Harald Koch wrote: >>On Tue, Apr 02, 2002 at 09:25:00AM +0200, Michael Bell wrote: >> >>>after I found the wrong definitions of SN_surname and SN_serialNumber I >>>looked around and find the next problems in crypto/objects/ : >>> >>>SN_title "title" (now "T") >>>SN_description "description" (now "D") >>>SN_givenName "gn" (now "G") >>>SN_initials "initials" (now "I") >>>LN_uniqueIdentifier "x500UniqueIdentifier" (now "uniqueIdentifier") >>>SN_rfc822Mailbox "mail" (now "rfc822Mailbox") >>>SN_pkcs9_emailAddress "emailAddress" (now "Email") >>> >>>* SN_rfc822Mailbox is not wrong but a short name exists >>>* I don't find a short name for SN_pkcs9_emailAddress. The related RFC >>>only defines a long name >> > > I know this patch was old, but I only just tripped over a problem with > it; the Microsoft CA still puts email addresses into DNs if you're not > careful.
This is not a problem because the OIDs are in the cert and not the name. > Several software packages out there still *use* the short name "email" > in DNs, making it challenging to compare DNs produced by other code with > DNs produced by OpenSSL. Which packages and why it is a problem to replace the correct "emailAddress" by "email" in a string if you have some non-compliant software? The problem is that LDAP-servers uses standardized schemas so email in the DN is a compatibility-break to the standards. It would mean that OpenSSL ignores a standard to be be more compliant with applications which are not standard conform. > Is it too late to put the short-form back? I think that it is not a good idea to go back to the old definition. Best regards, Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
