Skip Menu |
 

This queue is for tickets about the Crypt-OpenSSL-CA CPAN distribution.

Report information
The Basics
Id: 83507
Status: new
Priority: 0/
Queue: Crypt-OpenSSL-CA

People
Owner: Nobody in particular
Requestors: Johan.Finnved [...] cygate.se
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: The CRL numbers in Crypt-OpenSSL-CA-0.23/examples/make-crls.pl violates RFC3280
Date: Thu, 21 Feb 2013 09:52:28 +0000
To: "bug-Crypt-OpenSSL-CA [...] rt.cpan.org" <bug-Crypt-OpenSSL-CA [...] rt.cpan.org>
From: Johan Finnved <Johan.Finnved [...] cygate.se>
Download (untitled) / with headers
text/plain 924b
Hello The CRL numbers in the example violates 5.2.3 and 5.2.4 of RFC3280. Using make-crls.pl as an example on how to generate delta CRL can be misleading for novice users. Violation of 5.2.3: Since the two CRLs generated do not convey the same revocation status and have different 'This Update' they can not share the same 'CRL number'. Violation of 5.2.4: The fields 'CRL number' and 'Delta CRL Indicator' cannot be identical. In fact 'Delta CRL Indicator' must contain the 'CRL number' of a earlier complete CRL, so numerically 'Delta CRL Indicator' must be less than 'CRL number'. So the complete CRL could have a CRL number 0xdeadbeefdeadbeefdeadbeefcafe0000 and the delta CRL could have CRL number 0xdeadbeefdeadbeefdeadbeefcafe0001 and Delta CRL Indicator 0xdeadbeefdeadbeefdeadbeefcafe0000 Greetings Johan Finnved Konsult Cygate AB Röntgenvägen 2, 171 54 Solna växel: 010-8787000 direktnr: 010-8787249


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.