Hi All,

In a product my company is working on we met the need to validate
certificates based on the AIA extension.
In my searches (Internet, groups) I couldn't find any information
regarding usage of this extension, other than parsing the data (which
I understand is already in the OpenSSL code). Thus we would like to
implement such support.

I would like to raise to questions to the list:
1) Has anyone had any experience with this? Is there an easy way to
get this done I'm just not familiar with?
2) Assuming the answer to (1) is no, we would like to patch OpenSSL
and add a callback, that if set will be called during the certificate
verification process with the info regarding the AIA extension. The
callback will return (fill a buffer, etc) with the actual certificate
information so that OpenSSL can resume the verification process using
that info (just as if that certificate information was stored
locally). I would like to know, before we proceed with this method, if
such a patch would be entered into the official OpenSSL code?

Many thanks,
Amnon.