Gunther Schadow wrote: > > Hi, > > regarding my yesterday's post to enable the apps x509 and req to work > with empty subject DNs (as permitted, even suggested by PKIX for certs > with non-human subjects), I found another problem that I'm going to do > something about now. The ca tool depends on the subject DN when using > the index.txt database [crypto/txt_db]. This is a problem. Please, > I appreciate if someone would let me know if what I'm suggesting > is a big mistake: > > I suggest defining a configuration file option index_on= where one > can choose if indexing should use the hashed subject DN or some > other id. I would recommend that indexing be by public key, namely > subjectKeyIdentifier. The keyid is the one essential thing that's > every cert has. > > I'll dive into this again, uh. Will find the dependency upon > the txt_db code and hopefully I can hack this in with a few > moderate changes. >
Do you need the 'ca' tool to handle that? The 'x509' tool can do most things that the 'ca' tool can but without the (allegedly) friendly front end. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
