Subject: CAcert Code Development list.
- From: David McIlwraith <archaios AT cacert.org>
- To: cacert-devel AT lists.cacert.org
- Subject: Re: Patch request: Bug #540
- Date: Tue, 31 Jul 2012 11:12:56 +1000
On 31/07/12 05:25, Kenneth R. van Wyk wrote:
On Jul 28, 2012, at 4:22 AM, Wytze van der Raay
<wytze AT cacert.org>
Do you still have the working certificate from the test system?
If so, could you please send us the output from these:
openssl x509 -in old-working-certificate -text -noout
openssl x509 -in new-nonworking-certificate -text -noout
Even if you don't have the old working certificate anymore, it will
still be useful to send us the output for the new-nonworking-cert.
Alas, that test cert was long ago discarded. But I do have the two I
generated after the patch was installed. One is signed with the class-3....
Neither of these work on my iPhone or iPad (running standard, off the shelf
Attached is the above output for each of my certs. I hope it helps. If I can
do any further testing, just let me know.
Judging from the output, keyUsage when set to 'critical' is output correctly in the certificates now (*FINALLY*). For some reason, the original "bugfix" simply changed it to add it as a critical ASN.1 attribute -- which is not really a good fix, _since_ OpenSSL should have output keyUsage irrespective of the critical status.
In any case, that aside, all the attributes in your client certificates are correct -- keyUsage, extendedKeyUsage, OCSP URI, etc. I can't imagine why it does not work as-is. Have you imported the root certificates?
- David McIlwraith
<archaios AT cacert.org>
Description: S/MIME Cryptographic Signature
- Re: Patch request: Bug #540, (continued)
- Re: Patch request: Bug #540, Kenneth R. van Wyk, 07/25/2012
- Re: Patch request: Bug #540, Wytze van der Raay, 07/25/2012
- Re: Patch request: Bug #540, Wytze van der Raay, 07/27/2012
- Re: Patch request: Bug #540, Kenneth R. van Wyk, 07/27/2012
Archive powered by MHonArc 2.6.16.