RADSEC cert validation doesnt seem to work...

Stefan Winter stefan.winter at restena.lu
Fri Jun 10 14:23:36 CEST 2011


great. I used to think I'm avantgarde with my openssl 1.0.0c on openSUSE
11.4. Still, the command-line gives me the same help as yours.

It takes all the fancy arguments from the web documentation though:

openssl verify -verbose -explicit_policy -policy -policy_print
-policy_check -CAfile ./testcert.pem testcert.pem
Require explicit Policy: False
Authority Policies: <empty>
User Policies: <empty>
testcert.pem: OK
swinter at aragorn:~>

But as you see, it ignores the "explicit policy required" and "policy =" parameters deliberately. Grr.


Am 10.06.2011 14:09, schrieb Alan Buxey:
> Hi,
>>   The external shell script certificate validation stuff should work.
> should, aye. however, the current openssl 'verify' has the following 
> openssl verify -help
> usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...
> recognized usages:
> 	sslclient 	SSL client
> 	sslserver 	SSL server
> 	nssslserver	Netscape SSL server
> 	smimesign 	S/MIME signing
> 	smimeencrypt	S/MIME encryption
> 	crlsign   	CRL signing
> 	any       	Any Purpose
> 	ocsphelper	OCSP helper
> - this is on latest RHEL release (and therefore CentOS etc) - theres no 'purpose' flag
> like the current 'bleeding edge' OpenSSL manual describes  :-(
> (i'm thinking of compiling my own local restrained copy to try out leaving the distro
> stuff well-alone)
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20110610/814131c3/attachment.pgp>

More information about the Freeradius-Devel mailing list