objects.txt defines the following: X509 4 : S : surname X509 5 : SN : serialNumber
(X509 4 is 2.5.4.4). RFC2256 defines surname (2.5.4.4) as 'sn', and 2.5.4.5 as "serialNumber", creating a conflict when going from a certificate subject DN to an LDAP DN. I can't find a justification for the shortforms currently in objects.txt anywhere in the PKIX documents. That's not to say there isn't a justification, because I don't have a current X.500 series that defines these attributes. :-) My recommendation would be to change the surname shortform to 'sn' to match LDAP, and to remove or change the serialnumber shortform. Comments? -- Harald Koch <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
