Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Multiple CRL Distribution Points ?

681 views
Skip to first unread message

Stephane Spahni

unread,
Nov 28, 2002, 9:28:39 AM11/28/02
to
Hello,

I am trying to generate a certificate with two CRL Distribution points.
But the problem is that I generate two SEQUENCE instead of one containing
the two distribution points. How could I do it correctly ? Do I need to
encode all the stuff at hand ?

Thanks !

Stephane

PS: The reason why I want to use two CRL DP is that I want to provide the
CRL in both DER and BASE64 formats.

--
------------------------------------------------------------------------------
Dr. Sc. Stephane Spahni Hopitaux Universitaires de Geneve
eMail: <Stephan...@hcuge.ch> Division d'informatique medicale (DIM)
Tel: (+41 22) 372 62 78 24 rue Micheli-du-Crest
Fax: (+41 22) 372 61 98 CH-1211 Geneve 4
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Muralidhar K (SSG) - CTD, Chennai.

unread,
Nov 28, 2002, 9:36:55 AM11/28/02
to
The CRL Distribution points is a list of CRL distribution point.
You need to create a single CRL Distribution points list and add each CRL
distribution point.

Basically the syntax is

cRLDistributionPoints ::= {
CRLDistPointsSyntax
}

CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint

DistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
reasons [1] ReasonFlags OPTIONAL,
cRLIssuer [2] GeneralNames OPTIONAL
}

DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName
}

ReasonFlags ::= BIT STRING {
unused (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6)
}

Regards,
Murali

Karl-Michael Werzowa

unread,
Nov 28, 2002, 11:19:40 AM11/28/02
to
Hi, Stephane!

Use

crlDistributionPoints=@crl_section
....

[crl_section]
URI.1=.....
URI.2=.....
URI.3=.....

Best regards,
Michael

Am 2002-11-28 15:24 Uhr schrieb "Stephane Spahni" unter
<stephan...@hcuge.ch>:

> Hello,
>
> I am trying to generate a certificate with two CRL Distribution points.
> But the problem is that I generate two SEQUENCE instead of one containing
> the two distribution points. How could I do it correctly ? Do I need to
> encode all the stuff at hand ?
>
> Thanks !
>
> Stephane
>
> PS: The reason why I want to use two CRL DP is that I want to provide the
> CRL in both DER and BASE64 formats.

--
************************************************************************
Karl-Michael Werzowa
A-1190 Wien, Paradisgasse 28/4/6
+43 (664)302 4511, fax +43 (1)328 1992 14
mi...@werzowa.at, michael...@bmi.gv.at
************************************************************************

0 new messages