[openssl.org #1360] critical extension id-pe-qcStatements as per RFC 3039 not supported

Ulf Moeller via RT Tue, 11 Jul 2006 23:22:46 -0700

[guest - Tue Jul 11 09:13:28 2006]:

> testmail2.signed-original.eml is one example that doesn't validate


The qcStatements extension in the certificate is

 2714:d=8  hl=2 l=  39 cons: SEQUENCE
 2716:d=9  hl=2 l=   8 prim: OBJECT            :qcStatements
 2726:d=9  hl=2 l=   1 prim: BOOLEAN           :255
 2729:d=9  hl=2 l=  24 prim: OCTET STRING      [HEX
DUMP]:3016300A06082B06010505070B013008060604008E460101

However the qcStatements definition per rfc 3039 is

QCStatements ::= SEQUENCE OF QCStatement

QCStatement ::= SEQUENCE {
    statementId        OBJECT IDENTIFIER,
    statementInfo      ANY DEFINED BY statementId OPTIONAL}

So it seems to me the certificate is encoded incorrectly.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

[openssl.org #1360] critical extension id-pe-qcStatements as per RFC 3039 not supported

Reply via email to