Hello, All certificates I have encountered with this extension seem to have a problem with the encoding of the distributionPoint. According to the specs:
DistributionPointName ::= CHOICE { fullName [0] GeneralNames, nameRelativeToCRLIssuer [1] RelativeDistinguishedName } x509 implementations seem to confuse the "GeneralNames" with "GeneralName". The distinction is that the former is a sequence consisting of one or more instances of the latter, i.e: GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName Am I wrong about this? How does openssl parse this extension?
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev