Feature #387
rest-in client certificates
| Status: | New | Start date: | 02/20/2019 | |
|---|---|---|---|---|
| Priority: | Normal (Code 4) | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | - |
Description
To handle client cetificates, we might want:
- support for "ubf2raw" mode.
- load
- EX_X509_AUTHORITYKEYID
- EX_X509_BASICCONSTRAINTSVALID
- EX_X509_CRLDISTRIBUTIONPOINTS
- EX_X509_DNSNAMES
- EX_X509_EMAILADDRESSES
- EX_X509_EXCLUDEDDNSDOMAINS
- EX_X509_EXCLUDEDEMAILADDRESSES
- EX_X509_EXCLUDEDIPRANGES
- EX_X509_EXCLUDEDURIDOMAINS
- EX_X509_EXTKEYUSAGE
- EX_X509_EXTRAEXTENSIONS
- EX_X509_ISCA
- EX_X509_ISSUINGCERTIFICATEURL
- EX_X509_KEYUSAGE
- EX_X509_MAXPATHLEN
- EX_X509_MAXPATHLENZERO
- EX_X509_NOTAFTER
- EX_X509_NOTBEFORE
- EX_X509_OCSPSERVER
- EX_X509_PERMITTEDDNSDOMAINS
- EX_X509_PERMITTEDDNSDOMAINSCRITICAL
- EX_X509_PERMITTEDEMAILADDRESSES
- EX_X509_PERMITTEDIPRANGES
- EX_X509_PERMITTEDURIDOMAINS
- EX_X509_POLICYIDENTIFIERS
- EX_X509_SERIALNUMBER
- EX_X509_SIGNATUREALGORITHM
- EX_X509_SUBJECT
- EX_X509_SUBJECTKEYID
- EX_X509_URIS
- EX_X509_UNKNOWNEXTKEYUSAGE
- EX_X509_OCC [ 0 - client, 1 - server]
in the buffer.
- allow to specify a root certificates for the rest-in to validate clients
- specify action if client is not validated.