You should be able to implement your code using the callbacks, without
having to add code to the library directly. This is, I believe, not
available in 0.9.7g -- most of the callbacks were implemented in
0.9.8. (You should always be able to contribute in the contrib/
directory, though examples of how to use the library as-is without
having to recompile it are likely more includable. An example of how
to extend the authentication mechanism, though, is definitely useful.)

If you make the code available, this is an area that I have interest
in, and would gladly help with making 0.9.8- and 0.9.9-capable.

[more comments interspersed below]

On 9/26/06, Dr Bob wrote:
>
> Initially I used X509 certificates for the authentication between
> peers, However I quickly realised that a hierarchical certificate
> structure was not ideal, and that a Web of Trust system
> would be required.


I would like to have a hybrid WoT and hierarchal system (i.e., if
people I trust show that they trust a given issuer for a given domain,
I'd like to be able to trust that issuer for that domain... such as
CA@aerowolf.com being able to issue to *@aerowolf.com and
*@*.aerowolf.com). I think that this is probably possible with the
OpenPGP "trusted introducers" concept?

> So:
> (1) Is OpenSSL interested in including this work into the
> code base (provided its up-to-scratch etc...) ?


It's unlikely to be put into the main code base, as it adds a new set
of security-related functions which would need to be audited, etc. As
I suggested, though, it might do well in the contrib/ section (though
I'm not a core developer, and have no commit access, so I can't prove
that point).

> (2) If so, is there anyone who could [guide/help] me to clean it up
> and correctly merge the code?


Run it through indent. Also, document your functions, what incoming
constraints there are, and what output constraints you guarantee. I'd
gladly help with the cleanup process (again, that's for 0.9.8 and
0.9.9 capability).

> (3) What are the procedures for doing so (I'm new around here)


Umm... I would think that you could file a patch against the base
OpenSSL distribution in rt, with the code appropriately located in
contrib/. I don't know for certain, though.

-Kyle H
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org