This question is regarding the extended key usage
extension implementation which differs from the
specification [RFC 2459].

I read RFC 2459 in
http://www.faqs.org/rfcs/rfc2459.html section
Extended key usage field.=20

It says that "If the extension is flagged
non-critical, then it indicates the intended purpose
or purposes of the key, and may be used in finding the
correct key/certificate of an entity that has multiple
keys/certificates. It is an advisory field and does
not imply that usage of the key is restricted by the
certification authority to the purpose indicated.
Certificate using applications may nevertheless
require that a particular purpose be indicated in
order for the certificate to be acceptable to that

But in
it says that openssl uses the key only for the
specified purpose, if the extended key usage is
present regardless of whether it is critical or not.

So, my question is why is openssl acting as if
extended key usage is critical even though it is
marked as non-critical?

Durga Prasad

Durga Prasad Jammula
webpage : http://durgaprasad.wordpress.com

__________________________________________________ _________________=
Shape Yahoo! in your own image. Join our Network Research Panel today! =

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org