Hodie XIV Kal. Sep. MMVIII est, Kyle Hamilton scripsit: > X.509 refers to the certificate version. 0 == version 1, 1 == version > 2, 2 == version 3. > > Version 1 certificates have no means for any extensions. > Version 2 certificates are CRLs.
? Version 2 certificates have "issuerUniqueIdentifier" and "subjectUniqueIdentifier" fields just after the subjectPublicKeyInfo. These are highly deprecated (I haven't seen any in the field). Version 3 certificates added support for extensions, after the 2 previously mentioned fields. CRLs exist since X509v1. > Version 3 certificates are the current norm, and most likely what you want. > > The best reference currently is RFC5280, and all of its references. X.509 standard is (my) best reference, on top of which RFC5280 adds some additional MUST, SHOULD, etc. (I disagree on some of them, that's why I prefer X.509, but it's a matter of choice). Oh, X.509 is free to download from the ITU-T website, as is the whole X.5xx group of documents, and most of the X.6xx (680 and 690 comes to mind, for ASN.1 and its encodings). That wasn't the case some months/years ago. -- Erwann ABALEA <[EMAIL PROTECTED]> ----- Keyboard not connected, press <F1> to continue. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
