diff options
| author | Ingela Anderton Andin <[email protected]> | 2010-06-11 08:21:23 +0000 |
|---|---|---|
| committer | Erlang/OTP <[email protected]> | 2010-06-11 08:21:23 +0000 |
| commit | 4d0e43b5e252b979d50c17592c08ae68ece5fa07 (patch) | |
| tree | 179408fb7b2eb80ae402a00443c5158c9c6d9428 /lib/ssl/pkix/SSL-PKIX.asn1 | |
| parent | a346eb92eb7b5bedb36768c0a63b82547919bc0b (diff) | |
| download | otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.tar.gz otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.tar.bz2 otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.zip | |
OTP-8695 New ssl default
Ssl has now switched default implementation and removed deprecated
certificate handling. All certificate handling is done by the public_key
application.
Diffstat (limited to 'lib/ssl/pkix/SSL-PKIX.asn1')
| -rw-r--r-- | lib/ssl/pkix/SSL-PKIX.asn1 | 704 |
1 files changed, 0 insertions, 704 deletions
diff --git a/lib/ssl/pkix/SSL-PKIX.asn1 b/lib/ssl/pkix/SSL-PKIX.asn1 deleted file mode 100644 index ea6333f953..0000000000 --- a/lib/ssl/pkix/SSL-PKIX.asn1 +++ /dev/null @@ -1,704 +0,0 @@ -SSL-PKIX {iso(1) identified-organization(3) dod(6) internet(1) - private(4) enterprices(1) ericsson(193) otp(19) ssl(10) - pkix1(1)} - -DEFINITIONS EXPLICIT TAGS ::= - -BEGIN - --- EXPORTS ALL - -IMPORTS - -- Certificate (parts of) - Version, - CertificateSerialNumber, - --AlgorithmIdentifier, - Validity, - UniqueIdentifier, - - -- AttribyteTypeAndValue - Name, - AttributeType, - id-at-name, - id-at-surname, - id-at-givenName, - id-at-initials, - id-at-generationQualifier, X520name, - id-at-commonName, X520CommonName, - id-at-localityName, X520LocalityName, - id-at-stateOrProvinceName, X520StateOrProvinceName, - id-at-organizationName, X520OrganizationName, - id-at-organizationalUnitName, X520OrganizationalUnitName, - id-at-title, X520Title, - id-at-dnQualifier, X520dnQualifier, - id-at-countryName, X520countryName, - id-at-serialNumber, X520SerialNumber, - id-at-pseudonym, X520Pseudonym, - id-domainComponent, DomainComponent, - id-emailAddress, EmailAddress, - - -- Extension Attributes - common-name, CommonName, - teletex-common-name, TeletexCommonName, - teletex-personal-name, TeletexPersonalName, - pds-name, PDSName, - physical-delivery-country-name, PhysicalDeliveryCountryName, - postal-code, PostalCode, - physical-delivery-office-name, PhysicalDeliveryOfficeName, - physical-delivery-office-number, PhysicalDeliveryOfficeNumber, - extension-OR-address-components, ExtensionORAddressComponents, - physical-delivery-personal-name, PhysicalDeliveryPersonalName, - physical-delivery-organization-name, PhysicalDeliveryOrganizationName, - extension-physical-delivery-address-components, - ExtensionPhysicalDeliveryAddressComponents, - unformatted-postal-address, UnformattedPostalAddress, - street-address, StreetAddress, - post-office-box-address, PostOfficeBoxAddress, - poste-restante-address, PosteRestanteAddress, - unique-postal-name, UniquePostalName, - local-postal-attributes, LocalPostalAttributes, - extended-network-address, ExtendedNetworkAddress, - terminal-type, TerminalType, - teletex-domain-defined-attributes, TeletexDomainDefinedAttributes - - FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) - internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-pkix1-explicit(18) } - - -- Extensions - id-ce-authorityKeyIdentifier, AuthorityKeyIdentifier, - id-ce-subjectKeyIdentifier, SubjectKeyIdentifier, - id-ce-keyUsage, KeyUsage, - id-ce-privateKeyUsagePeriod, PrivateKeyUsagePeriod, - id-ce-certificatePolicies, CertificatePolicies, - id-ce-policyMappings, PolicyMappings, - id-ce-subjectAltName, SubjectAltName, - id-ce-issuerAltName, IssuerAltName, - id-ce-subjectDirectoryAttributes, SubjectDirectoryAttributes, - id-ce-basicConstraints, BasicConstraints, - id-ce-nameConstraints, NameConstraints, - id-ce-policyConstraints, PolicyConstraints, - id-ce-cRLDistributionPoints, CRLDistributionPoints, - id-ce-extKeyUsage, ExtKeyUsageSyntax, - id-ce-inhibitAnyPolicy, InhibitAnyPolicy, - id-ce-freshestCRL, FreshestCRL, - id-pe-authorityInfoAccess, AuthorityInfoAccessSyntax, - id-pe-subjectInfoAccess, SubjectInfoAccessSyntax, - id-ce-cRLNumber, CRLNumber, - id-ce-issuingDistributionPoint, IssuingDistributionPoint, - id-ce-deltaCRLIndicator, BaseCRLNumber, - id-ce-cRLReasons, CRLReason, - id-ce-certificateIssuer, CertificateIssuer, - id-ce-holdInstructionCode, HoldInstructionCode, - id-ce-invalidityDate, InvalidityDate - - FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) - internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-pkix1-implicit(19) } - - --Keys and Signatures - id-dsa, Dss-Parms, DSAPublicKey, - id-dsa-with-sha1, - md2WithRSAEncryption, - md5WithRSAEncryption, - sha1WithRSAEncryption, - rsaEncryption, RSAPublicKey, - dhpublicnumber, DomainParameters, DHPublicKey, - id-keyExchangeAlgorithm, KEA-Parms-Id, --KEA-PublicKey, - ecdsa-with-SHA1, - prime-field, Prime-p, - characteristic-two-field, --Characteristic-two, - gnBasis, - tpBasis, Trinomial, - ppBasis, Pentanomial, - id-ecPublicKey, EcpkParameters, ECPoint - FROM PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6) - internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-mod-pkix1-algorithms(17) }; - --- --- Certificate --- - -SSLCertificate ::= SEQUENCE { - tbsCertificate TBSCertificate, - signatureAlgorithm SignatureAlgorithm, - signature BIT STRING } - -SSLTBSCertificate ::= SEQUENCE { - version [0] Version DEFAULT v1, - serialNumber CertificateSerialNumber, - signature SignatureAlgorithm, - issuer Name, - validity Validity, - subject Name, - subjectPublicKeyInfo SubjectPublicKeyInfo, - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version MUST be v2 or v3 - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version MUST be v2 or v3 - extensions [3] Extensions OPTIONAL - -- If present, version MUST be v3 -- } - - --- Attribute type and values --- - -ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= CLASS { - &id AttributeType UNIQUE, - &Type } - WITH SYNTAX { - ID &id - TYPE &Type } - -SSLAttributeTypeAndValue ::= SEQUENCE { - type ATTRIBUTE-TYPE-AND-VALUE-CLASS.&id - ({SupportedAttributeTypeAndValues}), - value ATTRIBUTE-TYPE-AND-VALUE-CLASS.&Type - ({SupportedAttributeTypeAndValues}{@type}) } - -SupportedAttributeTypeAndValues ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= - { name | surname | givenName | initials | generationQualifier | - commonName | localityName | stateOrProvinceName | organizationName | - organizationalUnitName | title | dnQualifier | countryName | - serialNumber | pseudonym | domainComponent | emailAddress } - -name ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-name - TYPE X520name } - -surname ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-surname - TYPE X520name } - -givenName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-givenName - TYPE X520name } - -initials ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-initials - TYPE X520name } - -generationQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-generationQualifier - TYPE X520name } - -commonName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-commonName - TYPE X520CommonName } - -localityName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-localityName - TYPE X520LocalityName } - -stateOrProvinceName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-stateOrProvinceName - TYPE X520StateOrProvinceName } - -organizationName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-organizationName - TYPE X520OrganizationName } - -organizationalUnitName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-organizationalUnitName - TYPE X520OrganizationalUnitName } - -title ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-title - TYPE X520Title } - -dnQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-dnQualifier - TYPE X520dnQualifier } - -countryName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-countryName - TYPE X520countryName } - -serialNumber ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-serialNumber - TYPE X520SerialNumber } - -pseudonym ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-pseudonym - TYPE X520Pseudonym } - -domainComponent ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-domainComponent - TYPE DomainComponent } - -emailAddress ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-emailAddress - TYPE EmailAddress } - --- --- Signature and Public Key Algorithms --- - -SSLSubjectPublicKeyInfo ::= SEQUENCE { - algorithm SEQUENCE { - algo PUBLIC-KEY-ALGORITHM-CLASS.&id - ({SupportedPublicKeyAlgorithms}), - parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type - ({SupportedPublicKeyAlgorithms}{@.algo}) - OPTIONAL - }, - subjectPublicKey PUBLIC-KEY-ALGORITHM-CLASS.&PublicKeyType - ({SupportedPublicKeyAlgorithms}{@algorithm.algo}) } - --- The following is needed for conversion of SubjectPublicKeyInfo. - -SSLSubjectPublicKeyInfo-Any ::= SEQUENCE { - algorithm PublicKeyAlgorithm, - subjectPublicKey ANY } - - -SIGNATURE-ALGORITHM-CLASS ::= CLASS { - &id OBJECT IDENTIFIER UNIQUE, - &Type OPTIONAL } - WITH SYNTAX { - ID &id - [TYPE &Type] } - -PUBLIC-KEY-ALGORITHM-CLASS ::= CLASS { - &id OBJECT IDENTIFIER UNIQUE, - &Type OPTIONAL, - &PublicKeyType OPTIONAL } - WITH SYNTAX { - ID &id - [TYPE &Type] - [PUBLIC-KEY-TYPE &PublicKeyType] } - -SignatureAlgorithm ::= SEQUENCE { - algorithm SIGNATURE-ALGORITHM-CLASS.&id - ({SupportedSignatureAlgorithms}), - parameters SIGNATURE-ALGORITHM-CLASS.&Type - ({SupportedSignatureAlgorithms}{@algorithm}) - OPTIONAL } - -SignatureAlgorithm-Any ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY OPTIONAL } - -PublicKeyAlgorithm ::= SEQUENCE { - algorithm PUBLIC-KEY-ALGORITHM-CLASS.&id - ({SupportedPublicKeyAlgorithms}), - parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type - ({SupportedPublicKeyAlgorithms}{@algorithm}) - OPTIONAL } - -SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= { - dsa-with-sha1 | md2-with-rsa-encryption | - md5-with-rsa-encryption | sha1-with-rsa-encryption | - ecdsa-with-sha1 } - -SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { - dsa | rsa-encryption | dh | kea | ec-public-key } - - -- DSA Keys and Signatures - - -- SubjectPublicKeyInfo: - - dsa PUBLIC-KEY-ALGORITHM-CLASS ::= { - ID id-dsa - TYPE Dss-Parms -- XXX Must be OPTIONAL - PUBLIC-KEY-TYPE DSAPublicKey } - - -- Certificate.signatureAlgorithm - - dsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { - ID id-dsa-with-sha1 - TYPE NULL } -- XXX Must be empty and not NULL - - -- - -- RSA Keys and Signatures - -- - - -- Certificate.signatureAlgorithm - - md2-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { - ID md2WithRSAEncryption - TYPE NULL } - - md5-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { - ID md5WithRSAEncryption - TYPE NULL } - - sha1-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { - ID sha1WithRSAEncryption - TYPE NULL } - - -- Certificate.signature - -- See PKCS #1 (RFC 2313). XXX - - -- SubjectPublicKeyInfo: - - rsa-encryption PUBLIC-KEY-ALGORITHM-CLASS ::= { - ID rsaEncryption - TYPE NULL - PUBLIC-KEY-TYPE RSAPublicKey } - - -- - -- Diffie-Hellman Keys - -- - - -- SubjectPublicKeyInfo: - - dh PUBLIC-KEY-ALGORITHM-CLASS ::= { - ID dhpublicnumber - TYPE DomainParameters - PUBLIC-KEY-TYPE DHPublicKey } - - -- There are no Diffie-Hellman signature algorithms - - -- - -- KEA Keys - -- - - -- SubjectPublicKeyInfo: - - KEA-PublicKey ::= INTEGER - - kea PUBLIC-KEY-ALGORITHM-CLASS ::= { - ID id-keyExchangeAlgorithm - TYPE KEA-Parms-Id - PUBLIC-KEY-TYPE KEA-PublicKey } - - -- There are no KEA signature algorithms - - -- - -- Elliptic Curve Keys, Signatures, and Curves - -- - - -- Certificate.signatureAlgorithm - - ecdsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { - ID ecdsa-with-SHA1 - TYPE NULL } -- XXX Must be empty and not NULL - - FIELD-ID-CLASS ::= CLASS { - &id OBJECT IDENTIFIER UNIQUE, - &Type } - WITH SYNTAX { - ID &id - TYPE &Type } - - SSLFieldID ::= SEQUENCE { -- Finite field - fieldType FIELD-ID-CLASS.&id({SupportedFieldIds}), - parameters FIELD-ID-CLASS.&Type({SupportedFieldIds}{@fieldType}) } - - SupportedFieldIds FIELD-ID-CLASS ::= { - field-prime-field | field-characteristic-two } - - field-prime-field FIELD-ID-CLASS ::= { - ID prime-field - TYPE Prime-p } - - CHARACTERISTIC-TWO-CLASS ::= CLASS { - &id OBJECT IDENTIFIER UNIQUE, - &Type } - WITH SYNTAX { - ID &id - TYPE &Type } - - SSLCharacteristic-two ::= SEQUENCE { -- Finite field - m INTEGER, -- Field size 2^m - basis CHARACTERISTIC-TWO-CLASS.&id({SupportedCharacteristicTwos}), - parameters CHARACTERISTIC-TWO-CLASS.&Type - ({SupportedCharacteristicTwos}{@basis}) } - - SupportedCharacteristicTwos CHARACTERISTIC-TWO-CLASS ::= { - gn-basis | tp-basis | pp-basis } - - field-characteristic-two FIELD-ID-CLASS ::= { - ID characteristic-two-field - TYPE Characteristic-two } - - gn-basis CHARACTERISTIC-TWO-CLASS ::= { - ID gnBasis - TYPE NULL } - - tp-basis CHARACTERISTIC-TWO-CLASS ::= { - ID tpBasis - TYPE Trinomial } - - pp-basis CHARACTERISTIC-TWO-CLASS ::= { - ID ppBasis - TYPE Pentanomial } - - -- SubjectPublicKeyInfo.algorithm - - ec-public-key PUBLIC-KEY-ALGORITHM-CLASS ::= { - ID id-ecPublicKey - TYPE EcpkParameters - PUBLIC-KEY-TYPE ECPoint } - --- --- Extension Attributes --- - -EXTENSION-ATTRIBUTE-CLASS ::= CLASS { - &id INTEGER UNIQUE, - &Type } - WITH SYNTAX { - ID &id - TYPE &Type } - -SSLExtensionAttributes ::= SET SIZE (1..MAX) OF ExtensionAttribute - --- XXX Below we should have extension-attribute-type and extension- --- attribute-value but Erlang ASN1 does not like it. -SSLExtensionAttribute ::= SEQUENCE { - extensionAttributeType [0] IMPLICIT EXTENSION-ATTRIBUTE-CLASS.&id - ({SupportedExtensionAttributes}), - extensionAttributeValue [1] EXTENSION-ATTRIBUTE-CLASS.&Type - ({SupportedExtensionAttributes}{@extensionAttributeType}) } - -SupportedExtensionAttributes EXTENSION-ATTRIBUTE-CLASS ::= { - x400-common-name | - x400-teletex-common-name | - x400-teletex-personal-name | - x400-pds-name | - x400-physical-delivery-country-name | - x400-postal-code | - x400-physical-delivery-office-name | - x400-physical-delivery-office-number | - x400-extension-OR-address-components | - x400-physical-delivery-personal-name | - x400-physical-delivery-organization-name | - x400-extension-physical-delivery-address-components | - x400-unformatted-postal-address | - x400-street-address | - x400-post-office-box-address | - x400-poste-restante-address | - x400-unique-postal-name | - x400-local-postal-attributes | - x400-extended-network-address | - x400-terminal-type | - x400-teletex-domain-defined-attributes } - --- Extension types and attribute values - -x400-common-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID common-name - TYPE CommonName } - -x400-teletex-common-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID teletex-common-name - TYPE TeletexCommonName } - -x400-teletex-personal-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID teletex-personal-name - TYPE TeletexPersonalName } - -x400-pds-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID pds-name - TYPE PDSName } - -x400-physical-delivery-country-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID physical-delivery-country-name - TYPE PhysicalDeliveryCountryName } - -x400-postal-code EXTENSION-ATTRIBUTE-CLASS ::= { - ID postal-code - TYPE PostalCode } - -x400-physical-delivery-office-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID physical-delivery-office-name - TYPE PhysicalDeliveryOfficeName } - -x400-physical-delivery-office-number EXTENSION-ATTRIBUTE-CLASS ::= { - ID physical-delivery-office-number - TYPE PhysicalDeliveryOfficeNumber } - -x400-extension-OR-address-components EXTENSION-ATTRIBUTE-CLASS ::= { - ID extension-OR-address-components - TYPE ExtensionORAddressComponents } - -x400-physical-delivery-personal-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID physical-delivery-personal-name - TYPE PhysicalDeliveryPersonalName } - -x400-physical-delivery-organization-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID physical-delivery-organization-name - TYPE PhysicalDeliveryOrganizationName } - -x400-extension-physical-delivery-address-components - EXTENSION-ATTRIBUTE-CLASS ::= { - ID extension-physical-delivery-address-components - TYPE ExtensionPhysicalDeliveryAddressComponents } - -x400-unformatted-postal-address EXTENSION-ATTRIBUTE-CLASS ::= { - ID unformatted-postal-address - TYPE UnformattedPostalAddress } - -x400-street-address EXTENSION-ATTRIBUTE-CLASS ::= { - ID street-address - TYPE StreetAddress } - -x400-post-office-box-address EXTENSION-ATTRIBUTE-CLASS ::= { - ID post-office-box-address - TYPE PostOfficeBoxAddress } - -x400-poste-restante-address EXTENSION-ATTRIBUTE-CLASS ::= { - ID poste-restante-address - TYPE PosteRestanteAddress } - -x400-unique-postal-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID unique-postal-name - TYPE UniquePostalName } - -x400-local-postal-attributes EXTENSION-ATTRIBUTE-CLASS ::= { - ID local-postal-attributes - TYPE LocalPostalAttributes } - -x400-extended-network-address EXTENSION-ATTRIBUTE-CLASS ::= { - ID extended-network-address - TYPE ExtendedNetworkAddress } - -x400-terminal-type EXTENSION-ATTRIBUTE-CLASS ::= { - ID terminal-type - TYPE TerminalType } - -x400-teletex-domain-defined-attributes EXTENSION-ATTRIBUTE-CLASS ::= { - ID teletex-domain-defined-attributes - TYPE TeletexDomainDefinedAttributes } - --- Extensions - -SSLExtensions ::= SEQUENCE SIZE (1..MAX) OF Extension - -EXTENSION-CLASS ::= CLASS { - &id OBJECT IDENTIFIER UNIQUE, - &Type OPTIONAL} - WITH SYNTAX { - ID &id - [TYPE &Type] } - -SSLExtension ::= SEQUENCE { - extnID EXTENSION-CLASS.&id({SupportedExtensions}), - critical BOOLEAN DEFAULT FALSE, - extnValue EXTENSION-CLASS.&Type({SupportedExtensions}{@extnID}) } - --- The following is needed for conversion between Extension and Extension-Cd - -ObjId ::= OBJECT IDENTIFIER -Boolean ::= BOOLEAN -Any ::= ANY - -Extension-Any ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue ANY } - -SupportedExtensions EXTENSION-CLASS ::= { authorityKeyIdentifier | - subjectKeyIdentifier | keyUsage | privateKeyUsagePeriod | - certificatePolicies | policyMappings | subjectAltName | - issuerAltName | subjectDirectoryAttributes | basicConstraints | - nameConstraints | policyConstraints | cRLDistributionPoints | - extKeyUsage | inhibitAnyPolicy | freshestCRL | authorityInfoAccess | - subjectInfoAccess | cRLNumber | issuingDistributionPoint | - deltaCRLIndicator | cRLReasons | certificateIssuer | - holdInstructionCode | invalidityDate } - -authorityKeyIdentifier EXTENSION-CLASS ::= { - ID id-ce-authorityKeyIdentifier - TYPE AuthorityKeyIdentifier } - -subjectKeyIdentifier EXTENSION-CLASS ::= { - ID id-ce-subjectKeyIdentifier - TYPE SubjectKeyIdentifier } - -keyUsage EXTENSION-CLASS ::= { - ID id-ce-keyUsage - TYPE KeyUsage } - -privateKeyUsagePeriod EXTENSION-CLASS ::= { - ID id-ce-privateKeyUsagePeriod - TYPE PrivateKeyUsagePeriod } - -certificatePolicies EXTENSION-CLASS ::= { - ID id-ce-certificatePolicies - TYPE CertificatePolicies } - -policyMappings EXTENSION-CLASS ::= { - ID id-ce-policyMappings - TYPE PolicyMappings } - -subjectAltName EXTENSION-CLASS ::= { - ID id-ce-subjectAltName - TYPE SubjectAltName } - -issuerAltName EXTENSION-CLASS ::= { - ID id-ce-issuerAltName - TYPE IssuerAltName } - -subjectDirectoryAttributes EXTENSION-CLASS ::= { - ID id-ce-subjectDirectoryAttributes - TYPE SubjectDirectoryAttributes } - -basicConstraints EXTENSION-CLASS ::= { - ID id-ce-basicConstraints - TYPE BasicConstraints } - -nameConstraints EXTENSION-CLASS ::= { - ID id-ce-nameConstraints - TYPE NameConstraints } - -policyConstraints EXTENSION-CLASS ::= { - ID id-ce-policyConstraints - TYPE PolicyConstraints } - -cRLDistributionPoints EXTENSION-CLASS ::= { - ID id-ce-cRLDistributionPoints - TYPE CRLDistributionPoints } - -extKeyUsage EXTENSION-CLASS ::= { - ID id-ce-extKeyUsage - TYPE ExtKeyUsageSyntax } - -inhibitAnyPolicy EXTENSION-CLASS ::= { - ID id-ce-inhibitAnyPolicy - TYPE InhibitAnyPolicy } - -freshestCRL EXTENSION-CLASS ::= { - ID id-ce-freshestCRL - TYPE FreshestCRL } - -authorityInfoAccess EXTENSION-CLASS ::= { - ID id-pe-authorityInfoAccess - TYPE AuthorityInfoAccessSyntax } - -subjectInfoAccess EXTENSION-CLASS ::= { - ID id-pe-subjectInfoAccess - TYPE SubjectInfoAccessSyntax } - -cRLNumber EXTENSION-CLASS ::= { - ID id-ce-cRLNumber - TYPE CRLNumber } - -issuingDistributionPoint EXTENSION-CLASS ::= { - ID id-ce-issuingDistributionPoint - TYPE IssuingDistributionPoint } - -deltaCRLIndicator EXTENSION-CLASS ::= { - ID id-ce-deltaCRLIndicator - TYPE BaseCRLNumber } - -cRLReasons EXTENSION-CLASS ::= { - ID id-ce-cRLReasons - TYPE CRLReason } - -certificateIssuer EXTENSION-CLASS ::= { - ID id-ce-certificateIssuer - TYPE CertificateIssuer } - -holdInstructionCode EXTENSION-CLASS ::= { - ID id-ce-holdInstructionCode - TYPE HoldInstructionCode } - -invalidityDate EXTENSION-CLASS ::= { - ID id-ce-invalidityDate - TYPE InvalidityDate } - -END |