diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-07 19:37:46 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-10 15:19:55 +0100 |
commit | 1a683b80dc9ad4dcbf206a0617364a9d614a9883 (patch) | |
tree | 489d4cc0bfbb0664cd692e95ab0c175aa8b3ebd3 /providers/fips/self_test_kats.c | |
parent | 98ba251fe6f49fc2ee310f6e559c3431922fa16d (diff) |
apps/{ca,req,x509}.c: Improve diag and doc mostly on X.509 extensions, fix multiple instances
This includes a general correction in the code (now using the X509V3_CTX_REPLACE flag)
and adding a prominent clarification in the documentation:
If multiple entries are processed for the same extension name,
later entries override earlier ones with the same name.
This is due to an RFC 5280 requirement - the intro of its section 4.2 says:
A certificate MUST NOT include more than one instance of a particular extension.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)
Diffstat (limited to 'providers/fips/self_test_kats.c')
0 files changed, 0 insertions, 0 deletions