> As I have no real clue what to do with such an extension when verifying
> a certificate I would simply ignore it.


Hm... If the certificate issuer thought the extension could just be
ignored, they probably wouldn't mark it as critical.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org