shibboleth-dev - Re: client certificate chains and 1.3 IdP
Subject: Shibboleth Developers
List archive
- From: Ian Young <>
- To: Walter Hoehn <>
- Cc: Scott Cantor <>,
- Subject: Re: client certificate chains and 1.3 IdP
- Date: Wed, 06 Jul 2005 16:54:24 +0100
Walter Hoehn wrote:
The IdP trust module definitely allows anchoring with non-self-signed certificates. This is correct behavior according to PKIX. I believe that Scott worked around the OpenSSL limitations in 1.3 so that both code-based behave the same, but I'll let him confirm that.
Sounds like I'd still need to worry about this if I had 1.2 SPs around (which I do). Fair enough, as long as having the extra junk around does no harm which it sounds like it won't.
-- Ian
- client certificate chains and 1.3 IdP, Ian Young, 07/05/2005
- RE: client certificate chains and 1.3 IdP, Scott Cantor, 07/05/2005
- RE: client certificate chains and 1.3 IdP, Scott Cantor, 07/05/2005
- RE: client certificate chains and 1.3 IdP, Scott Cantor, 07/05/2005
- RE: client certificate chains and 1.3 IdP, Scott Cantor, 07/06/2005
- RE: client certificate chains and 1.3 IdP, Scott Cantor, 07/06/2005
- Re: client certificate chains and 1.3 IdP, Ian Young, 07/06/2005
- Re: client certificate chains and 1.3 IdP, Walter Hoehn, 07/06/2005
- Re: client certificate chains and 1.3 IdP, Ian Young, 07/06/2005
- RE: client certificate chains and 1.3 IdP, Scott Cantor, 07/06/2005
- Re: client certificate chains and 1.3 IdP, Ian Young, 07/06/2005
- RE: client certificate chains and 1.3 IdP, Scott Cantor, 07/06/2005
- RE: client certificate chains and 1.3 IdP, Thomas Lenggenhager, 07/07/2005
- Re: client certificate chains and 1.3 IdP, Ian Young, 07/06/2005
- RE: client certificate chains and 1.3 IdP, Scott Cantor, 07/06/2005
- Re: client certificate chains and 1.3 IdP, Ian Young, 07/06/2005
- RE: client certificate chains and 1.3 IdP, Scott Cantor, 07/06/2005
- Re: client certificate chains and 1.3 IdP, Walter Hoehn, 07/06/2005
Archive powered by MHonArc 2.6.16.