On 02-04-24 15:12:55 CEST, Michael Bell wrote:
> EMILIO LUQUE LINARES schrieb:
> >
> > Hi.
> >
> > I have compared two different CA certificates. The first was
> > generated with a version of OpenCA two weeks ago and the second has been
> > generated today. If I use "openssl x509 -in cacert.pem -text" at the new
> > cacert.pem I can see that the issuer and the subject are:
> >
> > C=ES, O=Universidad de Cordoba, CN=AC [EMAIL PROTECTED]
> >
> > The old cacert.pem shows:
> >
> > [EMAIL PROTECTED], CN=CA UCO, O=Universidad de Cordoba, C=ES
> >
> > I know that the order has changed in new versions of OpenCA and OpenSSL
> > but I have noted that there is a "/" between CN=AC UCO and
> > [EMAIL PROTECTED] instead of "," in the Issuer and Subject of the new
> > CA certificate.
> >
> > Could be this an error?
>
> No, it's simply OpenSSL.
yes, and i found the place where it is happening.
crypto/asn1/t_x509.c, X509_NAME_print():
if ( ((*s == '/') /*&&
((s[1] >= 'A') && (s[1] <= 'Z') && (
(s[2] == '=') ||
((s[2] >= 'A') && (s[2] <= 'Z') &&
(s[3] == '='))
))*/) ||
(*s == '\0'))
without the comment, it prints "/", with the comment ", ".
it's because the second letter in "Email" is lowercase...!
i'll report it to openssl-dev.
rj
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
