Yes, the fact that the "any purpose" OID is present means that applications may use the cert/keypair for anything. Not that you are asking to show the purpose field, which doesn't actually contradict the RFC. It says, at the bottom of page 44, "
Certificate using applications MAY require that the extended key usage extension be present and that a particular purpose be indicated in order for the certificate to be acceptable to that application." -- Rich Salz, OpenSSL dev team; rs...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org