That's the [2] in:
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestorName [1] EXPLICIT GeneralName OPTIONAL,
requestList SEQUENCE OF Request,
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
2 being the explicit context-specific tag for requestExtensions.
Regards,
Steven
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sascha Kiefer
Sent: Wednesday, 7 September 2005 11:37 PM
To: [email protected]
Subject: Re: OCSP, Nonce and the requestExtensions
well, i do not see the CONTEXT SPECIFIC part in the spec!!!
Sascha.
Dr. Stephen Henson schrieb:
>On Wed, Sep 07, 2005, Sascha Kiefer wrote:
>
>
>
>>no, that's misunderstanding (well, my english is not that great); here
>>is the complete ocsp request generated by openssl (i'm not sure about
>>the version; i'm at work and tried it at home):
>>
>>Offset| Len |LenByte|
>>======+======+=======+====================================================
==========
>> 0| 102| 1| SEQUENCE :
>> 2| 100| 1| SEQUENCE :
>> 4| 77| 1| SEQUENCE :
>> 6| 75| 1| SEQUENCE :
>> 8| 73| 1| SEQUENCE :
>> 10| 9| 1| SEQUENCE :
>> 12| 5| 1| OBJECT IDENTIFIER : sha1
>>[1.3.14.3.2.26]
>> 19| 0| 1| NULL :
>> 21| 20| 1| OCTET STRING :
>> | | |
>>C0FE0278FC99188891B3F212E9C7E1B21AB7BFC0
>> 43| 20| 1| OCTET STRING :
>> | | |
>>0DFC1DF0A9E0F01CE7F2B213177E6F8D157CD4F6
>> 65| 16| 1| INTEGER :
>> | | | 4302AB26321D1C8AA2B54FEE5F8335A5
>> 83| 19| 1| CONTEXT SPECIFIC (2) :
>> 85| 17| 1| SEQUENCE :
>> 87| 15| 1| SEQUENCE :
>> 89| 9| 1| OBJECT IDENTIFIER :
>>[1.3.6.1.5.5.7.48.1.2]
>> 100| 2| 1| OCTET STRING :
>> 102| 16| 1| OCTET STRING :
>> | | |
7F6B115E2A42DCE810F762B1E389A610
>>
>>Here the RFC2560:
>>
>>OCSPRequest ::= SEQUENCE {
>> tbsRequest TBSRequest,
>> optionalSignature [0] EXPLICIT Signature OPTIONAL }
>>
>>TBSRequest ::= SEQUENCE {
>> version [0] EXPLICIT Version DEFAULT v1,
>> requestorName [1] EXPLICIT GeneralName OPTIONAL,
>> requestList SEQUENCE OF Request,
>> requestExtensions [2] EXPLICIT Extensions OPTIONAL }
>>
>>So, as you can see: the CONTEXT SPECIFIC part is actually the
>>requestExtensions part But why is it context specifiy and not just the
>>sequences?
>>
>>
>>
>
>I'm not sure what you are asking here.
>
>>From an ASN1 point of view several of those tags are unnecessary and
>>it could
>have been written without them, but as its in the spec we have to do it.
>
>Steve.
>--
>Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL
>project core developer and freelance consultant.
>Funding needed! Details on homepage.
>Homepage: http://www.drh-consultancy.demon.co.uk
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [email protected]
>Automated List Manager [EMAIL PROTECTED]
>
>
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
