Richard, > "Eric Weitzman" <[EMAIL PROTECTED]> said: > > eweitzman> Is there any overview documentation on the relationship > eweitzman> between the keys and sections in openssl.cnf and both the
> Isn't http://www.openssl.org/docs/apps/req.html enough? There's a > small blurb about distinguished_name ending by saying that the section > it refers to is explained in the next section of that manual. That > section is basically right below said blurb. This is enough to document req. But I was looking for overview documentation of the config file per se. Being new to openssl, it's a leap to go from a code distribution and command descriptions to understanding the config file. It's an even bigger leap to understand that one anticipated usage pattern for req requires that an app will write the config file to supply specific values for the distinguished name fields of the request. Normally, the config file tells the app how to act globally, not how to behave for a specific invocation of the app. It was while glimpsing this unique arrangement that I wondered, is there some overview documentation that spells out the relationships between commands->sections->keys->other_sections. It would be nice if this was done in general, or as a compendium of all the various commands' usage of the config file in the config file documentation. For example, are req and ca the only commands that have their own eponymously-named sections with keys whose values point to other sections? Or are there others? Are the OIDs in the section pointed to by the global key oid_section used by more than x509? (I'll answer this for myself shortly...see below) > Generally, look at the manual for each command, and you will hopefully > find what you're looking for. I will take your advice and look for the information this way. > If you find the manuals incomplete, please tell us in detail what's > missing or should be changed, and we'll do our best to correct it. I'm spiraling in to an understanding of the system as the blind men came to understand the elephant. Since I'm interested in the CA capabilities, a document that describes how ca, req, and x509 fit together and are configured would be helpful. > Note: the manuals on the web are for the development Given this note, I understand that my documentation desires might go unheeded! NP, I was just asking. Thanks, - Eric ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
