The only way I've found to bring in a crlDistributionPoints value like this is to DER encode it.
echo URI:ldap//some.server/cn=Test-ZS1,o=x x,c=de?certificateRevocationList
| od -A n -t xC
| sed -e '1s/^/DER/' -e 's/ /:/g' -e 's/$/\\/' -e '$s/\\$//'
and add the result to the line
crlDistributionPoints=...
On Tue, Jun 25, 2002 at 01:16:40PM +0200, Bernhard Reiter wrote:
> Some CA add a crlDistributionPoints attribute for ldap.
> I haven't found an obvious way to do this, because
> of the comma seperating multivalue feature.
>
> crlDistributionPoints=URI:ldap//some.server/cn=Test-ZS1,o=x
>x,c=de?certificateRevocationList
>
> fails:
> 26922:error:2207507C:X509 V3 routines:v2i_GENERAL_NAME:missing value:v3_alt.c:391:
> 26922:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in
>extension:v3_conf.c:92:name=crlDistributionPoints,
>value=URI:ldap//thetis.intevation.de/cn=Test-ZS1,o=x x?certificateRevocationList
>
> Is this a bug?
> Openssl version 0.9.8 cvs from a couple of days ago.
--
Professional Service for Free Software (intevation.net)
The FreeGIS Project (freegis.org)
Association for a Free Informational Infrastructure (ffii.org)
FSF Europe (fsfeurope.org)
msg12156/pgp00000.pgp
Description: PGP signature
