It might be a good idea to add the following information to the documentation for gnutls_x509_crt_set_version:
To create well-formed certificates, you must specify version 3 if you use any certificate extensions. Extensions are created by functions such as gnutls_x509_crt_set_subject_alternative_name or gnutls_x509_crt_set_key_usage. (I don't know if GNUTLS supports the v2 extensions.) GNUTLS doesn't check if a v1 certificate contains any extensions, but other X.509 implementations do. If you ever run into the "no more data allowed for version 1 certificate" error message (or, alternatively, "java.lang.Object cannot be cast to gnu.java.security.OID"), you know where to look. -- Florian Weimer <[EMAIL PROTECTED]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
