Subject: CAcert Code Development list.
List archive
- From: David McIlwraith <archaios AT cacert.org>
- To: Michael Tänzer <michael.taenzer AT cacert.org>
- Cc: cacert-devel AT lists.cacert.org
- Subject: Re: Patch request: Bug #540
- Date: Wed, 25 Jul 2012 20:34:23 +1000
Hi Michael,
On 25/07/12 20:19, Michael Tänzer wrote:
Hi David,
On 25.07.2012 05:58, David McIlwraith wrote:
It appears that order should not matter; it is strange that it was being
'ignored' in any sense (judging from my brief analysis). The missing
'crlDistributionPoints' was obviously an issue (non-compliance w/ both
CPS and board resolution changing it), but I cannot exactly see why,
apart from the case of DH (added keyNegotiation), that it should be
ignored by OpenSSL entirely. It is indeed missing in the certs issued; I
can see that myself.
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
Netscape Comment:
To get your own certificate for FREE head over to
http://www.CAcert.org
X509v3 Extended Key Usage:
E-mail Protection, TLS Web Client Authentication,
Microsoft Encrypted File System, Microsoft Server Gated Crypto, Netscape
Server Gated Crypto
Authority Information Access:
OCSP - URI:http://ocsp.cacert.org
X509v3 Subject Alternative Name:
email:archaios AT cacert.org
This is on the test server or on the live system? On the live system the
KeyUsage is not deployed yet.
Live system. I know it's not deployed yet. What I meant was that the patch submitted changes the _order_ of the keyUsage line -- there's no (basic) keyUsage at ALL specified on any certs as it stands (only extendedKeyUsage), which means it appears to be ignoring keyUsage entirely when generating them. As for the root certs, I filed a separate bug concerning those; they should only have certSigning and cRLSigning as keyUsage attributes (when they are to be replaced, in any case).
Regards,
- David McIlwraith
<archaios AT cacert.org>
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Patch request: Bug #540, Michael Tänzer, 07/24/2012
- Re: Patch request: Bug #540, David McIlwraith, 07/25/2012
- Re: Patch request: Bug #540, David McIlwraith, 07/25/2012
- Re: Patch request: Bug #540, Michael Tänzer, 07/25/2012
- Re: Patch request: Bug #540, David McIlwraith, 07/25/2012
- Re: Patch request: Bug #540, David McIlwraith, 07/25/2012
- Re: Patch request: Bug #540, David McIlwraith, 07/25/2012
- Re: Patch request: Bug #540, Michael Tänzer, 07/25/2012
- Re: Patch request: Bug #540, David McIlwraith, 07/25/2012
- Re: Patch request: Bug #540, Kenneth R. van Wyk, 07/25/2012
- Re: Patch request: Bug #540, Wytze van der Raay, 07/25/2012
- Re: Patch request: Bug #540, Kenneth R. van Wyk, 07/26/2012
- Re: Patch request: Bug #540, Wytze van der Raay, 07/26/2012
- Re: Patch request: Bug #540, Kenneth R. van Wyk, 07/26/2012
- Re: Patch request: Bug #540, Wytze van der Raay, 07/27/2012
- Re: Patch request: Bug #540, Kenneth R. van Wyk, 07/27/2012
- Re: Patch request: Bug #540, INOPIAE (Marcus), 07/27/2012
- Re: Patch request: Bug #540, Kenneth R. van Wyk, 07/27/2012
- Re: Patch request: Bug #540, Wytze van der Raay, 07/28/2012
- Re: Patch request: Bug #540, Kenneth R. van Wyk, 07/27/2012
- Re: Patch request: Bug #540, INOPIAE (Marcus), 07/27/2012
- Re: Patch request: Bug #540, Kenneth R. van Wyk, 07/27/2012
- Re: Patch request: Bug #540, David McIlwraith, 07/25/2012
Archive powered by MHonArc 2.6.16.