[openssl-users] upgrade to 1.0.1r breaks script that worked for years. Config issue?
Dr. Stephen Henson
steve at openssl.org
Wed Feb 24 19:50:18 UTC 2016
On Wed, Feb 24, 2016, lists wrote:
>
> extensions = x509v3
>
> [ x509v3 ]
> keyUsage = digitalSignature
> extendedKeyUsage = clientAuth,emailProtection
> crlDistributionPoints = URI:http://ldap.secure-edge.com/secure-edge-ca.crl
> subjectAltName = email:copy
> basicConstraints = CA:false,pathlen:0
While this isn't the cause of your problem you should NOT use pathelen if you
have CA:false. An application might reject such a certificate due to
inconsistent extension values.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list