When attempting to validate certificates using a CRL with the X509_verify_cert setup, it fails w/ the error code 36 - X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
The extension in question is the AKID - Authority Key Identifier The odd thing is - this extension IS indeed handled by x509_vfy - so it shouldn't be considered unhandled. Our current workaround is to manually check for 'unknown' critical extensions and set the flag to ignore unknown CRL critical extensions. Commit 010fa0b33169cfc9179bda29c34c05af80f78e27 (Thu Sep 21 08:42:15 2006) adds the check for unhandled critical extensions - however even at that point, the AKID was being honored (code committed in bc7535bc7fe30fbba222c316a3957da7d906603b Thu Sep 14 13:25:02 2006) This code does not appear to be conditional to any platform, however it is being experience specifically on Windows (x86_64/x86), OSX 10.7 and 10.8 (x86_64), Linux (x86_64) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
