On 10.03.2022 20:17, Michael Ströder via openssl-users wrote:
>
> Are you 100% sure all the software used by your relying participants is
> capable of handling the X509v3 extensions involved?
>
> In practice I saw software miserably fail validating such certs and CRLs. Or
> also CAs failed to gen
am I missing? Any hints would be greatly appreciated!
Kind regards,
edr
[1] https://datatracker.ietf.org/doc/html/rfc5280#section-5.3.3
[2] https://www.openssl.org/docs/man3.0/man1/openssl-ca.html
[3]
https://github.com/openssl/openssl/blob/5979596247a73d1aec7310e4da0b6023ffd79623/apps/ca.c#L2165
