How to set CRL number, and authority key id extensions.

Simon Josefsson simon at josefsson.org
Sun Oct 5 16:36:41 CEST 2008


Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> writes:

> Nikos Mavrogiannopoulos wrote:
>> David Marín Carreño wrote:
>>> Hi all.
>>>
>>> I'm the main developer of gnoMint, a graphical Certification Authority
>>> managing tool.
>>>
>>> I would like to set authority key id extension, and number extension,
>>> for each one of the created CRLs.
>>>
>>> Currently, the generated CRLs are not compliant with RFC5280, as it
>>> says in pages 60 and 61, that these extensions are a MUST for CRLs
>>> made by complying CAs.
>>> Do you plan to include CRL extensions?
>
> I have checked the issue and it seems that most of the functionality
> already existed for CRL extension handling. I have commited a patch on
> the current code base which adds this support. This is not a big change,
> since it only adds functions, however it is up to Simon to decide on
> whether this will be included on the upcoming release.

It is really too late for 2.6.x, I want to release tomorrow.  There is
no reason why we couldn't have a short gnutls 2.7.x cycle though, I'm
not aware of any major pending changes?  We could set a release goal for
2.8.x on January 1th.

/Simon





More information about the Gnutls-devel mailing list