Carillon Pathfinder

(Version 1.1.3)

What is it?

Pathfinder is designed to provide a mechanism for any program to perform RFC5280-compliant path validation of X.509 certificates, even when some of the intermediate certificates are not present on the local machine. It will automatically download any such certificates, and fetch revocation information using CRL or OCSP from the Internet as needed using the AIA and CRL distribution point extensions of the certificates it is processing.

Current Status:

This release handles all current cases necessary to support the CertiPath commercial PKI Bridge, as well as more simple hierarchical PKI cases. For more information and instructions on use, please see the README file in the source distribution.

Pathfinder is presently under active development, but version 1.1.3 is considered stable for production use.

Users of earlier versions are strongly recommended to upgrade to version 1.1.3, as support for OCSP has been improved and numerous improvements have been made, particularly to the way cached CRLs are handled. There are also fixes to support older Verisign CA's, and CA's that don't have AKI in their certificates.

Pathfinder-Aware Projects:

We've developed patches and utilities for several common open-source packages that use certificates.

  • Apache 2.2.8 web server, to use Pathfinder for client certificate validation.
  • FreeRADIUS 2.0.1 authentication server, to use Pathfinder for client certificate validation.
  • OpenLDAP 2.3.43 and 2.4.16 directory server, firstly to use Pathfinfder for client certificate validation, and secondly to include a port of the Boeing ldap_proxy backend that uses Pathfinder to validate fetched certificates.
  • Stunnel 4.23 universal SSL wrapper, to use Pathfinder for validation of the remote party's certificate.
  • NEW: xmlsec 1.2.12 XML Security Library, to use Pathfinder for validation of certificates when verifying a digitally signed XML structure.

License:

Pathfinder is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

Pathfinder is Copyright © 2007-2010 Carillon Information Security Inc. Please report any issues or comments to the Pathfinder mailing list.

This product uses cryptographic software written by Eric Young (eay@cryptsoft.com).

Download:

Source: From Google Code

Instructions: Care and Feeding of Pathfinder (PDF), including step-by-step instructions for the installation, setup, configuration, and use of Pathfinder.