From 81e278ec639b0d0c364ebc967dcf3baef078e36c Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Tue, 1 Aug 2006 19:24:11 +0000
Subject: Update notes

svn path=/openssl/README; revision=126
---
 openssl/README | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

(limited to 'openssl/README')

diff --git a/openssl/README b/openssl/README
index 842247d1..2c990199 100644
--- a/openssl/README
+++ b/openssl/README
@@ -232,17 +232,9 @@ Random reminders and notes to myself:
   that the authoritative definition of RDIs is ISO 10747, available as
   http://www.acm.org/sigs/sigcomm/standards/iso_stds/IDRP/10747.TXT.
 
-- RobL tells me that the place to start on the validation code is
-  the function x509_verify(), and that X509_VERIFY_PARAM is an
-  interesting data structure.  Hmm.  x509_verify() is a macro.
-  x509_vrfy.c:check_chain_extensions() might be interesting.
-  crypto/x509/x509_vrfy.[ch] in general are interesting.
-
-- Need to add NIDs for RFC 3779 extensions to supported_nids[] in
-  crypto/x509v3/v3_purp.c.
-
-- Initial path checking code written, but need to rewrite error
-  handling to use ctx->verify_cb(), etc.
+- Need to add NIDs for RFC 3779 extensions to
+  crypto/x509v3/v3_purp.c:supported_nids[] and call our path
+  validation functions from crypto/x509/x509_vfy.c:X509_verify_cert().
 
 - Should we check entire chain or only up to ctx->last_untrusted?  For
   the moment I'm checking the entire chain because that's more likely
-- 
cgit v1.2.3