Alicia da Conceicao writes:
> These very useful X509 objects are missing from OpenSSL and "objects.h".
We've had a similar problem with the uid & dc attributes.
I'm a little confused about what's required and what's not;
for instance, the PKIX RFC 2459 requires dc component support in subjects,
or so I read it. "uid" is part of the InetOrgPerson LDAP schema definition
and is in wide use.
Could the developers clarify this?
It looks like you can add definitions to openssl.cnf, there's
a note like this in the default version (openssl 094):
RANDFILE = $ENV::HOME/.rnd
oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca' and 'req'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
This is somewhat problematic for widespread certificate
use, tho.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
