On Wed, Apr 13, 2005, Eddy Tan wrote: > > > error 36 at 0 depth lookup:unhandled critical CRL extension > > > > > Depends on what the critical extension is. Most probably it > > means that kind of CRL is not supported. > > > > Post what you get with: > > openssl crl -in crl.pem -text -noout > > > Hi Steve, > > Below is what I got when doing that query: > > Certificate Revocation List (CRL): > Version 2 (0x1) > Signature Algorithm: sha1WithRSAEncryption > Issuer: /C=AU/O=SecureNet Limited/CN=SecureNet Health OCA > Last Update: Apr 12 07:32:27 2005 GMT > Next Update: Apr 12 08:27:27 2005 GMT > CRL extensions: > X509v3 CRL Number: > 57775 > X509v3 Authority Key Identifier: > keyid:4F:AA:A5:B6:A9:E2:EF:B6 > > 2.5.29.28: critical > 0. > Revoked Certificates: > Serial Number: 3E517BA9 > Revocation Date: Feb 18 00:34:32 2003 GMT > CRL entry extensions: > X509v3 CRL Reason Code: > Superseded > Serial Number: 3E517D55 > [...snip...] >
That's Issuer Distribution Point (IDP). Unfortunately adding full support for that CRL extension is not easy. Can you send me that CRL? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
