On Tue, Aug 15, 2006, [EMAIL PROTECTED] wrote:
> Hi,
>
> this is what I get with
>
> openssl x509 -certopt ext_error -text -noout -in ....
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> X509v3 Key Usage:
> Digital Signature, Key Encipherment
> 1.3.6.1.4.1.311.21.7:
> <Not Supported>
> X509v3 Extended Key Usage:
> TLS Web Server Authentication, TLS Web Client Authentication
> X509v3 Certificate Policies:
> <Parse Error>
> 1.3.6.1.4.1.311.21.10:
> <Not Supported>
> Signature Algorithm: sha1WithRSAEncryption
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
0:d=0 hl=2 l= 116 cons: SEQUENCE
2:d=1 hl=2 l= 114 cons: SEQUENCE
4:d=2 hl=2 l= 12 prim: OBJECT :1.3.6.1.4.1.2916.3.6.509.1
18:d=2 hl=2 l= 98 cons: SEQUENCE
20:d=3 hl=2 l= 96 cons: SEQUENCE
22:d=4 hl=2 l= 8 prim: OBJECT :Policy Qualifier CPS
32:d=4 hl=2 l= 84 prim: BMPSTRING
The last line is the problem. The policy qualifier type is id-qt-cps and by
RFC3280 et al the last field should be of type IA5String not BMPString.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
