v3_*_validate_resource_set()

svn path=/openssl/README; revision=223
author: Rob Austein <sra@hactrn.net> 2006-08-24 19:52:52 +0000
committer: Rob Austein <sra@hactrn.net> 2006-08-24 19:52:52 +0000
commit: d1b8f9077cb3133726caec0fae9e203cc30a688e (patch)
tree: a4c06293b11c5216d11f4d28f1a90c5525ef87c9 /openssl/README
parent: 0e6de91b9d13c7519d61cfa1a930b6e9c0431797 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/openssl/README b/openssl/README
index a451e1dc..4d71867c 100644
--- a/openssl/README
+++ b/openssl/README
@@ -298,7 +298,17 @@ notes and questions at the end.
    SUBSET if the resource set is a subset of the certificate resource
    list, or NOT otherwise
 
-   Status: Not done. Some supporting code exists.  See notes below.
+   Status: Untested API functions written.  No CLI (yet?).
+
+   API: New (and as yet untested) functions:
+   v3_asid_validate_resource_set(), v3_addr_validate_resource_set().
+   These return true if a certificate chain covers a resource set.
+   "Resource sets" are represented as the C form of the appropriate
+   extension, with the additional constraint that the resource set
+   must not use inheritance; this constraint is enforced by the code
+   (ie, using one of these functions on a resource set that specifies
+   inheritance will always return false regardless of the contents of
+   the chain).
 
 7. generate_resource_certificate generates a resource certificate -
    I'm not sure I understand what the inputs are to be here - perhaps
author	Rob Austein <sra@hactrn.net>	2006-08-24 19:52:52 +0000
committer	Rob Austein <sra@hactrn.net>	2006-08-24 19:52:52 +0000
commit	d1b8f9077cb3133726caec0fae9e203cc30a688e (patch)
tree	a4c06293b11c5216d11f4d28f1a90c5525ef87c9 /openssl/README
parent	0e6de91b9d13c7519d61cfa1a930b6e9c0431797 (diff)