OpenSSL is correct to expect the extension as an IA5STRING. The netscape-comment extension is defined with the OID 2.16.840.1.113730.1.13 and should be an IA5STRING.
Some references (It's not in any RFC afaik): https://docs.oracle.com/cd/E19957-01/816-5533-10/ext.htm#1043093 https://msdn.microsoft.com/en-us/library/windows/desktop/aa378149(v=vs.85).aspx -- Kurt Cancemi https://www.x64architecture.com On Fri, Jan 27, 2017 at 12:13 AM, Rod Falck <r.fa...@comforte.com> wrote: > Hi, > > > > I have an OpenSSL based client which fails when validating a certificate > generated by IBM RACF. It fails because the ASN.1 tag for the X509v3 > extension Netscape Comment is 19 (V_ASN1_PRINTABLESTRING) and OpenSSL is > expecting 22 (V_ASN1_IA5STRING). Is this a bug in OpenSSL or RACF? Can > anyone point me to the RFC, or any document, that specifies the expected tag > value? > > > > Rod. > > -- > > Rod Falck. Software Architect. comForte Pty Ltd. > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
