Yes, i read it
For first point, i think that there is not ths same subject and issuer,
like final autosign certificat of AC ?
For second point, after translating, it's more difficult for me to
understand "keyusage" not to be include ;-)
Thanks
Dr Franck ROUSSIA
Dr. Stephen Henson a écrit :
On Wed, Jan 16, 2008, rfx wrote:
I make new path using hash name/ ".0" extension for certificat/".r0"
extension for CRL
The function: 'verify -CApath @CRLCA\ -issuer_checks -crl_check
"SignCertPEM.cer"
The result is :
SignCertPEM.cer:
/C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK
error 29 at 0 depth lookup:subject issuer mismatch
/C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK
error 29 at 0 depth lookup:subject issuer mismatch
/C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK
error 29 at 0 depth lookup:subject issuer mismatch
/C=FR/O=GIP-CPS/OU=GIP-CPS PROFESSIONNEL/CN=GIP-CPS CLASSE-1
error 29 at 0 depth lookup:subject issuer mismatch
/C=FR/O=GIP-CPS/OU=M\xE9decin/CN=0081013443/SN=ROUSSIA/GN=FRANCK
error 35 at 0 depth lookup:key usage does not include CRL signing
Two questions :
1) Why the "subject issuer mismatch" error ? also when the result is OK
2) For this example what mean the error "key usage does not include CRL
signing" ?
Read the manual page entry for the diagnostic option -issuer_checks
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
