Skip Menu |

This queue is for tickets about the Crypt-OpenSSL-CA CPAN distribution.

Report information
The Basics
Id: 83507
Status: new
Priority: 0/
Queue: Crypt-OpenSSL-CA

Owner: Nobody in particular
Requestors: Johan.Finnved [...]

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

Subject: The CRL numbers in Crypt-OpenSSL-CA-0.23/examples/ violates RFC3280
Date: Thu, 21 Feb 2013 09:52:28 +0000
To: "bug-Crypt-OpenSSL-CA [...]" <bug-Crypt-OpenSSL-CA [...]>
From: Johan Finnved <Johan.Finnved [...]>
Download (untitled) / with headers
text/plain 924b
Hello The CRL numbers in the example violates 5.2.3 and 5.2.4 of RFC3280. Using as an example on how to generate delta CRL can be misleading for novice users. Violation of 5.2.3: Since the two CRLs generated do not convey the same revocation status and have different 'This Update' they can not share the same 'CRL number'. Violation of 5.2.4: The fields 'CRL number' and 'Delta CRL Indicator' cannot be identical. In fact 'Delta CRL Indicator' must contain the 'CRL number' of a earlier complete CRL, so numerically 'Delta CRL Indicator' must be less than 'CRL number'. So the complete CRL could have a CRL number 0xdeadbeefdeadbeefdeadbeefcafe0000 and the delta CRL could have CRL number 0xdeadbeefdeadbeefdeadbeefcafe0001 and Delta CRL Indicator 0xdeadbeefdeadbeefdeadbeefcafe0000 Greetings Johan Finnved Konsult Cygate AB Röntgenvägen 2, 171 54 Solna växel: 010-8787000 direktnr: 010-8787249

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to