Re: [Openvpn-users] RE: Request: --crl-verify in DER format

[Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>]

Well, lets request that in openvpn then.


JonB

Den torsdag 2.feb kl. 13:47 skrev yquenechdu@xxxxxxxxxxxx:

> > Okay, so OpenVPN should drop support for PEM and only use DER?
>
> t is necessary to be able to ensure interoperability, therefore the  
> use of
> PEM remains still necessary. On the other hand, the format by default
> should be DER instead of the PEM. That implies that OpenVPN should
> integrate in the part -- crl-verify the command -- inform DER by  
> default
> and to support it.
>
> Cheers
> Yannick quenec'hdu
> > JonB
> >
> > Den torsdag 2.feb kl. 12:44 skrev yquenechdu@xxxxxxxxxxxx:
> >
> > > > Den onsdag 1.feb kl. 16:00 skrev yquenechdu@xxxxxxxxxxxx:
> > > >
> > > > > Hi,
> > > > >
> > > > > I would add following Jon, that to validate a CRL, the file  
> > > > > must be
> > > > > transformed into DER to analyze the ASN.1 contained in this one.
> > > > >  Format PEM thus becomes useless. All CA of the market provide  
> > > > > only
> > > > > DER.
> > > > > this is the format by default for LCR,  it has yet only OpenSSL
> > > > > there to
> > > > > use PEM in the LCR.
> > > >
> > > > Why _MUST_ it be in DER format? Do you have any more documentation?
> > > > What is this ASN.1 that you keep talking about?
> > > RFC3280 Internet X.509 Public Key Infrastructure Certificate and
> > > Certificate Revocation List (CRL) Profile :
> > >
> > > - The CRL file MUST contain a single DER encoded CRL (indicated  
> > > by the
> > > .crl file extension) as specified in [RFC 2585]
> > >
> > > - The X.509 v2 CRL syntax is as follows.  For signature calculation,
> > >    the data that is to be signed is ASN.1 DER encoded.  ASN.1 DER
> > >    encoding is a tag, length, value encoding system for each  
> > > element.
> > >
> > > Cheers
> > > Yannick


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users