Bear Giles wrote: > As for domainComponent in particular, the RFC clearly limits it > to 64 octets
Not _the_ RFC. Which RFC ? Not 2459, there's not a word about domainComponent. Not 1274, which first defined domainComponent, it did not fit a size limit. So that must be some LDAP related RFC, maybe 2377. You can't expect openssl to enforce respect of every LDAP RFC around, it's not a LDAP product basically, and in fact it does not respect quite a few things you could find in the newer PKIX RFC. If you need that size limit, do it in your application. Or provide a patch for that, and the OpenSSL development team will decide if it's useful to include it or not. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]