From: Bear Giles [EMAIL PROTECTED]
bear What I'm ultimately trying to support is database functions to
bear convert between tables and X.509 subjects. I expect this will
bear be a set of functions like:
bear
bear x509name_set_field_string (x509name *name, text *field, text *value,
bear
bear NID_domainComponent. So I'm still not sure that these tables
bear can be used to validate the input to these routines.
Do I get it right, you're after having the string length limits and
possibly the allowed string types for DC and more in that table?
What I'm ultimately trying to
Bear Giles wrote:
As for domainComponent in particular, the RFC clearly limits it
to 64 octets
Not _the_ RFC. Which RFC ?
Not 2459, there's not a word about domainComponent.
Not 1274, which first defined domainComponent, it did not fit a size
limit.
So that must be some LDAP related RFC,
Oops. The information *is* in obj_mac.h, even if it's unused.
But again, shouldn't this be in crypto/asn1/a_strnid.c (and elsewhere)
so it's recognized by default?
__
OpenSSL Project
I've used DC-based naming (RFC 2377?) for a while now, and can't really
remember running in to any particular problems.
I generate the certificates using the OpenSSL command line apps using a
configuration like this:
[ OJ_req_distinguished_name ]
0.domainComponent = TLD component
(More for documentation than anything else right now...)
I've verified that the *applications* (at least 'req') do
understand these fields. For an DNS-style LDAP-ish DN the
openssl.cnf file should have something like this:
[ policy_match ]
commonName = supplied
organizationalUnitName =
From: Bear Giles [EMAIL PROTECTED]
bear NID_domainComponent. So I'm still not sure that these tables
bear can be used to validate the input to these routines.
Do I get it right, you're after having the string length limits and
possibly the allowed string types for DC and more in that table?
Oscar Jacobsson wrote:
Having them in obj_mac.h should mean they are recognized by default,
shouldn't it? I'm not sure exactly what a_strnid.c does, but it looks
like a collection of convenience functions. I'm sure DC could be added,
as long as some kind soul could point out what its
