On Tue, Nov 25, 2003, Michael Bell wrote: > > -subj in ca.c is important for me. So I start reading the code. I dug in > req.c and it looks for me like mval signals as the last argument to > X509_NAME_add_entry_by_NID that this is not a new RDN only an addition > to the last RDN. Does this be correct? >
Yes that's correct. > If yes then I start fixing "-subj" for ca.c or better I'm fixing > do_subject which is used by req.c too. > There's possibly a problem in that it would change the meaning of the '+' character which might break existing use of -subj or even permit some malicious use. So I'd suggest that any new behaviour should only be enabled with a command line swicth. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
