Hello, I use OpenSSL 0.97 library. I read the opensl.txt file and trying to use crlDistributionPoints extention option. But I met some problem to use crl repository point in ldap url format. The below shows the error messages. Error Loading extension section usr_cert 1704:error:0E06D06C:configuration file routines:NCONF_get_string:no value:P:\OpenSSL\openssl-0.9.7-beta2\crypto\conf\con f_lib.c:329:group=CA_default name=email_in_dn 1704:error:2207507C:X509 V3 routines:v2i_GENERAL_NAME:missing value:P:\OpenSSL\openssl-0.9.7-beta2\crypto\x509v3\v3_alt. c:391: 1704:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:P:\OpenSSL\openssl-0.9.7-beta2\crypto\x509v3\v3_ conf.c:92:name=crlDistributionPoints, value=URI: ldap://203.233.91.35:389/ou=dp2p1140,ou=LicensedCA,o=yessign,c=kr?certif icateRevocationList
I surveyed the errors. I found the reason that the ldap url format has like this, ldap://203.233.91.35:389/ou=dp2p1140,ou=LicensedCA,o=yessign,c=kr?certif icateRevocationList and this string has the characters "," and "?". I also see the URI name value pair is delimited by "," in openssl.cnf file. So OpenSSL library read the "," in ldap url as URI delimiter. And fail to parse the string. I need some help to input the correct ldap url in openssl.cnf . Any one knows how to input the ldap url in openssl.cnf? Thanks. J. H. cha ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
