This is taken from X.520/RFC5280:
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..MAX)) }
Nearly every attribute type is encoded as a DirectoryString. An empty
element doesn't respect the size constraint, so is invalid.
--
Erwann ABALEA
Le 13/11/2013 11:48, Ben Laurie a écrit :
On 13 November 2013 10:35, Igor Sverkos <igor.sver...@googlemail.com> wrote:
According to RFC 3280, which defines
X.509 certficates, these entries, if they exist, must not have
an empty value.
FWIW, RFC 3280 has been obsoleted by RFC 5280.
I couldn't find where it said this in RFC 5280. Pointer?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
