Richard Levitte - VMS Whacker wrote:
>
>
> After some more thinking, probably the best thing would be to add the
> possibility to use the keyword "move" in the same way as "copy" is
> used today. The difference would be that whatever extension that is
> meant to be copied is removed from it's original place.
>
> That way, the only difference from a user point of view is that the
> subjectAltName line would look like this:
>
> subjectAltName=email:move
>
There are a few problems with doing things that way. It will work for
'req' but may cause problems in other environments.
I'm not sure if its documented but the X509V3_CTX structure represents
any relevant information relating to the extensions. Things like the
request, the issuer and subject cetificates and CRL. They should really
be regarded as read only.
As such there's no guarantee as to the state of each component at the
time the extension is added only that it reflects some information the
application thinks is relevant to the extension process.
For example there is no guarantee that the request or certificate is not
already signed. The application might also to try using the same stuff
for more extensions later.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
