[kmf-discuss] getting info on TA certificate
Jan Pechanec
Jan.Pechanec at Sun.COM
Mon Feb 11 08:30:40 PST 2008
On Mon, 11 Feb 2008, Wyllys Ingersoll wrote:
>> I'll need a public key alg string from the TA certificate as
>> specified in the policy database. I need it to decide whether to offer
>> x509v3-sign-rsa or x509v3-sign-dss host key type to the connecting client.
>I'm not sure I understand your question. TA certs are specified by DN
>and Serial number in
>the kmfpolicy database (maybe you are talking about the SSH/X509
>policy?). The
>kmf_find_cert API will allow you to specify subject and serial number as
>search parameters
>so you can find the right certs.
you understand, that's fine. The question is whether I have to parse
the XML file to get it. It looks like I have to then.
I think that normally an application doesn't need to know what is in
the policy database. I can see now only one reason why I need to know that -
to find out whether I can accept certificates with RSA or DSS signatures. So
I was wondering whether I can get such info without parsing the policy file
myself.
cheers, Jan.
--
Jan Pechanec
More information about the kmf-discuss
mailing list