Ulf Moeller via RT wrote:
> The certificate encoding is in fact ok:
>
> 2716 8: OBJECT IDENTIFIER qcStatements (1 3 6 1 5 5
> 7 1 3)
> 2726 1: BOOLEAN TRUE
> 2729 24: OCTET STRING, encapsulates {
> 2731 22: SEQUENCE {
> 2733 10: SEQUENCE {
> 2735 8: OBJECT IDENTIFIER
> : pkixQCSyntax-v1 (1 3 6 1 5 5 7 11 1)
> : }
> 2745 8: SEQUENCE {
> 2747 6: OBJECT IDENTIFIER
> : etsiQcsCompliance (0 4 0 1862 1 1)
> : }
> : }
> : }
> : }
>
> Google doesn't find the defintion of "etsiQcsCompliance", so I don't
> know what would be required to implement the extension.


in the isis-mtt context this extension is called "id-etsi-qcs-QcCompliance"
(see http://www.isis-mtt.t7-isis.org/ in case you have too much time to
waste ;-) .Afaik it simply means that the CA who issued the certificate
must be in compliance with ETSI TS 101 456 v1.1.1 ("Policy Requirements for
Certification Authorities Issuing Qualified Certificates").
As I have no real clue what to do with such an extension when verifying
a certificate I would simply ignore it.

Cheers,
Nils

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org