On Fri, Sep 10, 2004, Aleix Conchillo Flaque wrote: > Hi, > > I've asn1parsed the request file. Displaying the request with MS > certutil.exe utility, I thought that there where two extensionRequest > attributes. > > But parsing the request, I've seen this: > > 455:d=4 hl=2 l= 10 prim: OBJECT :Microsoft Extension Request > ...... > > which contain keyUsage,Basic Constraints and Subject Key Identifier. > > And: > > 535:d=4 hl=2 l= 9 prim: OBJECT :Extension Request > ..... > > which seems the standard one, and contains keyUsage,Basic Constraints > and Subject Key Identifier again, plus Certificate Policies and > another extension indicating it's and intermediate CA. > > This last extensionRequest attribute is, I think, what I would need > OpenSSL to read. > > Is that right? Shouldn't OpenSSL ignore the Microsoft Extension Request? >
I've just fixed OpenSSL to check for the PKCS#9 extension request first and only use MS if its not found. This will be in the next stable snapshot. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
