Thanks TIM, it works as expected.
On 6/5/10 2:20 AM, Tim Hudson t...@cryptsoft.com wrote:
On 5/06/2010 12:56 AM, Fares Gianluca wrote:
Hi all,
I¹m try to figure out why my X509_REQ signature is always not verified.
I¹m using openssl-1.0.0 and gclib.dll provided by gemalto.
It is helpful
I tested this openssl 1.0.0. Error 34 is gone now but now error 47 shows
up which shows the name constraint is being applied. However, it's being
applied or verified in a way that I don't understand.
To show you I have simplified the test. Generating only one end
certificate and specifying one
I did a little debugging and managed to fix on my end.
The issue is now resolved. There's nothing wrong with OpenSSL1.0.0's
handling of nameConstraints. It just Rocks!
For those who might run into the same problem i'll explain more.
Debugging revealed the problem to be in the following area: