Oliver Welter wrote:
Hi Michael,
Michael Bell wrote:
Oliver Welter wrote:
Hi all,
I found the problem why multiple email-addres in subject_alt_name
dissappear...
It is a problem with openssl:
To create a Subject_alt_name with multiple eMail Addresses there are
two possibilities to write the extension file:
---snipp---
subjectAltName=email:[EMAIL PROTECTED],email:[EMAIL PROTECTED]
---snapp---
OR
---snipp---
[EMAIL PROTECTED]
[alt_section]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
---snapp---
OpenCA currently uses the second version, the Subject_alt_name is
passed from to the CA as
SUBJECT_ALT_NAME = email:[EMAIL PROTECTED],email:[EMAIL PROTECTED]
but is split up into its parts while genereting the extension.
I see 3 possible aproaches to solve the problem:
a) Switch to the first notation
b) Modify the passing from RA to reflect the correct naming, e.g.
SUBJECT_ALT_NAME = email.1:[EMAIL PROTECTED],email.2:[EMAIL PROTECTED]
c) Rewrite the extfile creation util to add the index-numbers
I think there is a reason why you havent taken a) in the past, b)
will look ugly and c) is the method IMHO
I would prefer c) too. a) was not used because we store this stuff in
a single line in our own header and this header line is compatible to
OpenSSL's one line style. I would prefer c) because b) would break
perhaps other scripts.
Michael
Ok I tried somethings...
To keep it easy - openssl seems to accept everything look like
subjectname.number=value:
[ subject_alt_name ]
email.0= [EMAIL PROTECTED]
IP.1 = 127.0.0.1
email.2= [EMAIL PROTECTED]
otherName.3=.....
So the "patch" for solution c) is just to put a counter-var to the
"crypto_get_subject_alt_names" routine.
I tried some samples on the commandline with my openssl version and
there is no piece of doc that I can find which conflicts with the approach.
Any clues ? If not I will test this a little bit and send it to cvs...
No, simply do it.
Michael
--
-------------------------------------------------------------------
Michael Bell Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482
(Computing Centre) Fax: +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin Email (private): [EMAIL PROTECTED]
Germany http://www.openca.org
-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
