[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Certificate information

To: "'HTTPAPI and FTPAPI Projects'" <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Certificate information
From: "ian" <ian@xxxxxxxxxxxxxxxxx>
Date: Wed, 19 Dec 2007 19:42:52 -0000
Importance: Normal
In-reply-to: <47695742.7080908@xxxxxxxxxxxxxxxx>
List-help: <mailto:ftpapi-request@lists.scottklement.com?subject=help>
List-id: HTTPAPI and FTPAPI Projects <ftpapi.lists.scottklement.com>
List-post: <mailto:ftpapi@lists.scottklement.com>
List-subscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=subscribe>
List-unsubscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=unsubscribe>
Organization: Grange IT Limited
Reply-to: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sender: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx

Scott,

I have looked at both options, and I must admit learning colloquial
Mandarin might be easier :-)

If the limitation for the second option supporting the complete chain is
V5R3 then this breaks the universal appeal of HTTPAPI in that it applies
to most commonly used iSeries versions. Also it would seem that the end
certificate is the most important, and probably less effort for you.

My vote goes for the simpler option, and one that is supported by most
versions of OS/400.

Regards

Ian Patterson

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Scott
Klement
Sent: 19 December 2007 17:39
To: HTTPAPI and FTPAPI Projects
Subject: Re: Certificate information

Hi Ian,

Looking into the documentation for the "gsk_get_certificate_info" API 
(link below) it only has the options to return the "local certificate" 
and "partner certificate".  I interpret this as being the last 
certificate in each chain.  (i.e. the last in the chain of certs for the

client and the last in the chain of certs for the server)

http://tinyurl.com/yoyowr

I don't see an option to get certificate info for the rest of the chain.

   (Using this API)

On the other hand, the GSK_CERT_VALIDATION_CALLBACK option (which 
requires V5R3, link below) seems to provide an option to get the entire 
chain...   maybe I should explore that option more thoroughly?

http://tinyurl.com/2dsuaq

ian wrote:
> Scott,
> 
> When you specify information regarding 'the certificate' I presume 
> that you are referring to the final certificate in the chain.
> 
> Is it possible to get information on other certificates in the chain ?

> I our case there are two CA certificates (one is an intermediate CA) 
> as well as the end certificate.
> 
> Regards
>  
> Ian Patterson
>  
> 
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References:
- Re: Certificate information
  - From: Scott Klement

Prev by Date: Re: Certificate information
Next by Date: First release candidate of WSDL2RPG available for download
Previous by thread: Re: Certificate information
Next by thread: RE: Certificate information
Index(es):
- Date
- Thread