enclosed pleas find a patch that adds support for the freshestCRL extension.
Have fun. --To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.
diff -rpc openssl-SNAP-20080309/crypto/objects/objects.txt openssl-mod/crypto/objects/objects.txt
*** openssl-SNAP-20080309/crypto/objects/objects.txt 2008-02-29 16:00:24.000000000 +0100
--- openssl-mod/crypto/objects/objects.txt 2008-03-09 15:33:41.000000000 +0100
*************** id-smime-ct 5 : id-smime-ct-TDTInfo
*** 251,257 ****
id-smime-ct 6 : id-smime-ct-contentInfo
id-smime-ct 7 : id-smime-ct-DVCSRequestData
id-smime-ct 8 : id-smime-ct-DVCSResponseData
- id-smime-ct 9 : id-smime-ct-compressedData
# S/MIME Attributes
id-smime-aa 1 : id-smime-aa-receiptRequest
--- 251,256 ----
*************** id-ce 35 : authorityKeyIdentifier : X50
*** 724,729 ****
--- 723,730 ----
id-ce 36 : policyConstraints : X509v3 Policy Constraints
!Cname ext-key-usage
id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage
+ !Cname delta-crldp
+ id-ce 46 : freshestCRL : X509v3 Delta CRL Distribution Point
!Cname inhibit-any-policy
id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy
!Cname target-information
*************** mime-mhs-headings 2 : id-hex-multipart-m
*** 793,799 ****
!Cname rle-compression
1 1 1 1 666 1 : RLE : run length compression
!Cname zlib-compression
! id-smime-alg 8 : ZLIB : zlib compression
# AES aka Rijndael
--- 794,800 ----
!Cname rle-compression
1 1 1 1 666 1 : RLE : run length compression
!Cname zlib-compression
! 1 1 1 1 666 2 : ZLIB : zlib compression
# AES aka Rijndael
diff -rpc openssl-SNAP-20080309/crypto/x509v3/ext_dat.h openssl-mod/crypto/x509v3/ext_dat.h
*** openssl-SNAP-20080309/crypto/x509v3/ext_dat.h 2006-12-19 00:00:39.000000000 +0100
--- openssl-mod/crypto/x509v3/ext_dat.h 2008-03-09 17:07:06.000000000 +0100
*************** extern X509V3_EXT_METHOD v3_bcons, v3_ns
*** 61,67 ****
extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
! extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
--- 61,67 ----
extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
! extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_delta_crld;
extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
*************** static X509V3_EXT_METHOD *standard_exts[
*** 121,127 ****
&v3_name_constraints,
&v3_policy_mappings,
&v3_inhibit_anyp,
! &v3_idp
};
/* Number of standard extensions */
--- 121,128 ----
&v3_name_constraints,
&v3_policy_mappings,
&v3_inhibit_anyp,
! &v3_idp,
! &v3_delta_crld
};
/* Number of standard extensions */
diff -rpc openssl-SNAP-20080309/crypto/x509v3/v3_crld.c openssl-mod/crypto/x509v3/v3_crld.c
*** openssl-SNAP-20080309/crypto/x509v3/v3_crld.c 2007-01-21 15:00:24.000000000 +0100
--- openssl-mod/crypto/x509v3/v3_crld.c 2008-03-09 16:13:23.000000000 +0100
*************** const X509V3_EXT_METHOD v3_crld =
*** 79,84 ****
--- 79,93 ----
NULL
};
+ const X509V3_EXT_METHOD v3_delta_crld = {
+ NID_delta_crldp, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+ 0,0,0,0,
+ 0,0,
+ 0,
+ v2i_crld,
+ i2r_crldp,0,
+ NULL};
+
static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
{
STACK_OF(CONF_VALUE) *gnsect;
smime.p7s
Description: S/MIME Cryptographic Signature
