On Mon, May 07, 2007, Metalpalo wrote: > > Hello > > I don't know but in the certificate structure I see this: > issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, > -- If present, version MUST be v2 or v3 > subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, > -- If present, version MUST be v2 or v3 > > but when i'm looking at my generated certificate i don't see any optional > attributes of type :BIT STRING >
Well since OPTIONAL components when omitted are absent you wont "see" them. Those fields are deprecated and although they are present in the X509 structure and should be parsed OK nothing in OpenSSL uses them. You'd have to manually set the fields in a custom program. The subject key identifier and authority key identifier extensions serve a similar purpose now. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
