Doug Leavitt wrote:
Hi, OpenSSL now has X509_V_FLAG_PARTIAL_CHAIN support in the code base as of 1.0.2a.
I would like to submit a patch to enable X509_V_FLAG_PARTIAL_CHAIN support in OpenLDAP libldap, assuming it exists in the version of OpenSSL being use to build OpenLDAP.
What's the use case? It appears that the feature has been in OpenSSL since around 2012, but I don't see much documentation or chatter about it. Why is it useful, and do GnuTLS and MozNSS already support a similar feature?
Before I submit any patch I would like to know that would be acceptable for integration.
Should support always be enabled if the version of OpenSSL has it e.g. ifdef on X509_V_FLAG_PARTIAL_CHAIN Should it be a config time option check and ifdef enable if found in e.g. like the ifdef on HAVE_OPENSSL_CRL Are there more requirements that is required in the patch, before it would be accepted such as ldap_set_option support?
Thanks in advance, Doug.