Hello, You have to use "/" instead of the "," inside the LDAP-URI, because the "," delimits the URIs. The "?" does not do any harm, you can use it without change.
(Besides, some time ago I read in a comment that openssl would not support ldap-URIs because of the commas inside the ldap-URI. When you create text-output from a certificate with "openssl x509 -in certificate.pem -text" you see that the ldap entry for subject uses slashes! Just did the same, it worked.) Best regards, Michael -----Ursprungliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Im Auftrag von Jung-Ho Cha Gesendet: Freitag, 16. August 2002 10:52 An: [EMAIL PROTECTED] Betreff: How do I input ldap urls of the crlDistributionPoints URI value in openssl.cnf ? Hello, I use OpenSSL 0.97 library. I read the opensl.txt file and trying to use crlDistributionPoints extention option. But I met some problem to use crl repository point in ldap url format. The below shows the error messages. Error Loading extension section usr_cert 1704:error:0E06D06C:configuration file routines:NCONF_get_string:no value:P:\OpenSSL\openssl-0.9.7-beta2\crypto\conf\con f_lib.c:329:group=CA_default name=email_in_dn 1704:error:2207507C:X509 V3 routines:v2i_GENERAL_NAME:missing value:P:\OpenSSL\openssl-0.9.7-beta2\crypto\x509v3\v3_alt. c:391: 1704:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:P:\OpenSSL\openssl-0.9.7-beta2\crypto\x509v3\v3_ conf.c:92:name=crlDistributionPoints, value=URI: ldap://203.233.91.35:389/ou=dp2p1140,ou=LicensedCA,o=yessign,c=kr?certif icateRevocationList I surveyed the errors. I found the reason that the ldap url format has like this, ldap://203.233.91.35:389/ou=dp2p1140,ou=LicensedCA,o=yessign,c=kr?certif icateRevocationList and this string has the characters "," and "?". I also see the URI name value pair is delimited by "," in openssl.cnf file. So OpenSSL library read the "," in ldap url as URI delimiter. And fail to parse the string. I need some help to input the correct ldap url in openssl.cnf . Any one knows how to input the ldap url in openssl.cnf? Thanks. J. H. cha ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
