[openssl-users] upgrade to 1.0.1r breaks script that worked for years. Config issue?
lists at rustichelli.net
Sun Feb 28 16:25:30 UTC 2016
On 02/24/2016 08:50 PM, Dr. Stephen Henson wrote:
> On Wed, Feb 24, 2016, lists wrote:
>> extensions = x509v3
>> [ x509v3 ]
>> keyUsage = digitalSignature
>> extendedKeyUsage = clientAuth,emailProtection
>> crlDistributionPoints = URI:http://ldap.secure-edge.com/secure-edge-ca.crl
>> subjectAltName = email:copy
>> basicConstraints = CA:false,pathlen:0
> While this isn't the cause of your problem you should NOT use pathelen if you
> have CA:false. An application might reject such a certificate due to
> inconsistent extension values.
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
You're definitely right. Thanks.
More information about the openssl-users