request for certificate extension
Werner Koch
wk at gnupg.org
Fri Jan 5 12:10:38 CET 2007
On Thu, 4 Jan 2007 06:25, kazu at iij.ad.jp said:
> ----
> gpgsm: Signature made 2006-12-22 13:47:37 using certificate ID 64C04082
> gpgsm: critical certificate extension 2.5.29.17 is not supported
> gpgsm: invalid certification chain: Unsupported certificate
> ----
Never seen the subjectAltName marked as critical. Of course we
support it. If it is possible, I'd appreciate to get such a
certificate by PM for use with the regression tests. Patch below.
Shalom-Salam,
Werner
--- sm/certchain.c (revision 4389)
+++ sm/certchain.c (working copy)
@@ -137,6 +137,12 @@
{
static const char *known[] = {
"2.5.29.15", /* keyUsage */
+ "2.5.29.17", /* subjectAltName
+ Japanese DoCoMo certs mark them as critical. PKIX
+ only requires them as critical if subjectName is
+ empty. I don't know whether our code gracefully
+ handles such empry subjectNames but that is
+ another story. */
"2.5.29.19", /* basic Constraints */
"2.5.29.32", /* certificatePolicies */
"2.5.29.37", /* extendedKeyUsage - handled by certlist.c */
More information about the Gnupg-devel
mailing list