On 11/28/07, Scott Cantor <[EMAIL PROTECTED]> wrote: > Marcel Ammerlaan wrote: > > A second issue with interop testing I found is the issuer-name. In the > > test-certificate I use the state attribute is present. The .Net platform > > generates a message with the attribute 'ST=' whereas Java generates 'S=' > > (or the other way round. I don't have the messages at hand right now).
ST agrees with RFC2253. (I'd be surprised if Java does otherwise; see javax.security.auth.x500.X500Principal) > > I saw some other issues regarding matching of the DN, but these were > > related to the order of the > > attributes. Is there any definitive workaround for this (apart from the > > hack I made..) Your best bet is RFC2253 conformance. > Having gone down this road over the warnings of people with more experience > than myself, I can tell you that DN comparison is not a basis for reliable > software. Amen! Tom
