rfc5280 证书中是否可以有多个相同的 CHOICE 字段?
Can there be multiples of the same CHOICE field in a rfc5280 certificate?
我目前正在验证我的证书实施是否符合 RFC5280。
通用名称定义为:
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER }
现在我找不到 CHOICE 关键字的定义。我的证书是否可能包含多个目录名称或 URI 字段?还是选择意味着以下任何一种但不超过一次?
Is it possible for my certificate to contain multiple directoryName-, or URI-fields?
是的。
Or does choice mean any of the below but not more than once?
也是。
一个选择就是一个选择。它可能在某处的文档中简洁地说明了这一点,但 ITU-T X.680 总是将选项称为单个值,例如:
29.8 The choice type contains values which do not all have the same tag. (The tag depends on the alternative which contributed the value to the choice type.)
(emphasis mine)
证书可以包含多个 directoryName/etc 值,因为诸如主题备用名称扩展之类的东西没有 GeneralName 值,它们有 GeneralNames 值。当然,GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
我目前正在验证我的证书实施是否符合 RFC5280。
通用名称定义为:
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER }
现在我找不到 CHOICE 关键字的定义。我的证书是否可能包含多个目录名称或 URI 字段?还是选择意味着以下任何一种但不超过一次?
Is it possible for my certificate to contain multiple directoryName-, or URI-fields?
是的。
Or does choice mean any of the below but not more than once?
也是。
一个选择就是一个选择。它可能在某处的文档中简洁地说明了这一点,但 ITU-T X.680 总是将选项称为单个值,例如:
29.8 The choice type contains values which do not all have the same tag. (The tag depends on the alternative which contributed the value to the choice type.)
(emphasis mine)
证书可以包含多个 directoryName/etc 值,因为诸如主题备用名称扩展之类的东西没有 GeneralName 值,它们有 GeneralNames 值。当然,GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName