Hi all,
I found the problem why multiple email-addres in subject_alt_name dissappear...
It is a problem with openssl:
To create a Subject_alt_name with multiple eMail Addresses there are two possibilities to write the extension file:
---snipp--- subjectAltName=email:[EMAIL PROTECTED],email:[EMAIL PROTECTED] ---snapp---
OR
---snipp--- [EMAIL PROTECTED]
[alt_section]
[EMAIL PROTECTED] [EMAIL PROTECTED] ---snapp---
OpenCA currently uses the second version, the Subject_alt_name is passed from to the CA as
SUBJECT_ALT_NAME = email:[EMAIL PROTECTED],email:[EMAIL PROTECTED]
but is split up into its parts while genereting the extension.
I see 3 possible aproaches to solve the problem:
a) Switch to the first notation b) Modify the passing from RA to reflect the correct naming, e.g. SUBJECT_ALT_NAME = email.1:[EMAIL PROTECTED],email.2:[EMAIL PROTECTED] c) Rewrite the extfile creation util to add the index-numbers
I think there is a reason why you havent taken a) in the past, b) will look ugly and c) is the method IMHO
Pls send me your comments - I will rewrite the code than
Oliver
-- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
