We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Documentation says:
Net::SSLeay::P_X509_CRL_add_revoked_serial_hex($crl, $serial_hex, $rev_time, $reason_code, $comp_time); # $crl - value corresponding to openssl's X509_CRL structure # $serial_hex - string (hexadecimal) representation of serial number # $rev_time - (revocation time) value corresponding to openssl's ASN1_TIME structure # $reason_code - [optional] (integer) reason code (see below) - default 0 # $comp_time - [optional] (compromise time) value corresponding to openssl's ASN1_TIME structure # # returns: no return value reason codes: 0 - unspecified 1 - keyCompromise 2 - CACompromise 3 - affiliationChanged 4 - superseded 5 - cessationOfOperation 6 - certificateHold 7 - removeFromCRL
The correct values (from RFC 5280) are:
CRLReason ::= ENUMERATED { unspecified (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6), -- value 7 is not used removeFromCRL (8), privilegeWithdrawn (9), aACompromise (10) }
Note that there is no value 7. This is different from reason flags on page 47 of RFC 5280:
ReasonFlags ::= BIT STRING { unused (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6), privilegeWithdrawn (7), aACompromise (8) }
In my testing, the P_X509_CRL_add_revoked_serial_hex uses the first set of values.
The text was updated successfully, but these errors were encountered:
GH-397 SSLeay.pod: Correct CRL revocation reasons P_X509_CRL_add_revo…
c1cd344
…ked_serial_hex. SSLeay.pod incorrectly listed CRL DistributionPoint ReasonFlags as values for certificate revocation reason.
685983d
Successfully merging a pull request may close this issue.
Documentation says:
The correct values (from RFC 5280) are:
Note that there is no value 7. This is different from reason flags on page 47 of RFC 5280:
In my testing, the P_X509_CRL_add_revoked_serial_hex uses the first set of values.
The text was updated successfully, but these errors were encountered: