Averroes wrote: > > Hi lists, > > This is a repost, > > Are ReasonCode & CRLReason CRL Extensions implemented > in openssl-0.9.6b? >
"CRL Extensions" covers quite a lot of ground. Some extensions are supported such as AuthorityKeyIdentifier. However no CRL entry extensions are supported in 0.9.6b. 0.9.7 will support CRL reason, Invalidity date and Hold Instruction. > idem with: cRLNumber, deltaCRLIndicator > No neither of those are currently supported. > how to configure CRL extensions section in openssl.cnf ? > > And last, there is an "unknown" field in openssl index.txt database field, > could it be possile to write here "cRLNumber"? > I think the best way to handle this would be in a similar way to the certificate serial number: have a file called crlnum.txt (by default) and increment that on each CRL issued. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
