gap in my
> ignorance:
>
> In chain verification, (ala Netscape), wouldn't the browser sti
Thanks for the reply. For the most part, I think I understand what
you're saying, except that I have one gap in my knowledge.
If I can bother you to complete one more little gap in my
ignorance:
In chain verification, (ala Netscape), wouldn't the browser still
need to be able to get its hands on
Thomas Reinke wrote:
>
> More specifically, what is chain verification, if it is not the same
> thing that OpenSSL does when running verify?
>
Ah now thats a long story.
OpenSSLs certificate verification code is largely unchanged from SSLeay
days. When you verify a certificate chain using Ope
Dr Stephen Henson wrote:
>
> Thomas Reinke wrote:
> >
> > Ok...a touch more information - the problem I think I have
> > is that the cert I want to validate has a authorityKeyIdentifier,
> > but none of the certs in the cert stores I am using have a
> > SubjectKeyIndentifier that matches. I hav
Dr Stephen Henson wrote:
>
> Thomas Reinke wrote:
> >
> > Ok...a touch more information - the problem I think I have
> > is that the cert I want to validate has a authorityKeyIdentifier,
> > but none of the certs in the cert stores I am using have a
> > SubjectKeyIndentifier that matches. I have
Thomas Reinke wrote:
>
> Ok...a touch more information - the problem I think I have
> is that the cert I want to validate has a authorityKeyIdentifier,
> but none of the certs in the cert stores I am using have a
> SubjectKeyIndentifier that matches. I have a rather
> exhaustive list of CAs certs
Ok...a touch more information - the problem I think I have
is that the cert I want to validate has a authorityKeyIdentifier,
but none of the certs in the cert stores I am using have a
SubjectKeyIndentifier that matches. I have a rather
exhaustive list of CAs certs scrubbed from the browser
I am cu
I'm looking for, as a starter, a birds eye view of some
docs (or high level explanation) of how the X509v3
extension "Authority Key Identifier" is used to validate
a certificate within a browser. I have examples of certs that
I know Netscape considers to be valid, but for which I do not
have the C
