On 11/06/2010 07:00, Ruediger Pluem wrote: > > On 05/19/2010 09:20 PM, [email protected] wrote: >> Author: jorton >> Date: Wed May 19 19:20:11 2010 >> New Revision: 946347 >> >> URL: http://svn.apache.org/viewvc?rev=946347&view=rev >> Log: >> - add test for SSLRequire PeerExtList() >> - test for the string-rendering hack in ssl_ext_lookup() >> - uses an OID stolen from the ASF OID branch; "official" assignment >> has been requested for the httpd project from akarasulu@ >> >> Modified: >> httpd/test/framework/trunk/t/conf/ssl/ssl.conf.in >> httpd/test/framework/trunk/t/ssl/extlookup.t >> httpd/test/framework/trunk/t/ssl/require.t >> > >> Index: lib/Apache/TestSSLCA.pm >> =================================================================== >> --- lib/Apache/TestSSLCA.pm (Revision 946346) >> +++ lib/Apache/TestSSLCA.pm (Revision 946347) >> @@ -243,6 +243,7 @@ >> >> [ comment ] >> nsComment = This Is A Comment >> +1.3.6.1.4.1.18060.12.0 = ASN1:UTF8String:Lemons > > This fails with openssl 0.9.7a on Redhat 4. >
It will do: that syntax needs the mini-ASN1 compiler which first appeared in OpenSSL 0.9.8. Including the raw encoding with the DER option should work on all versions, you can generate that with asn1parse in OpenSSL 0.9.8. FYI it is: 0c 06 4c 65 6d 6f 6e 73 Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org
