Even still, I can't see any options with the openssl command line tool to set the version number…
I think setting the version number should be ditched since it has no meaning externally anyway, it isn't supported by any common APIs, and supporting it requires a very kludgy implementation. I think we should support properly getting the version (in case it was previously generated with a weird version number), but not setting it anymore... -- Matt Hauck On Friday, January 11, 2013 at 11:45 AM, Matt Hauck wrote: > I'm working on reworking OpenSSL::X509::Request to not be dependent on BC as > a provider and to not use deprecated BC classes. One of the stumbling blocks > I've run into is the method that lets you set the version of a request object. > > The strange thing about this is that there is no way to do it except hacking > the ASN1Sequence. BC gives no API whatsoever to set this version, and this > seems to be the right choice. And they don't seem to be shortchanging us, > given the specification of R (http://tools.ietf.org/html/rfc2986)FC 2986: > > version is the version number, for compatibility with future revisions of > this document. It shall be 0 for this version of the standard. > > Is there a reason why we have to implement "version="? > > -- > Matt Hauck >
