[kmf-discuss] getting info on TA certificate
Jan Pechanec
Jan.Pechanec at Sun.COM
Fri Feb 22 05:20:19 PST 2008
On Mon, 11 Feb 2008, Jan Pechanec wrote:
>>> I think that normally an application doesn't need to know what is in
>>> the policy database. I can see now only one reason why I need to know that -
>>> to find out whether I can accept certificates with RSA or DSS signatures. So
>>> I was wondering whether I can get such info without parsing the policy file
>>> myself.
>>>
>>> cheers, Jan.
>>
<snip>
>>we should just
>>add a couple of functions to return the values to you.
>>
>>kmf_get_policy_ta(KMF_HANDLE_T, char **taname, char **taserial)
>>
>>Would that help?
>
> definitely. What about to have just one function and use attributes
>as input? That could be extendable without specifying new functions calls.
>It's just an idea, getting taname (which I guess will be DN) is perfectly
>OK.
when I'm thinking about this again, would not be better if we have
just a function call to get TA certificate in ASN.1 form? When I have that,
I can find out anything I want using existing KMF functions.
kmf_get_ta_cert(KMF_HANDLE_T, KMF_DATA **)
the caller would be responsible to free returned *KMF_DATA inluding
the data in it. If there is no TA defined in the policy file, an error is
returned.
would that be acceptable?
J.
--
Jan Pechanec
More information about the kmf-discuss
mailing list