On Thu, Dec 18, 2003, Michael Bell wrote: > Hi all, > > there is a draft for a technical corrigendum of X.509. > > http://www.pki-page.info/download/N12599.doc > > Does somebody have an idea how to integrate the replacement of > nonRepudiation by contentCommitment seamlessly into OpenSSL? I'm a > little bit surprised that such an old and established standard is > subject of such a basic change. >
Well it appears the only change as far as OpenSSL is concerned is that the name of the bit has changed. It's easy enough to change that in crypto/x509v3/v3_bitst.c That would break existing config files and anything which parses the output of the X509v3 print routines: something which I've strongly advised against several times but some people still do it. The current code doesn't support two different names for the same bit (if you add two it will misbehave and print out both names) but its easy enough to change. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]