Many places including the DN comparision algorithm description of RFC3280.
Sorry can you point me to the exact paragraph, I read 4.1.2.4 and 5.1.2.3 but the comparision
seems to happen on the contents of the issuer field and not the order,
thanks
Nicola
near the end of page 95 of rfc 5280:
Two naming attributes match if the attribute types are the same and
the values of the attributes are an exact match after processing with
the string preparation algorithm. Two relative distinguished names
RDN1 and RDN2 match if they have the same number of naming attributes
and for each naming attribute in RDN1 there is a matching naming
attribute in RDN2. Two distinguished names DN1 and DN2 match if they
have the same number of RDNs, for each RDN in DN1 there is a matching
RDN in DN2, and the matching RDNs appear in the same order in both
DNs.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org