Ulf Moeller via RT wrote:
> The certificate encoding is in fact ok:
>
> 2716 8: OBJECT IDENTIFIER qcStatements (1 3 6 1 5 5
> 7 1 3)
> 2726 1: BOOLEAN TRUE
> 2729 24: OCTET STRING, encapsulates {
> 2731 22: SEQUENCE {
> 2733 10: SEQUENCE {
> 2735 8: OBJECT IDENTIFIER
> : pkixQCSyntax-v1 (1 3 6 1 5 5 7 11 1)
> : }
> 2745 8: SEQUENCE {
> 2747 6: OBJECT IDENTIFIER
> : etsiQcsCompliance (0 4 0 1862 1 1)
> : }
> : }
> : }
> : }
>
> Google doesn't find the defintion of "etsiQcsCompliance", so I don't
> know what would be required to implement the extension.
in the isis-mtt context this extension is called "id-etsi-qcs-QcCompliance"
(see http://www.isis-mtt.t7-isis.org/ in case you have too much time to
waste ;-) .Afaik it simply means that the CA who issued the certificate
must be in compliance with ETSI TS 101 456 v1.1.1 ("Policy Requirements for
Certification Authorities Issuing Qualified Certificates").
As I have no real clue what to do with such an extension when verifying
a certificate I would simply ignore it.
Cheers,
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
