[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] gnutls_x509_crt_set_version documentation suggestion

From: Florian Weimer
Subject: [Help-gnutls] gnutls_x509_crt_set_version documentation suggestion
Date: Wed, 14 Mar 2007 11:03:31 +0100

It might be a good idea to add the following information to the
documentation for gnutls_x509_crt_set_version:

  To create well-formed certificates, you must specify version 3 if
  you use any certificate extensions.  Extensions are created by
  functions such as gnutls_x509_crt_set_subject_alternative_name or

(I don't know if GNUTLS supports the v2 extensions.)

GNUTLS doesn't check if a v1 certificate contains any extensions, but
other X.509 implementations do.  If you ever run into the "no more
data allowed for version 1 certificate" error message (or,
alternatively, "java.lang.Object cannot be cast to"), you know where to look.

Florian Weimer                <address@hidden>
BFK edv-consulting GmbH
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

reply via email to

[Prev in Thread] Current Thread [Next in Thread]