[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: gnutls_x509_crt_set_version documentation suggestion
From: |
Simon Josefsson |
Subject: |
[Help-gnutls] Re: gnutls_x509_crt_set_version documentation suggestion |
Date: |
Thu, 15 Mar 2007 12:29:58 +0100 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.94 (gnu/linux) |
Florian Weimer <address@hidden> writes:
> It might be a good idea to add the following information to the
> documentation for gnutls_x509_crt_set_version:
>
> To create well-formed certificates, you must specify version 3 if
> you use any certificate extensions. Extensions are created by
> functions such as gnutls_x509_crt_set_subject_alternative_name or
> gnutls_x509_crt_set_key_usage.
Added.
> (I don't know if GNUTLS supports the v2 extensions.)
I'm not familiar with v2 certificates... It might be possible to
create them using the GnuTLS API's.
> GNUTLS doesn't check if a v1 certificate contains any extensions, but
> other X.509 implementations do.
I've added checking this to the TODO list:
- Chain verifications.
...
- Reject extensions in v1 certificates.
/Simon