Skip to Content.
Sympa Menu

cacert-devel - Re: Patch request: Bug #540

Subject: CAcert Code Development list.

List archive

Re: Patch request: Bug #540

Chronological Thread 
  • From: Michael Tänzer <michael.taenzer AT>
  • To: cacert-devel AT
  • Cc: David McIlwraith <archaios AT>
  • Subject: Re: Patch request: Bug #540
  • Date: Wed, 25 Jul 2012 12:19:11 +0200
  • Openpgp: id=9940BEF1

Hi David,

On 25.07.2012 05:58, David McIlwraith wrote:
> It appears that order should not matter; it is strange that it was being
> 'ignored' in any sense (judging from my brief analysis). The missing
> 'crlDistributionPoints' was obviously an issue (non-compliance w/ both
> CPS and board resolution changing it), but I cannot exactly see why,
> apart from the case of DH (added keyNegotiation), that it should be
> ignored by OpenSSL entirely. It is indeed missing in the certs issued; I
> can see that myself.
>         X509v3 extensions:
>             X509v3 Basic Constraints: critical
>                 CA:FALSE
>             Netscape Comment:
>                 To get your own certificate for FREE head over to
>             X509v3 Extended Key Usage:
>                 E-mail Protection, TLS Web Client Authentication,
> Microsoft Encrypted File System, Microsoft Server Gated Crypto, Netscape
> Server Gated Crypto
>             Authority Information Access:
>                 OCSP - URI:
>             X509v3 Subject Alternative Name:
> email:archaios AT

This is on the test server or on the live system? On the live system the
KeyUsage is not deployed yet.

Have fun,
Michael Tänzer

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Archive powered by MHonArc 2.6.16.

Top of Page