Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add possibility to find certificate chain #91

Open
al1img opened this issue Feb 4, 2022 · 0 comments
Open

Add possibility to find certificate chain #91

al1img opened this issue Feb 4, 2022 · 0 comments

Comments

@al1img
Copy link

al1img commented Feb 4, 2022

For TLS or other certificate verification operations we need not a single certificate but rather the certificate chain. The certificate chain is built by following the issuer->subject path. With the current API the certificate chain can be imported to PKCS11 device but there is no possibility to export it back from PKCS11 device as the current API supports finding only one specific certificate by id, by label, or by serial. It is impossible to find other chained certificates by issuer->subject path.

To solve the issue the find certificate API should be extended to allow finding the certificate by other criteria such as subject and key ID. Or new API that performs the finding certificate chain by issuer->subject path internally should be added to the library.

I've added the proposal PR #83 that implements the second approach (new API to find the certificate chain internally).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@al1img