Kyle Hamilton wrote:
[...] this CA in question is not generating improper certificates. It is generating proper CRLs, and it is simply encoding and transmitting them as PEM-encoded DER-encoded CRL structures when RFC5280 (which, by the way, I've been repeatedly told that NSS does *NOT* comply with) states that they must be sent as DER-encoded.
It does not *fully* support RFC3280, but I think all what it supports is RFC3280 compatible, and also it seems to me that in Firefox 3 it supports quite more of RFC3280 than OpenSSL.
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto