How to add CT Precertificate SCTs to a server certificate?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Apr 20, 2015 at 01:57:47PM +0000, Salz, Rich wrote:

> > How do we use `openssl req` and a CONF file to add the information
> > (assuming we already have the certified timestamps)?
> 
> Ouch, that's gonna be nasty.  Look at ASN1_generate_nconf.pod  Most likely have to use the SEQUENCE type, recursively.  Ouch indeed.
> 
> A patch to let you specify the DER directly would be useful.

No patch required:

    http://web.mit.edu/crypto/openssl.cnf

    # DER hex encoding of an extension: beware experts only!
    # obj=DER:02:03
    # Where 'obj' is a standard or added object
    # You can even override a supported extension:
    # basicConstraints= critical, DER:30:03:01:01:FF

-- 
	Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux