Rodney Thayer wrote:
>
> I've got a certificate coming out of Openssl (0.9.6) that has
> a basicConstraints field with an empty sequence when I do
>
> basicConstraints=CA:FALSE
>
> where is that parsed? I want to look at the code. I think it's
> supposed to be a sequence of a zero.
>
> was this written down somewhere I should have read?
>
The encoding is correct. The CA flag is DEFAULT FALSE which under DER
rules means it is omitted and the path length is absent. The result is
an empty SEQUENCE.
This code for this is in crypto/x509v3/v3_bcons.c
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
