Dr. Stephen Henson wrote:
On Mon, Nov 24, 2003, Michael Bell wrote:
some people ask me how to create the following subject for certificates:
cn=abc + serialNumber=123,o=company,c=de
It is no problem to insert this subject to the -subj option of openssl
ca but the sourcecode looks like OpenSSL
On Tue, Nov 25, 2003, Michael Bell wrote:
-subj in ca.c is important for me. So I start reading the code. I dug in
req.c and it looks for me like mval signals as the last argument to
X509_NAME_add_entry_by_NID that this is not a new RDN only an addition
to the last RDN. Does this be
Dr. Stephen Henson wrote:
There's possibly a problem in that it would change the meaning of the '+'
character which might break existing use of -subj or even permit some
malicious use. So I'd suggest that any new behaviour should only be enabled
with a command line swicth.
Ok, taken. I created a
Hi,
I added support for multivalued RDNs to -subj in ca.c. I added this
support to req.c too. Nevertheless it was tested with openssl ca. The
new code can be activated with the switch -multivalue-rdn. If the switch
is too long then please reduce it to something like -multirdn.
The diffs were
On Tue, Nov 25, 2003, Michael Bell wrote:
another problem is the output like you mentioned. -nameopt oneline works
but -nameopt rfc2253 fails. rfc2253 escapes a blank but perhaps I send
the blank to OpenSSL by myself - so no real problem. This is not wrong
but it is senseless.
Is there an
equivalent API to do exactly the opposite of what X509_NAME_oneline()
does?
if i have a issuer
name in the form of a string, is there an API which will give me a pointer
to/update
the X509_NAME
object?
satish
On Tue, Nov 25, 2003, Bommareddy, Satish (Satish) wrote:
Is there an equivalent API to do exactly the opposite of what
X509_NAME_oneline() does? if i have a issuer name in the form of a string,
is there an API which will give me a pointer to/update the X509_NAME object?
Not the exact
hmm ... RT has a weird bug that added an empty comment whilst changing
ticket status. Please ignore it.
[EMAIL PROTECTED] - Wed Sep 24 07:48:10 2003]:
Anyway, here's a patch for MacOS X, the patch for dso_dlfcn.c could be
implemented in other ways also. There would be no need for ifdef's
sigh
I (stupidly) wrote:
[snip]
are building for a platform that does this (in which case the
secondary test
without the underscore is presumably useless - and worth using an
#else
clause to eliminate it perhaps??), or (ii) implement a distinct
[snip]
Of course you already