Kyle Hamilton wrote:
X.509 refers to the certificate version. 0 == version 1, 1 == version 2, 2 == version 3.Version 1 certificates have no means for any extensions. Version 2 certificates are CRLs.
CRLs use the asn1 type Version. CRLs with extensions have Version 2, but this has nothing to do with certificates. Version 2 may be used for certificates that have unique identifiers but no extensions. Since nobody seems really to use this, and there is no support in Openssl, and one still may indicate version 3 ... To be complete, these Version values also have nothing to do with the version number of the X509 standard.
Version 3 certificates are the current norm, and most likely what you want.
'Current norm' means what?I'd say: Since you most likely add extensions, then version 3 is what you set. I seems unlikely to me that a future version of X509 will change the verision
number of a certficate. This would be necessary if add some asn1 field after the extensions instead of defining an extension. IMO, a call to X509_set_version should not be necessary. openssl could ensure to set a good value depending on whether you have extensions of not unless the version has been set to explicitely.
The best reference currently is RFC5280, and all of its references. -Kyle H On Tue, Aug 19, 2008 at 2:08 AM, Sanjith Chungath <[EMAIL PROTECTED]> wrote:Hi, I can set a certificate version using function X509_set_version(). Can some one give me a reference to different certificate versions that are available and the significance of each version number. -Thanks and Regards, -Sanjith.______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature