On Thu, Jun 18, 2015 at 11:49 AM, Jan Pazdziora <jpazdzi...@redhat.com> wrote: > > I'd appreciate any comments about suitability of such change, as well > as the implementation. Specifically, I'm not sure if people will > prefer the generic and currently proposed > > SSL_CLIENT_SAN_otherName_n > > which gets any value of otherName type, or perhaps going with > > SSL_CLIENT_SAN_UPN_n > > and checking the OID just for the UPNs. Based on that decision I plan > to then respin the patch with documentation changes included.
I think a more generic way would to have something like SSL_CLIENT_OID_<oid>_n, so that we wouldn't have to add a new field each time. In this case, that would be: SSL_CLIENT_OID_220.127.116.11.4.1.318.104.22.168_n. Regards, Yann.