Mads Rasmussen wrote:
[...]
> My doubt is that the OPTIONAL extensions (crlEntry and crlExtensions)
> doen't seem to be used. I have tested CRLs from VeriSign, GlobalSign and
> Thawte but none uses the OPTIONAL fields just.
>
> I know that the version number for the CRL changes from 1 to 2 when
> these fields are present but I cannot find one CRL as an example
>
> Could someone please help me with this? I am developing a PKI tool and
> would like to be able to treat these extensions.
Hi,
the extensions within the CRLs are, as a matter of fact, not used right
now because of clients incompatibility with them, i.e. Netscape (at least
V4.xx as far as I know) seems to have problems handling V2 CRLs.
OpenSSL, and thus OpenCA, is capable of generating CRLs with extensions,
anyway.
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] madwolf at cpan.org
madwolf at openca.org
http://www.openca.org madwolf at hackmasters.net
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
