Simplify BSC and start adding BPKI CRL support; the latter doesn't

work yet due to an apparent bug in OpenSSL (CMS_add0_crl() dumps core). If through some bizzare twist of fate we revive the idea of allowing CA certs in CMS messages, this is the change that will need to be (partly) backed out. svn path=/docs/left-right-xml; revision=1730
author: Rob Austein <sra@hactrn.net> 2008-05-01 07:07:28 +0000
committer: Rob Austein <sra@hactrn.net> 2008-05-01 07:07:28 +0000
commit: ac9ca8b4e7904365dd0e37b0599f2f66b289ed46 (patch)
tree: 128d388c9c9aa8aad22cfa4d9998d994f5a46bf4 /rpkid/left-right-schema.rnc
parent: dd4e65cc86b552daadc0d41408f8635236e182e0 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/rpkid/left-right-schema.rnc b/rpkid/left-right-schema.rnc
index 243990cc..35917c1d 100644
--- a/rpkid/left-right-schema.rnc
+++ b/rpkid/left-right-schema.rnc
@@ -75,12 +75,12 @@ self_elt |= element self { ctl_dr, self_id }
 bsc_bool = ((attribute generate_keypair { "yes" },
              attribute key_type { "rsa" }?,
              attribute hash_alg { "sha256" }?,
-             attribute key_length { "2048" }?)?,
-            attribute clear_signing_certs { "yes" }?)
+             attribute key_length { "2048" }?)?)
 
 bsc_id = attribute bsc_id { sql_id }
 
-bsc_payload = (element signing_cert { base64 }*)
+bsc_payload = (element signing_cert { base64 }?,
+               element signing_cert_crl { base64 }?)
 
 bsc_pkcs10 = element pkcs10_request { base64 }?
author	Rob Austein <sra@hactrn.net>	2008-05-01 07:07:28 +0000
committer	Rob Austein <sra@hactrn.net>	2008-05-01 07:07:28 +0000
commit	ac9ca8b4e7904365dd0e37b0599f2f66b289ed46 (patch)
tree	128d388c9c9aa8aad22cfa4d9998d994f5a46bf4 /rpkid/left-right-schema.rnc
parent	dd4e65cc86b552daadc0d41408f8635236e182e0 (diff)