Skip to Content.
Sympa Menu

cacert-devel - Re: Patch request: Bug #540

Subject: CAcert Code Development list.

List archive

Re: Patch request: Bug #540

Chronological Thread 
  • From: David McIlwraith <archaios AT>
  • To: cacert-devel AT
  • Subject: Re: Patch request: Bug #540
  • Date: Tue, 31 Jul 2012 11:12:56 +1000

Hi all,

On 31/07/12 05:25, Kenneth R. van Wyk wrote:

On Jul 28, 2012, at 4:22 AM, Wytze van der Raay 
<wytze AT>
Do you still have the working certificate from the test system?
If so, could you please send us the output from these:

  openssl x509 -in old-working-certificate -text -noout
  openssl x509 -in new-nonworking-certificate -text -noout

Even if you don't have the old working certificate anymore, it will
still be useful to send us the output for the new-nonworking-cert.

Alas, that test cert was long ago discarded. But I do have the two I 
generated after the patch was installed. One is signed with the class-3....

Neither of these work on my iPhone or iPad (running standard, off the shelf 
iOS 5.1.1).

Attached is the above output for each of my certs. I hope it helps. If I can 
do any further testing, just let me know.

Judging from the output, keyUsage when set to 'critical' is output correctly in the certificates now (*FINALLY*). For some reason, the original "bugfix" simply changed it to add it as a critical ASN.1 attribute -- which is not really a good fix, _since_ OpenSSL should have output keyUsage irrespective of the critical status.

In any case, that aside, all the attributes in your client certificates are correct -- keyUsage, extendedKeyUsage, OCSP URI, etc. I can't imagine why it does not work as-is. Have you imported the root certificates?

Kind regards,
- David McIlwraith 
<archaios AT>



Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Archive powered by MHonArc 2.6.16.

Top of Page