Le 28/11/2013 22:18, Rob Stradling a écrit :
On 28/11/13 15:14, Erwann Abalea wrote:
How nice, they're asking for a self-signed certificate to include a
specific EKU to indicate it's a Trust Anchor, and the OID used for this
has never been allocated. Crazy.
It's crazier than that. RFC5906 seems to think it can put a string
into the EKU extension rather than OID(s)! Appendix J says...
"Extended Key Usage. This field...contains the string "Private" if
the certificate is designated private or the string "trustRoot" if
it is designated trusted..."
And the reference code uses the strings "Trust Root" and "Private".
I subscribed and sent a series of questions on this yesterday, it's
still pending for moderation.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
