Alexandre, you've got it!!!
Monday, May 16, 2011, 3:07:54 PM, you wrote:
AA> I'd try that way:
AA> authorityInfoAccess = @aias
AA> [aias]
AA> caIssuers;URI.1=http://pervaya.ssilka/..
AA> caIssuers;URI.2=http://vtoraya.ssilka/..
(3) **** So maybe you know how to deal with unknown (to ssl)
extentions? For example:
MS revocation lists have 1.3.6.1.4.1.311.21.14 - CRL_SELF_CDP
Its structure is much the same as crlDistributionPoints (I even
inserted row format data, successfully).
0:d=0 hl=3 l= 180 cons: SEQUENCE
3:d=1 hl=3 l= 177 cons: SEQUENCE
6:d=2 hl=3 l= 174 cons: cont [ 0 ]
9:d=3 hl=3 l= 171 cons: cont [ 0 ]
12:d=4 hl=3 l= 168 prim: cont [ 6 ]
I tried:
1.3.6.1.4.1.311.21.14 = ASN1:SEQUENCE:crl_self
[ crl_self ]
URI.1 = UTF8:ldap:///CN=CA,CN=IssuerW2k8,CN=CDP,CN=Public....
URI.2 = UTF8:http://issuerw2k8.wud.lan/CertEnroll/RootCA.crl
or
1.3.6.1.4.1.311.21.14 = ASN1:SEQUENCE:crl_self
[ crl_self ]
fullname = SEQUENCE:crl_self_2
[ crl_self_2 ]
URI.1 = UTF8:ldap:///CN=CA,CN=IssuerW2k8,CN=CDP,........
URI.2 = UTF8:http://issuerw2k8.wud.lan/CertEnroll/RootCA.crl
Inner content differs, software do not recognize such object.
Your general advice: Can one construct an object for openssl.conf
just looking at its DER (or parsed) content, such as above??
Thanks in advance, Alex
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
