Re: Including custom X.509 extension upon proxy renewal

To: myproxy-users@ncsa.uiuc.edu
Subject: Re: Including custom X.509 extension upon proxy renewal
From: Christopher Kunz <kunz@rvs.uni-hannover.de>
Date: Tue, 12 Jun 2007 22:17:27 +0200
Content-transfer-encoding: 7bit
Content-type: text/plain; charset=ISO-8859-15
In-reply-to: <1250.1181678967@ncsa.uiuc.edu>
References: <4667F423.9030003@rvs.uni-hannover.de> <20070607121859.GA6608@acamara> <4667FAEC.5010506@rvs.uni-hannover.de> <5312.1181311616@ncsa.uiuc.edu> <466EA1DA.3080702@rvs.uni-hannover.de> <12182.1181657819@ncsa.uiuc.edu> <466EB8A9.9080305@rvs.uni-hannover.de> <1250.1181678967@ncsa.uiuc.edu>
Sender: owner-myproxy-users@ncsa.uiuc.edu
User-agent: Thunderbird 2.0.0.0 (Windows/20070326)

Jim Basney schrieb:
> Christopher Kunz <kunz@rvs.uni-hannover.de> wrote:
>> Looks like the request is not actually filled with parameters yet. What is my
>> mistake here?
> 
> Looks OK to me.  Most of the parameters come from the issuer certificate
> when the request is signed by globus_gsi_proxy_sign_req().
> 
> -Jim
I worked around the issue - in a very clumsy way, though.
I couldn't figure out what to do with that empty request and while checking the
sources of globus_gsi_proxy_sign_req and its helper function
globus_l_gsi_proxy_sign_key, I found that the proxy_handle->req property isn't
really used at all. So I copied those two functions into my ssl_utils.c (yeah, I
know, very ugly... it's a prototype implementation!), changed the headers and
I'm now adding my custom extension within the modified
globus_l_gsi_proxy_sign_key function.

That works. Kinda. However, this is of course not portable at all and only
sufficient for our very limited lab "proof of concept" conditions. I wonder
which is the programmatically correct solution to achieve the goal of adding a
custom extension to a certificate request before re-signing it?

Regards,

--ck

References:
- Including custom X.509 extension upon proxy renewal
  - From: Christopher Kunz <kunz@rvs.uni-hannover.de>
- Re: Including custom X.509 extension upon proxy renewal
  - From: Daniel Kouril <kouril@ics.muni.cz>
- Re: Including custom X.509 extension upon proxy renewal
  - From: Christopher Kunz <kunz@rvs.uni-hannover.de>
- Re: Including custom X.509 extension upon proxy renewal
  - From: Jim Basney <jbasney@ncsa.uiuc.edu>
- Re: Including custom X.509 extension upon proxy renewal
  - From: Christopher Kunz <kunz@rvs.uni-hannover.de>
- Re: Including custom X.509 extension upon proxy renewal
  - From: Jim Basney <jbasney@ncsa.uiuc.edu>
- Re: Including custom X.509 extension upon proxy renewal
  - From: Christopher Kunz <kunz@rvs.uni-hannover.de>
- Re: Including custom X.509 extension upon proxy renewal
  - From: Jim Basney <jbasney@ncsa.uiuc.edu>

Prev by Date: Re: Including custom X.509 extension upon proxy renewal
Next by Date: mailing list changes
Previous by thread: Re: Including custom X.509 extension upon proxy renewal
Next by thread: Re: Including custom X.509 extension upon proxy renewal

Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index