Hodie V Id. Iun. MMVIII est, Dr. Stephen Henson scripsit: > On Mon, Jun 09, 2008, Florian Lindner wrote: > > > No, the name "long Name" was only a placeholder. "problems making > > Certificate Request" was the error message from openSSL. > > > > The real name is "GIMIK Systeme - Gesellschaft fЭr innovative Marketing- & > > Kommunikationssysteme mbH" which is 82 characters long. Is there a way to > > work around the 64 char limit? > > There is a limit in openssl.cnf and also a hard limit imposed by the OpenSSL > source. The 64 character limit is mandated by RFC3280 which OpenSSL enforces. > The only way to change that is to modify the OpenSSL sources. If you really > want to do that it is in asn1.h as ub_organization_name.
RFC3280 (superseded by RFC5280, btw), is less flexible than the X.509 standard for this point, and with "not so good" arguments. X.509 standard defines organizationalUnitName as a DirectoryString of up to length ub-organizational-unit-name characters, as does the RFC5280, but it defines this upper bound as 64 characters in a non normative annex (i.e. it hapilly defines limits, it can even propose one as an example, but let the implementer choose what's best for its environment). RFC5280, on the other hand, states that the upper bounds MUST be enforced, and cites X.411 standard as the source, despite the fact that this has nothing to do with X.500. This could force some companies to change their name (the same logic is applied to the OrganizationName field). An X.509 certificate can be viewed as an ID, and has to map to the real world the most possible. Being unable to represent the name of a company or the name of an individual because of a "one size fits it all" decision, in an electronic world, is a shame (that's my opinion). -- Erwann ABALEA <[EMAIL PROTECTED]> ----- Mammifère : se dit d'un animal à squelette, poilu, qui donne du lait. Exemple : une noix de coco. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
