OpenSSL is correct to expect the extension as an IA5STRING. The
netscape-comment extension is defined with the OID
2.16.840.1.113730.1.13 and should be an IA5STRING.
Some references (It's not in any RFC afaik):
https://docs.oracle.com/cd/E19957-01/816-5533-10/ext.htm#1043093
Hi,
I have an OpenSSL based client which fails when validating a certificate
generated by IBM RACF. It fails because the ASN.1 tag for the X509v3 extension
Netscape Comment is 19 (V_ASN1_PRINTABLESTRING) and OpenSSL is expecting 22
(V_ASN1_IA5STRING). Is this a bug in OpenSSL or RACF? Can