APPS `do_X509_sign()`: is it complete w.r.t. RFC 5280 compliance? #19805

DDvO · 2022-12-01T12:14:09Z

Meanwhile, do_X509_sign() makes sure that, by default, subject key identifier (SKID) and issuer key identifier (AKID) are added as far as required by RFC 5280. I also makes sure that X.509 version 3 is set whenever X.509 extensions are included.

Is there anything else the function should do for ensuring RFC 5280 compliance for new certs by default?

The text was updated successfully, but these errors were encountered:

DDvO · 2022-12-01T12:14:18Z

This is a spin-off from #16006.

…9805

Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #21086)

DDvO added the issue: question The issue was opened to ask a question label Dec 1, 2022

DDvO mentioned this issue Dec 1, 2022

CMP+CRMF: Re-formulate and (re-)add some comments removed by PR #15539 #16006

Closed

t8m added triaged: question The issue contains a question and removed issue: question The issue was opened to ask a question labels Dec 1, 2022

DDvO added a commit to siemens/openssl that referenced this issue May 30, 2023

apps.c: add comment to do_X509_sign() referring to question openssl#1…

b2eaa9c

…9805

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

APPS `do_X509_sign()`: is it complete w.r.t. RFC 5280 compliance? #19805

APPS `do_X509_sign()`: is it complete w.r.t. RFC 5280 compliance? #19805

DDvO commented Dec 1, 2022

DDvO commented Dec 1, 2022

APPS do_X509_sign(): is it complete w.r.t. RFC 5280 compliance? #19805

APPS do_X509_sign(): is it complete w.r.t. RFC 5280 compliance? #19805

Comments

DDvO commented Dec 1, 2022

DDvO commented Dec 1, 2022

APPS `do_X509_sign()`: is it complete w.r.t. RFC 5280 compliance? #19805

APPS `do_X509_sign()`: is it complete w.r.t. RFC 5280 compliance? #19805