On Tue, Nov 07, 2006, Simon McMahon wrote: > Found it: extendedKeyUsage = OCSP Signing, OCSP No Check > does the trick. >
Err no it doesn't it isn't part of EKU. > The RFC doesn't exactly make this clear that 'nocheck' is a part of > ExtendedKeyUsage but I guess that is not OpenSSL's problem. > That's isn't how its used. You should do: noCheck = yes though the value (the "yes" bit) is ignored and can be anything. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
