Hello,
All certificates I have encountered with this extension seem to have a
problem with the encoding of the distributionPoint.
According to the specs:
DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
x509 implementations seem to confuse the "GeneralNames" with "GeneralName".
The distinction is that the former is a sequence consisting of one or more
instances of the latter, i.e:
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
Am I wrong about this? How does openssl parse this extension?
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
