Thanks a lot Dave. That helped.
Bye
Dirk
On 23.11.2017 18:04, Dave Coombs wrote:
> Hi Dirk,
>
> First point: you are populating distpoint->name.relativename (which is a
> union member) but setting the discriminator distpoint->type to 0, which
> indicates to use fullname rather than relativenam
Hi Dirk,
First point: you are populating distpoint->name.relativename (which is a union
member) but setting the discriminator distpoint->type to 0, which indicates to
use fullname rather than relativename. So your structure will not be
interpreted correctly.
In any case, I think you want to p
Thanks Dave,
It seems that I do something wrong when filling the STACK_OF(DIST_POINT):
X509_NAME_ENTRY *nameEntry = X509_NAME_ENTRY_new();
X509_NAME_ENTRY_set_data (nameEntry, V_ASN1_IA5STRING /*MBSTRING_ASC*/, (const
unsigned char*) "http://example.com/";, 19);
S
Hi,
You can use X509V3_EXT_i2d(NID_crl_distribution_points, critical, sk) where sk
is a STACK_OF(DIST_POINT) that you have previously filled with multiple URIs.
Cheers,
-Dave
> On Nov 22, 2017, at 06:58, Dirk Menstermann wrote:
> Hi,
>
> can anybody share example code to add more than 1 CR
Hi,
can anybody share example code to add more than 1 CRL distribution point to a
certificate?
The below works only for one URI:
X509_EXTENSION *ext = X509V3_EXT_conf_nid (NULL, &v3ctx,
NID_crl_distribution_points, (char*) "URI:http://exmaple.com/crl";);
X509_add_ext (certificate, ext, -1);
Tha
Dear all:
I am new in openssl. I have some questions regarding to 'CRL Distribution
Points extension'. I did read the RFC. but it makes me more confused. :-(.
a) a certificate has one and only one 'CRL Distribution Points extension'.
What's configured in this extensi
enssl-users@openssl.org
> Betreff: Re: Parsing certificate to find CRL distribution points
>
> Hi Frank
>
> On May 6, 2008 03:57:01 am Wockenfuß, Frank wrote:
> > Hi all,
> >
> > I have a problem getting the distribution points out of a X509
> > certificate program
ing the certificate I want to look for in the CRL.
> But how do I go on to get the CRL distribution points out of the X509
> extensions?
>
Take a look at the X.509 handling code in WvStreams.
http://code.google.com/p/wvstreams/
it's in the crypto subdirectory of the main source ta
distribution points out of the X509 extensions?
Best regards
Frank Wockenfuß
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
Thanks. I actually uses two config files. Once I update the other config
file, the certificate has both Distribution Points.
Ted Zeng
On 11/10/07 5:36 AM, "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
> On Fri, Nov 09, 2007, Ted Zeng wrote:
>
>>
>> Hi,
>>
>> I use Mac OS X 10.4.10 to cre
On Fri, Nov 09, 2007, Ted Zeng wrote:
>
> Hi,
>
> I use Mac OS X 10.4.10 to create a certificate with two DRL distribution
> points. I have been able to create certs with one distribution point.
>
> Here is how I set in the conf file:
>
> [ certificate_extensions ]
> basicConstraints = CA:
I take the information from this web page:
http://www.openssl.org/docs/apps/x509v3_config.html
Which has the following:
crlDistributionPoints=URI:http://myhost.com/myca.crl
crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
Ted Zeng
Adobe Systems Inc.
On 11/9/07 8:31 PM, "R
Ted Zeng wrote:
> Hi,
>
> I use Mac OS X 10.4.10 to create a certificate with two DRL distribution
> points. I have been able to create certs with one distribution point.
>
> Here is how I set in the conf file:
>
> [ certificate_extensions ]
> basicConstraints = CA:false
> extendedKeyUsage
Hi,
I use Mac OS X 10.4.10 to create a certificate with two DRL distribution
points. I have been able to create certs with one distribution point.
Here is how I set in the conf file:
[ certificate_extensions ]
basicConstraints = CA:false
extendedKeyUsage =codeSigning
crlDistributionPoin
Hi, Stephane!
Use
crlDistributionPoints=@crl_section
[crl_section]
URI.1=.
URI.2=.
URI.3=.
Best regards,
Michael
Am 2002-11-28 15:24 Uhr schrieb "Stephane Spahni" unter
<[EMAIL PROTECTED]>:
> Hello,
>
> I am trying to generate a certificate with tw
The CRL Distribution points is a list of CRL distribution point.
You need to create a single CRL Distribution points list and add each CRL
distribution point.
Basically the syntax is
cRLDistributionPoints ::= {
CRLDistPointsSyntax
}
CRLDistPointsSyntax ::= SEQUENCE SIZE (1
Hello,
I am trying to generate a certificate with two CRL Distribution points.
But the problem is that I generate two SEQUENCE instead of one containing
the two distribution points. How could I do it correctly ? Do I need to
encode all the stuff at hand ?
Thanks !
Stephane
PS: The reason why I
In message <[EMAIL PROTECTED]> on Wed, 15 May 2002
14:06:41 +0200, "Maxime Dubois" <[EMAIL PROTECTED]> said:
maxime.dubois> I have 3 CAs: 1 rootCA and two sub CAs (subCA1 and subCA2) signed by
rootCA.
maxime.dubois> The CDP in subCA1 and subCA2 certs points to the rootCA CRL.
maxime.dubois> The
Hi,
A x509v3 certificate can have more than one CRL Distribution Point
Extensions, in this case is it certain that all the Distribution Points
corresponds to the same CRL.
Thanks
Aslam
__
OpenSSL Project
You can add any URL or URN identifiers.
However, some applications may or may not recognize your identifier.
If your application is Netscape Navigator or IE, there are no
problems sice both supports LDAP URL schema.
Both LDAP and HTTP are the most widely used.
Reiner Buehl wrote:
>
> Hello,
>
Hello,
> All you need is to modify the openssl.cnf and insert
> a line like this in the Certificate Extensions section
>
> crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.
> oth.com/my.crl
>
> See doc/openssl.txt in the distribution source tree for more
> information.
Is a ht
All you need is to modify the openssl.cnf and insert
a line like this in the Certificate Extensions section
crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
See doc/openssl.txt in the distribution source tree for more
information.
Glenn Horton wrote:
>
>
Marco Donati wrote:
>
> i cannot handle the CRL Distribution Points with the following code:
>
[various examples omitted]
>
> Where's the mistake?
> Is there any FAQ or documentation on these functions?
>
You can try and do what this code is attempting: manually de
i cannot handle the CRL Distribution Points with the following code:
#include "openssl\x509.h"
#include "openssl\x509v3.h"
X509_EXTENSION*ext=NULL;
ASN1_OCTET_STRING*extValue=NULL;
STACK_OF(DIST_POINT)*crlDPStack=NULL;
X509 *x509=...a valid X509v3 certificate
extIndex
Darren Reed wrote:
>
> IE5 appears to insist on adding a number (01, etc) on the end of the
> Netscape CA Revocation Url and if not present, reports an error about
> not being able to verify the user because it can't get a CRL.
>
This is correct behaviour. See:
http://home.netscape.com/eng/sec
TO try and keep IE all nice and happy, I've included CRL URL's in
some certs I'm generating. For fun (NOT!) I've used different
extensions in the CA cert and the "user" cert:
CA:
X509v3 extensions:
X509v3 CRL Distribution Points:
26 matches
Mail list logo
