Right now there are high-level APIs for creating extensions (Certificates, and soon CRLs and CRL entries), but when looking up extensions an :Extension record is returned. Complicating things, the extensions returned by the X509.Certificate module from the :OTPCertificate record have their values DER decoded, while CRL extensions are returned with DER binary values, even for the same extension type (e.g. AKI).
Need to define a unified API for working with extension values.
Right now there are high-level APIs for creating extensions (Certificates, and soon CRLs and CRL entries), but when looking up extensions an
:Extensionrecord is returned. Complicating things, the extensions returned by theX509.Certificatemodule from the:OTPCertificaterecord have their values DER decoded, while CRL extensions are returned with DER binary values, even for the same extension type (e.g. AKI).Need to define a unified API for working with extension values.