Bonjour,
In the same paragraph, the sentence before the one you're quoting says "If the
subject field contains an empty sequence, then the issuing CA MUST include a
subjectAltName extension that is marked as critical."
It's not possible to have a missing subject name in a certificate, the field is
not OPTIONAL.
Cordialement,
Erwann Abalea
Le 15/08/2019 22:13, « openssl-users au nom de Salz, Rich via openssl-users »
<openssl-users-boun...@openssl.org au nom de openssl-users@openssl.org> a écrit
:
subjectAltName is rarely marked as critical; sec 4.2.1.6 of PKIX says
"SHOULD mark subjectAltName as non-critical"
I can believe that OpenSSL doesn't support empty subjectName's. An empty
one, with no relative disintuished name components, is not the same as not
present.
