Bug#422882: [Pkg-openssl-devel] Bug#422882: openssl: mistake in note on x509v3_config manual page

Tue, 15 May 2007 06:53:15 -0700 

Sorry, my first response was treated as a new thread,

Kurt Roeckx wrote:

On Tue, May 08, 2007 at 06:03:51PM +0200, Javier Barroso wrote:

Package: openssl
Version: 0.9.8e-4
Severity: normal
Tags: patch


I see no patch?

I have the doubt, If somebody propose a small change I don't know if
it could be consider like a patch. Now than I know about it is not a
patch, I won't tag patch anymore if a patch file is not attached.

at NOTE section on x509v3_config manual page says:
If an extension is multi-value and a field value must contain a comma the long 
form must be used otherwise the
       comma would be misinterpreted as a field separator. For example:

        subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar

       will produce an error but the equivalent form:

        [EMAIL PROTECTED]

        [subject_alt_section]
        subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar

       is valid.

I had to change my openssl.cnf file to samething as:
[v3_req]
...
crlDistributionPoints = @crl_section
[crl_section]
URI=ldap://xxx.com/cn=XXX,ou=XXX,o=XXX,c=XXX

Original note doesn't work for me.


And I have no idea what you think is wrong ...

I can't generate the certificate (with a crlDistributionPoints ldap
uri within it) with manual page instruction.

When subjectAltName is crlDistributionPoints, the manual recommend fails:
[EMAIL PROTECTED]
_section
[subject_alt_section]
subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar

I think the correct setup is (at least for crlDistributionPoints):
[EMAIL PROTECTED]
[subject_alt_section]
URI=ldap://somehost.com/CN=foo,OU=bar

I can generate my certificate with the second config, but not with the first

Please correct me if I'm wrong

As reference, I read
http://www.mail-archive.com/[EMAIL PROTECTED]/msg21907.html <http://www.mail-archive.com/[EMAIL PROTECTED]/msg21907.html> for 
my solution

Thank you
PD: Sorry for my english

Kurt




--
Javier Barroso Tristán
Administrador de Redes y Sistemas
DIRECCIÓN DE TECNOLOGÍA:OPERACIONES Y SOPORTE
[EMAIL PROTECTED]
--------------------------------------------

ISOTROL
Edificio BLUENET. Avda. Isaac Newton nº 3, 4ª planta.
Parque Tecnológico Cartuja '93, 41092 Sevilla.
Teléfono: 955 036 800 - Fax: 955 036 849
www.isotrol.com

Reply via email to