Dr Stephen Henson <[EMAIL PROTECTED]> wrote:
>>Tim Pushor wrote:
>>Has anybody managed to add basic constraints to a ca cert using SSLeay?
>Yes, that is what my ca-fix program does with the -caset option. This doesn't
>set the path length constraint though.
You shouldn't actually set the path length anyway, it's deprecated in the PKIX
profile, and there are no known implementations which use it. As a general
rule of thumb with fields in extensions, if you can't explain exactly why you
need it then it's probably a good idea not to use it (this eliminates about 50%
of all extension fields).
Peter.
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
