Hi I found a bug in CRL Lists. It is possible to do signing of the List with a certificate, which shouldn't do it because of the Key Usage extension. If this extension is set critical and CRLSign is not listed, you shouldn't do the signing. Specification says, that you should do anything with a certificate, if you don't understand the critical sections. So it would be better to do nothing instead.
Sincerely Maria Siebert ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
