Certificate Path Validation

From Apache OpenOffice Wiki
Revision as of 10:45, 22 October 2009 by Jl (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Current situation

OOo validates certificates using either NSS (Linux, Solaris, Mac, etc) functionality or platform specific functionality (Windows). The documentation of the respective validation function does not state clearly what standard they implement or to what extend a standard is supported. The currently (OOo 3.2) used validation function of NSS is said to support partly RFC 3280.

Mission

OOo will strive to follow RFC 3280 and the newer RFC 5280. Other certificates, certificate extensions and other validation schemes as the one mentioned in those standards will not be implemented. This does not hinder other parties to provide a different solution for OOo.

To do

  • Use NSS validation function which complies with RFC 3280, including
    • revocation checking via OCSP (using AIA extension) and CRLs (using CRL distribution points and locally cached CRLs)
    • certificate fetching (using AIA extension)
  • Proper handling of policies
  • Proper handling of key usage
Retrieved from "https://wiki.openoffice.org/w/index.php?title=Certificate_Path_Validation&oldid=143902"
Personal tools