There, I feel better now :-).
Glad there was a misunderstanding. I couldn't figure out why you disliked the idea so strongly.
As for the CA, I'm not sure it should redo the kind of enforcement you're talking about, but it may be worth pondering over...
It would be nice if it did, but since "-verbose" means the CA will print out the requested certificate, it's possible for the operator to do the right due diligence and reject the certificate.
Yes, actually, I would much rather reuse the policy section. That wouldn't add to the possible conflict, at least in spirit (provided the CSR builder and the CA operator use the same configuration file).
I'll work on that. The advantage of _required is that I was also able to add it into add_attribute_object using the same "_required" technique. Understanding "policy" means that this feature goes away.
/r$
-- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
