On Fri, Jun 19, 2015 at 11:56 AM, Yann Ylavic <ylavic....@gmail.com> wrote: > > Instead of SSL_CLIENT_OID_, we could also have something like > SSL_CLIENT__<oid|shortname|fullname>__n since the underlying mod_ssl > code handles both (IIRC). > I don't know if SAN_otherName/UPN have a short/long name though, but many > have.
Nope, SAN as an oid/long/short name, but no fancy name for its inner fields. But since openssl.cnf (man x509v3_config) accepts things like "subjectAltName=email:my@other.address,RID:1.2.3.4,otherName:my.other.name", maybe we can do something...
