<div dir="ltr"><div><div><div>Hello,<br></div>All certificates I have encountered with this extension seem to have a problem with the encoding of the distributionPoint.<br></div>According to the specs:<br><pre class="gmail-newpage"> DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName }<br><br></pre>x509 implementations seem to confuse the "GeneralNames" with "GeneralName". The distinction is that the former is a sequence consisting of one or more instances of the latter, i.e:<br><pre class="gmail-newpage">GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName</pre><br><br></div>Am I wrong about this? How does openssl parse this extension?<br></div>