[openssl-users] x509 extension support

Freemon Johnson freemonj at gmail.com
Fri Jan 6 18:11:44 UTC 2017


Can anyone help me in discerning which version of openssl supports
and sbgp-ipAddrBlock? If it has been deprecated then providing the
alternative would be greatly appreciated.

A sample openssl.cnf is provided below. When I perform a request for req it
fails because of the objects described above. The version of openssl I am
using when attempting this req generation is version OpenSSL 1.0.2g  1 Mar

[req]default_bits            = 2048default_md              =
sha256distinguished_name      = req_dnprompt                  =
noencrypt_key             = no
[req_dn]CN                      = Testbed RPKI root certificate
[x509v3_extensions]basicConstraints        =
critical,CA:truesubjectKeyIdentifier    = hashkeyUsage
= critical,keyCertSign,cRLSignsubjectInfoAccess       =
@siacertificatePolicies     =
critical,   =
critical, at rfc3779_asnssbgp-ipAddrBlock        =
critical, at rfc3997_addrs
[sia];URI  =
rsync://example.org/rpki/root/;URI =
[rfc3779_asns]AS.0 = 64496-64511AS.1 = 65536-65551
[rfc3997_addrs]IPv4.0 = = = IPv6.0 = 2001:0DB8::/32


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170106/7c976069/attachment.html>

More information about the openssl-users mailing list