Hi,
The extended key usages id-kp-ipsecEndSystem, id-kp-ipsecTunnel and
id-kp-ipsecUser are obsoleted as per RFC 4945 § 5.1.3.12 section title
"ExtendedKeyUsage":
... Note that there were three IPsecrelated object identifiers in EKU
that were assigned in 1999. The semantics of these values were
According to RFC 4945 § 5.1.3.12 section title "ExtendedKeyUsage"[0] the
following extended key usage has been added:
... this document defines an ExtendedKeyUsage keyPurposeID that MAY be
used to limit a certificate's use:
id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 }
where id-kp
In a recent attempt to add missing extended key usage pieces, I noticed
that the OCSPSigning extended key usage was not fully implemented. It is
perfectly possible that I am not fully cognizant of how the code works,
and it is properly implemented. It is however, clearly not documented.
The atta
2010/9/29 Micah Anderson via RT
>
> According to RFC 4945 § 5.1.3.12 section title "ExtendedKeyUsage"[0] the
> following extended key usage has been added:
>
> ... this document defines an ExtendedKeyUsage keyPurposeID that MAY be
> used to limit a certificate's use:
>
> id-kp-ipsecIKE OBJEC
NIST (SP800-57 Part 1) recommends a minimum RSA key size of 2048-bits beyond
2010. From January 1st 2011, in order to comply with the current Microsoft[1]
and Mozilla[2] CA Policies, Commercial CAs will no longer be permitted to
issue certificates with RSA key sizes of <2048-bit.
Please accept
I am also attempting to build OpenSSL 1.0.0a on an antique "OSF1
system-name-here V4.0 1530 alpha alpha Tru64" system running Alpha 4.0G. I
also get the error about "dli" not being declared. This is the last of the
compile log where it fails:
cc -I.. -I../.. -I../asn1 -I../evp -I../../in
