Hi, This question is regarding the extended key usage extension implementation which differs from the specification [RFC 2459].
I read RFC 2459 in http://www.faqs.org/rfcs/rfc2459.html section 4.2.1.13 Extended key usage field. It says that "If the extension is flagged non-critical, then it indicates the intended purpose or purposes of the key, and may be used in finding the correct key/certificate of an entity that has multiple keys/certificates. It is an advisory field and does not imply that usage of the key is restricted by the certification authority to the purpose indicated. Certificate using applications may nevertheless require that a particular purpose be indicated in order for the certificate to be acceptable to that application." But in http://www.openssl.org/docs/apps/x509.html#CERTIFICATE_EXTENSIONS, it says that openssl uses the key only for the specified purpose, if the extended key usage is present regardless of whether it is critical or not. So, my question is why is openssl acting as if extended key usage is critical even though it is marked as non-critical? Thanks Durga Prasad ----- Durga Prasad Jammula webpage : http://durgaprasad.wordpress.com ____________________________________________________________________________________ Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
