Daniel Kouril schrieb:
> Concerning your question, you'd either need a support in the MyProxy
> server to be able to read the attributes from the CSR (or the protocol
> message) and put them into the new certificate.
That's pretty much what I'm looking for. Retrieving a plain proxy and then
extending it locally is not the kind of solution I'm looking for since for the
purpose of my thesis, I'm assuming that attackers might interfere with that
process.
More detail on the project going on at RRZN can be found at
http://www.rrzn.uni-hannover.de/ubp.html - the document also outlines the
current development that I'm working on.
However, back to the topic at hand: My current problems are twofold:
1) is that I cannot find the routines that take the client's CSR and sign it. I
am assuming that
int
ssl_proxy_delegation_init(SSL_CREDENTIALS **new_creds,
unsigned char **buffer,
int *buffer_length,
int requested_bits,
void (*callback)(int,int,void *))
in ssl_utils.c is what I'm looking for, is that correct?
2) I need some way to retrieve the current proxy chain into a STACK or
something, so I can iterate through it and extract the policy for inclusion in
the new credentials. I am assuming that the chain must be present in the context
of the MyProxy server since it is used for Globus GSSAPI authentication and to
prove that the renewing party is actually authorized for renewal. But how can I
retrieve it?
Regards,
--ck