[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mozilla-crypto
Subject:    Re: Distinguishing between CA and Intermediate CA certs.
From:       Dr S N Henson <drh () celocom ! com>
Date:       2000-08-22 23:55:19
[Download RAW message or body]

Robert Relyea wrote:
> 
> 
> Assuming I'm understanding your question correctly, the answer is no. The
> only way to reliably test if you have a primary Cert CA is to test if it is
> selfsigned. That test is relatively easy, though, you simply compare that the
> Issuer and Subject fields are the same.
> 

I've seen a few exotic cases where that test isn't enough and tests
based on extensions are needed to distinguish several certificates with
matching subject and issuer names.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: shenson@drh-consultancy.demon.co.uk 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: drh@celocom.com PGP key: via homepage.

[prev in list] [next in list] [prev in thread] [next in thread]