There's possibly a problem in that it would change the meaning of the '+' character which might break existing use of -subj or even permit some malicious use. So I'd suggest that any new behaviour should only be enabled with a command line swicth.
Ok, taken. I created a patch and will put it into the request tracker. It uses a new option -multivalue-rdn to activate the new code.
another problem is the output like you mentioned. -nameopt oneline works but -nameopt rfc2253 fails. rfc2253 escapes a blank but perhaps I send the blank to OpenSSL by myself - so no real problem. This is not wrong but it is senseless.
oneline
-------
C = DE, O = Humboldt-Universitaet zu Berlin, OU = Internet, serialNumber = 123456 + CN = "ABC XYZ ", serialNumber = 30
rfc2253
-------
serialNumber=30,CN=ABC XYZ \ +serialNumber=123456,OU=Internet,O=Humboldt-Universitaet zu Berlin,C=DE
Thanks for your help
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]