Well, lets request that in openvpn then.
Den torsdag 2.feb kl. 13:47 skrev yquenechdu@xxxxxxxxxxxx:
Okay, so OpenVPN should drop support for PEM and only use DER?
t is necessary to be able to ensure interoperability, therefore the
PEM remains still necessary. On the other hand, the format by default
should be DER instead of the PEM. That implies that OpenVPN should
integrate in the part -- crl-verify the command -- inform DER by
and to support it.
Den torsdag 2.feb kl. 12:44 skrev yquenechdu@xxxxxxxxxxxx:
Den onsdag 1.feb kl. 16:00 skrev yquenechdu@xxxxxxxxxxxx:
I would add following Jon, that to validate a CRL, the file
transformed into DER to analyze the ASN.1 contained in this one.
Format PEM thus becomes useless. All CA of the market provide
this is the format by default for LCR, it has yet only OpenSSL
use PEM in the LCR.
Why _MUST_ it be in DER format? Do you have any more documentation?
What is this ASN.1 that you keep talking about?
RFC3280 Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile :
- The CRL file MUST contain a single DER encoded CRL (indicated
.crl file extension) as specified in [RFC 2585]
- The X.509 v2 CRL syntax is as follows. For signature calculation,
the data that is to be signed is ASN.1 DER encoded. ASN.1 DER
encoding is a tag, length, value encoding system for each
Openvpn-users mailing list