|
|
PathFinder is designed to provide a mechanism for any program to perform RFC3280-compliant path validation of X509 certificates, even when some of the intermediate certificates are not present on the local machine. By design, Pathfinder automatically downloads any such certificates (and their CRLs) from the Internet as needed using the AIA and CRL distribution point extensions of the certificates it is processing. For the convenience of those using OpenSSL or NSS (Netscape Security Services), two libraries containing a Pathfinder callback suitable for use with an SSL connection are provided with the main distribution.
It does its best to pass NIST PKITS, although it has not been submitted yet for formal validation.
If you are looking for a demonstration of Pathfinder, you may be interested in Pathviewer, which provides a graphical view of path validation via a GTK+ interface.
For patches to integrate Pathfinder with certain common applications please see: