CALinux wrote:
I believe what's happening is that the DN is mapped to a X509_NAME structure that is composed of one or more X509_NAME_ENTRY components. This makes it easy to search for just surnames or titles or whatever since you're searching a single X509_NAME_ENTRY field, not the composite name.Hi thanks for help, our problem is that in Italian Public Adminitsration is mandatory the object Description in Certificates. It must be like this:Description="C=<surname>/N=<name>/D=<date's birth>[/R=<job role>] Example Description=C=Werzowa/N=Karl-Michael/D=01-01-1980
The problem is that you need some way of mapping a sequence of characters to this structure and back, and the /x=y notation is intuitive and commonly used. The problem is that this can be triggered when it shouldn't be, and that may, repeat MAY, be what's going on here.
But to be honest, I'm not sure that we really know what the object description requires. I find it far more likely that the the spec requires a DN with four entries (C, N, D and R) than can be individually searched than a single entry with a composit string. In this case, what you need are the OID values for the "C", "N", "D" and "R" attributes and OpenSSL's behavior will be exactly what you want. The text will still display in the format you expect.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
