When creating a certificate using an openssl CA, I specify the x509v3
extension basicConstraints = critical,CA:FALSE.
Looking at the generated certificate using
% openssl x509 -noout -text -purpose -in nonca.pem
...
X509v3 Basic Constraints: critical
CA:FALSE <====================
...
Certificate purposes:
SSL client : Yes
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : Yes
S/MIME signing CA : No
S/MIME encryption : Yes
S/MIME encryption CA : No
CRL signing : No
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes <==================
OCSP helper : Yes
OCSP helper CA : No
How can this be, CA usage is "critical"ly forbidden, yet the CA
usage for "Any Purpose" is possible ??? Is this an openssl problem,
or a misunderstanding on my side?
Irritated,
Martin
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
