subject:"Re\: \[openssl\-dev\] id\-kp\-OCSPSigning extended key usage"

Re: [openssl-dev] id-kp-OCSPSigning extended key usage

2017-09-12 Thread Erwann Abalea via openssl-dev

Bonjour, SHALL is not equivalent to a SHOULD, but to a MUST. See RFC2119. Cordialement, Erwann Abalea Le 12 sept. 2017 à 02:46, Winter Mute > a écrit : Hello, The RFC states that: OCSP signing

Re: [openssl-dev] id-kp-OCSPSigning extended key usage

2017-09-12 Thread Salz, Rich via openssl-dev

➢ Thanks for the clarification. Per the spec, then, a certificate designated to sign OCSP responses is required to have the ocsp-sign bit in the key usage extensions set. ➢ How does openssl handle cases where this requirement is violated? Look at check_delegated() in ocsp/ocsp_vfy.c It returns

Re: [openssl-dev] id-kp-OCSPSigning extended key usage

2017-09-12 Thread Winter Mute

Hi, Thanks for the clarification. Per the spec, then, a certificate designated to sign OCSP responses is required to have the ocsp-sign bit in the key usage extensions set. How does openssl handle cases where this requirement is violated? On Sep 12, 2017 3:27 PM, "Mischa Salle"

Re: [openssl-dev] id-kp-OCSPSigning extended key usage

2017-09-12 Thread Mischa Salle

Hi, On Tue, Sep 12, 2017 at 2:46 AM, Winter Mute wrote: > Hello, > The RFC states that: > >> OCSP signing delegation SHALL be designated by the inclusion of >> id-kp-OCSPSigning in an extended key usage certificate

Re: [openssl-dev] id-kp-OCSPSigning extended key usage

Re: [openssl-dev] id-kp-OCSPSigning extended key usage

Re: [openssl-dev] id-kp-OCSPSigning extended key usage

Re: [openssl-dev] id-kp-OCSPSigning extended key usage

4 matches

Site Navigation

Mail list logo

Footer information