Contact Details

No response

Version

I am using version 0.1.7 of the wolfssl Command Line Utility. Linked to wolfSSL version 5.7.6

Description

Hello Developer,

I encountered an issue while using wolfclu to process a CRL file with the AKI extension. After consulting with the developer, I was provided with a CRL file containing the AKI extension that wolfclu can parse, namely ca-int.pem. I was able to successfully parse this CRL file. However, when I generated a new CRL file, crl_extention_test.pem, containing only the AKI extension field and the CRL number field, wolfclu returned an error.

Upon comparing ca-int.pem and crl_extention_test.pem, I found that the only difference was the order in which the CRL number field and the AKI extension field appeared in the CRL extension section. So, I attempted to create another CRL file, crl_extention_test1.pem, with the extension fields in the same order as in ca-int.pem. WolfSSL successfully parsed crl_extention_test1.pem, and OpenSSL was able to successfully parse both crl_extention_test.pem and crl_extention_test1.pem.

Reproduction steps

wolfssl crl -in crl_extention_test.pem -text
wolfssl crl -in crl_extention_test1.pem -text

crl_extention_test.zip

Relevant log output