[openssl-users] x509 extension support
Freemon Johnson
freemonj at gmail.com
Fri Jan 6 18:17:08 UTC 2017
Hello,
Can anyone help me in discerning which version of openssl supports
sbgp-autonomousSysNum
and sbgp-ipAddrBlock? If it has been deprecated then providing the
alternative would be greatly appreciated.
A sample openssl.cnf is provided below. When I perform a request for req it
fails because of the objects described above. The version of openssl I am
using when attempting this req generation is version OpenSSL 1.0.2g 1 Mar
2016
[req]default_bits = 2048default_md =
sha256distinguished_name = req_dnprompt =
noencrypt_key = no
[req_dn]CN = Testbed RPKI root certificate
[x509v3_extensions]basicConstraints =
critical,CA:truesubjectKeyIdentifier = hashkeyUsage
= critical,keyCertSign,cRLSignsubjectInfoAccess =
@siacertificatePolicies =
critical,1.3.6.1.5.5.7.14.2sbgp-autonomousSysNum =
critical, at rfc3779_asnssbgp-ipAddrBlock =
critical, at rfc3997_addrs
[sia]1.3.6.1.5.5.7.48.5;URI =
rsync://example.org/rpki/root/1.3.6.1.5.5.7.48.10;URI =
rsync://example.org/rpki/root/root.mft
[rfc3779_asns]AS.0 = 64496-64511AS.1 = 65536-65551
[rfc3997_addrs]IPv4.0 = 192.0.2.0/24IPv4.1 = 198.51.100.0/24IPv4.2 =
203.0.113.0/24 IPv6.0 = 2001:0DB8::/32
Cheers,
Freemon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170106/f271aa94/attachment.html>
More information about the openssl-users
mailing list