From 41ab0ccecd68232e196efae5e224b31ca104c423 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 6 Dec 2024 16:02:12 +0000 Subject: [PATCH] upstream: clarify encoding of options/extensions; bz2389 OpenBSD-Commit-ID: c4e92356d44dfe6d0a4416deecb33d1d1eba016c --- PROTOCOL.certkeys | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index 68622e607..0a212c635 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys @@ -231,10 +231,15 @@ is a sequence of zero or more tuples: Options must be lexically ordered by "name" if they appear in the sequence. Each named option may only appear once in a certificate. -The name field identifies the option and the data field encodes -option-specific information (see below). All options are -"critical"; if an implementation does not recognise a option, -then the validating party should refuse to accept the certificate. +The name field identifies the option. The data field contains +option-specific information encoded as zero or more values inside +the string. I.e. an empty data field would be encoded as a zero- +length string (00 00 00 00), and data field that holds a single +string value "a" would be encoded as (00 00 00 05 00 00 00 01 65). + +All options are "critical"; if an implementation does not recognise +a option, then the validating party should refuse to accept the +certificate. Custom options should append the originating author or organisation's domain name to the option name, e.g. "my-option@example.com". @@ -318,4 +323,4 @@ permit-user-rc empty Flag indicating that execution of of this script will not be permitted if this option is not present. -$OpenBSD: PROTOCOL.certkeys,v 1.19 2021/06/05 13:47:00 naddy Exp $ +$OpenBSD: PROTOCOL.certkeys,v 1.20 2024/12/06 16:02:12 djm Exp $ -- 2.47.3