> From: owner-openssl-us...@openssl.org On Behalf Of Satish Chandra Kilaru > Sent: Wednesday, 17 June, 2009 13:50
> In the following sample certificate, there is a tun of > information before --BEGIN CERTIFICATE--. > Who is this for? Is it for a human reader to make sense of > who/what this certificate is certifying? Yes. Who, by whom, when, for what usage, etc. It's optional. Some openssl operations do write it, some don't. Other programs may not (the ones I know of don't). It can always be re-generated from the actual cert by x509 -text . > If it is for a s/w > program that uses certificates, how is this information > supposed to be used? > Programs generally should use the actual cert. Though if the files consistently contain (are caused to contain) this optional additional information, I can think of a few operations that might be programmed, or (more likely?) scripted in awk or perl or similar, that could make use of it, like: - is a particular extension present? - when is the validity end aka expiration? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
