Update notes

svn path=/openssl/README; revision=126
author: Rob Austein <sra@hactrn.net> 2006-08-01 19:24:11 +0000
committer: Rob Austein <sra@hactrn.net> 2006-08-01 19:24:11 +0000
commit: 81e278ec639b0d0c364ebc967dcf3baef078e36c (patch)
tree: 1dcce156cd81949143fba50ebbb9c9990800c1be /openssl/README
parent: b389a1284b066fe7bf76bdb3fc83ede1dde6813b (diff)
1 files changed, 3 insertions, 11 deletions
diff --git a/openssl/README b/openssl/README
index 842247d1..2c990199 100644
--- a/openssl/README
+++ b/openssl/README
@@ -232,17 +232,9 @@ Random reminders and notes to myself:
   that the authoritative definition of RDIs is ISO 10747, available as
   http://www.acm.org/sigs/sigcomm/standards/iso_stds/IDRP/10747.TXT.
 
-- RobL tells me that the place to start on the validation code is
-  the function x509_verify(), and that X509_VERIFY_PARAM is an
-  interesting data structure.  Hmm.  x509_verify() is a macro.
-  x509_vrfy.c:check_chain_extensions() might be interesting.
-  crypto/x509/x509_vrfy.[ch] in general are interesting.
-
-- Need to add NIDs for RFC 3779 extensions to supported_nids[] in
-  crypto/x509v3/v3_purp.c.
-
-- Initial path checking code written, but need to rewrite error
-  handling to use ctx->verify_cb(), etc.
+- Need to add NIDs for RFC 3779 extensions to
+  crypto/x509v3/v3_purp.c:supported_nids[] and call our path
+  validation functions from crypto/x509/x509_vfy.c:X509_verify_cert().
 
 - Should we check entire chain or only up to ctx->last_untrusted?  For
   the moment I'm checking the entire chain because that's more likely
author	Rob Austein <sra@hactrn.net>	2006-08-01 19:24:11 +0000
committer	Rob Austein <sra@hactrn.net>	2006-08-01 19:24:11 +0000
commit	81e278ec639b0d0c364ebc967dcf3baef078e36c (patch)
tree	1dcce156cd81949143fba50ebbb9c9990800c1be /openssl/README
parent	b389a1284b066fe7bf76bdb3fc83ede1dde6813b (diff)