Add inheritance and subset tests.

svn path=/openssl/README; revision=233
author: Rob Austein <sra@hactrn.net> 2006-08-26 19:14:06 +0000
committer: Rob Austein <sra@hactrn.net> 2006-08-26 19:14:06 +0000
commit: 52dacdd430e0b0d70ffabf33380b044b0132347a (patch)
tree: b10079b095d4ef3975eb1b25805dc93d3b246852 /openssl/README
parent: 99b382d77e50198e59869fbb9c3cb52f0bf79ff5 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/openssl/README b/openssl/README
index 3e5f7131..e6999091 100644
--- a/openssl/README
+++ b/openssl/README
@@ -279,7 +279,13 @@ notes and questions at the end.
    strict subset of data2, or = NOT in all other cases (CLI or API)
    (EQUAL, SUBSET, NOT)
 
-   Status: Not done.  Some supporting code exists.  See notes below.
+   Status: API code written, not fully tested.  No CLI.  API functions
+   test whether an extension uses inheritance, and whether one
+   extension is a (possibly improper) subset of another.  Subset test
+   fails if either extension uses inheritance.
+
+   API: v3_asid_inherits(), v3_addr_inherits(), v3_asid_subset(),
+   v3_addr_subset().
 
 5. is_3379_canonical tests a single data set and returns CANONICAL if
    the resource is formatted according to 3779 or NOT is otherwise
@@ -354,6 +360,10 @@ notes and questions at the end.
    would be to add said checks (probably not very, once I find the
    right place in the code...).
 
+   API: Primitive #6 (above) extended to accept argument indicating
+   whether inheritance is allowed, so that primitive #6 can be used to
+   test extensions pulled from a request against a certificate chain.
+
 Notes:
 
 - "For some definition of done": opinions vary on whether the existing
author	Rob Austein <sra@hactrn.net>	2006-08-26 19:14:06 +0000
committer	Rob Austein <sra@hactrn.net>	2006-08-26 19:14:06 +0000
commit	52dacdd430e0b0d70ffabf33380b044b0132347a (patch)
tree	b10079b095d4ef3975eb1b25805dc93d3b246852 /openssl/README
parent	99b382d77e50198e59869fbb9c3cb52f0bf79ff5 (diff)