Cache RFC 3779 extensions in X509 structure so we don't have to expand

them every time we check a certificate chain. Rewrite ASID path validation to use cached extensions, to allow null inheritance, and to start with the target certificate. Still need to rewrite address path validation. svn path=/openssl/README; revision=154
author: Rob Austein <sra@hactrn.net> 2006-08-16 01:09:27 +0000
committer: Rob Austein <sra@hactrn.net> 2006-08-16 01:09:27 +0000
commit: 19a1b0eab24ab520c0daff2f808153e6bbfcf4a6 (patch)
tree: 54afc11d3a4587910197437fc80a8a0889396068 /openssl/README
parent: 44ff60bdd4686d90cfe86da3d88445a3a9cb6a97 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/openssl/README b/openssl/README
index d1851f09..186d2269 100644
--- a/openssl/README
+++ b/openssl/README
@@ -302,15 +302,18 @@ Random reminders and notes to myself:
   this, the code needing modification would be:
 
   - crypto/x509/x509.h: add rfc3779_addr and rfc3779_asid fields to
-    struct x509_st.
+    struct x509_st. [done]
 
   - crypto/asn1/x_x509.c: add initialization and cleanup code to
     x509_cb() (set new fields to NULL for ASN1_OP_NEW_POST, free new
-    fields for ASN1_OP_FREE_POST).
+    fields for ASN1_OP_FREE_POST). [done]
 
   - crypto/x509v3/v3_purp.c: add code to x509v3_cache_extensions() to
     call X509_get_ext_d2i() for our extensions and stash the result in
     the corresponding struct x509_st fields (see the akid handling).
+    [done]
+
+  - Rewrite path validation routines to use this new stuff.
 
 - I need to rewrite the path validation code anyway to allow null
   inheritance, per mailing list discussion.
author	Rob Austein <sra@hactrn.net>	2006-08-16 01:09:27 +0000
committer	Rob Austein <sra@hactrn.net>	2006-08-16 01:09:27 +0000
commit	19a1b0eab24ab520c0daff2f808153e6bbfcf4a6 (patch)
tree	54afc11d3a4587910197437fc80a8a0889396068 /openssl/README
parent	44ff60bdd4686d90cfe86da3d88445a3a9cb6a97 (diff)