Dear ladies/gentlemen, I'd like to clear up the situation with the feature described in manual http://openssl.org/docs/apps/x509v3_config.htm (attached below).
I tried even that same example from the manual, with 2 different versions of open ssl (0.9.7 linux, 1.0.0 windows) -- in both cases this example does not work. But the feature is highly valuable! (for ladap URIs, you know). So, any hint, please. (I can "work around" the problem with row format of fields, but it's not a nice solution). Alexey Sokolov, Yaroslavl Univ., Russia The message when example block is included: Error Loading extension section v3_ca 3680:error:22075075:X509 V3 routines:v2i_GENERAL_NAME_ex:unsupported option:.\crypto\x509v3\v3_alt.c:557:name=subjectAltName 3680:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:.\crypto\x509v3\v3_conf.c:93:name=subjectAltName, value=@subject_alt_section > NOTES > If an extension is multi-value and a field value must contain a comma > the long form must be used otherwise the comma would be misinterpreted as a > field separator. > For example: > subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar > will produce an error but the equivalent form: > subjectAltName=@subject_alt_section > [subject_alt_section] > subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar --- Alexey V. Sokolov, Mailto: a...@uniyar.ac.ru Callto: (4852) 248203 (ext.16) PGPkey: http://univ.uniyar.ac.ru/~abc/a...@univ.asc ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
