"Michael" <[EMAIL PROTECTED]>:
> In
> particular, the new x509_extensions are particularly troublesome
> because they cause some clients to not function properly if
> incorrectly included in certificates. I can't find any descripton of
> x509_extensions attributes or their use.
An easy way out is to simply not use any X.509v3 extensions if you
don't know what they mean. That's usually no problem if you don't
need certification hierarchies with a depth larger than 1 (where depth
1 means that a root CA [with a self-signed certificate] signs
end-entities directly). Otherwise, you'll have to invest some time
learning about X.509v3 -- one page you'll want to read is
<URL:http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt>.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
