[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-dev
Subject: Re: CRL Reason Code
From: Dr Stephen Henson <drh () celocom ! com>
Date: 1999-06-25 12:04:43
[Download RAW message or body]
Dror Otmi wrote:
>
> >
> >> Is there a way to add the revocation reason code to a CRL generated
> by
> >> OpenSSL???
> >>
>
> >Not using "openssl ca -gencrl" generated CRLs: this would need a couple
>
> >of extra fields in the text database.
>
> >If you are generating CRLs in some other way then you can use the
> >extension code to manually generate the extensions and add them to the
> >relevant CRL entries.
>
> I'm using "openssl ca -gencrl" and did reckoned the text database
> should include an additional information.
> It might sound stupid (I'm a layman on this field) but why a couple of
> fields?
> Wouldn't one be enough?
>
Well strictly speaking just for CRL reason code yes. However there are
two other related entry extensions. If the reason is certificateHold
then a hold instruction code can be included as a separate extension.
Similarly if the reason is keyCompromise then an Invalidity Date can be
included.
> Is it an open issue for the coming up versions?
> If not, I might try to do it myself, in this case could you give me a
> few hints
> on how to use the extension code you mentioned?
>
Yes I plan to add support at some point.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: shenson@drh-consultancy.demon.co.uk
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: drh@celocom.com PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic