This is a discussion on Re: Web-of-trust authentication in OpenSSL. - Openssl ; You should be able to implement your code using the callbacks, without having to add code to the library directly. This is, I believe, not available in 0.9.7g -- most of the callbacks were implemented in 0.9.8. (You should always ...
You should be able to implement your code using the callbacks, without
having to add code to the library directly. This is, I believe, not
available in 0.9.7g -- most of the callbacks were implemented in
0.9.8. (You should always be able to contribute in the contrib/
directory, though examples of how to use the library as-is without
having to recompile it are likely more includable. An example of how
to extend the authentication mechanism, though, is definitely useful.)
If you make the code available, this is an area that I have interest
in, and would gladly help with making 0.9.8- and 0.9.9-capable.
[more comments interspersed below]
On 9/26/06, Dr Bob
> Initially I used X509 certificates for the authentication between
> peers, However I quickly realised that a hierarchical certificate
> structure was not ideal, and that a Web of Trust system
> would be required.
I would like to have a hybrid WoT and hierarchal system (i.e., if
people I trust show that they trust a given issuer for a given domain,
I'd like to be able to trust that issuer for that domain... such as
CA@aerowolf.com being able to issue to *@aerowolf.com and
*@*.aerowolf.com). I think that this is probably possible with the
OpenPGP "trusted introducers" concept?
> (1) Is OpenSSL interested in including this work into the
> code base (provided its up-to-scratch etc...) ?
It's unlikely to be put into the main code base, as it adds a new set
of security-related functions which would need to be audited, etc. As
I suggested, though, it might do well in the contrib/ section (though
I'm not a core developer, and have no commit access, so I can't prove
> (2) If so, is there anyone who could [guide/help] me to clean it up
> and correctly merge the code?
Run it through indent. Also, document your functions, what incoming
constraints there are, and what output constraints you guarantee. I'd
gladly help with the cleanup process (again, that's for 0.9.8 and
> (3) What are the procedures for doing so (I'm new around here)
Umm... I would think that you could file a patch against the base
OpenSSL distribution in rt, with the code appropriately located in
contrib/. I don't know for certain, though.
OpenSSL Project http://www.openssl.org
Development Mailing List firstname.lastname@example.org
Automated List Manager email@example.com