Hello Kyle, can you elaborate on the quoted statement ? Since the RFC-5280 describes the profile for certificates and CRLs, how OpenSSL's generated certificates are not compatible with it? If you are referring to the configuration used, that's not really a concern of the OpenSSL's team, but if there are wrong encoding rules in the library can you point them out, please ?
Cheers, Max On 07/13/2010 09:09 PM, aerow...@gmail.com wrote: [...]
There's also the need to ensure that the certificates that OpenSSL comes up with are compatible with X.509 and PKIX (they are *not* currently compatible with the latest version of PKIX, which is in RFC 5280; it's
[...]
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
project.mana...@openca.org
Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
smime.p7s
Description: S/MIME Cryptographic Signature
