Florian Weimer <[EMAIL PROTECTED]> writes: > It might be a good idea to add the following information to the > documentation for gnutls_x509_crt_set_version: > > To create well-formed certificates, you must specify version 3 if > you use any certificate extensions. Extensions are created by > functions such as gnutls_x509_crt_set_subject_alternative_name or > gnutls_x509_crt_set_key_usage.
Added. > (I don't know if GNUTLS supports the v2 extensions.) I'm not familiar with v2 certificates... It might be possible to create them using the GnuTLS API's. > GNUTLS doesn't check if a v1 certificate contains any extensions, but > other X.509 implementations do. I've added checking this to the TODO list: - Chain verifications. ... - Reject extensions in v1 certificates. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
