In message <[EMAIL PROTECTED]> on Mon, 15 Apr 2002 20:57:00 +0200, 
Michael Bell <[EMAIL PROTECTED]> said:

michael.bell> we found today a big problem with the DNs which OpenSSL
michael.bell> displays because our application (OpenCA) produce DNs
michael.bell> which are conform to the directorystandards but OpenSSL
michael.bell> interprets them in the opposite order. 
michael.bell> What does this mean?

If I remember correctly, X.500 subjects are usually ordered as the
inverse of the directory standards you refer to.  This means that
rather than O=HU, C=DE, the order would be C=DE, O=HU.

However, with the OpenSSL application ('openssl'), which I assume is
what you've been using, the order of the RDNs entirely depends on the
order of the keys in the policy section from the configuration file.
In the example openssl.cnf, the order is contryName first, followed by
stateOrProvinceName, and so on.  I'm sure that if you create a
different policy section where things are reordered the waty you want
them, you'll get the desired result.

All this, of course, said out of memory.  I haven't tested anything.

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to