On Tue Mar 12 23:15:50 2013, thomas_harn...@symantec.com wrote: > When attempting to validate certificates using a CRL with the > X509_verify_cert setup, it fails w/ the error code 36 - > X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION > > The extension in question is the AKID - Authority Key Identifier >
I was going to say that's a violation of RFC5280 but it only says it MUST be non-critical in certificates and says nothing about criticality of AKID in CRLs. This issue can be addressed in crypto/asn1/x_crl.c in the function crl_cb. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org