[Help-gnutls] gnutls_x509_crt_set_version documentation suggestion

[Florian Weimer]

It might be a good idea to add the following information to the
documentation for gnutls_x509_crt_set_version:

  To create well-formed certificates, you must specify version 3 if
  you use any certificate extensions.  Extensions are created by
  functions such as gnutls_x509_crt_set_subject_alternative_name or
  gnutls_x509_crt_set_key_usage.

(I don't know if GNUTLS supports the v2 extensions.)

GNUTLS doesn't check if a v1 certificate contains any extensions, but
other X.509 implementations do.  If you ever run into the "no more
data allowed for version 1 certificate" error message (or,
alternatively, "java.lang.Object cannot be cast to
gnu.java.security.OID"), you know where to look.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99