client certs with no subjectName only SAN
Robert Moskowitz
rgm at htt-consult.com
Fri Aug 16 12:20:18 UTC 2019
On 8/16/19 7:58 AM, Salz, Rich wrote:
>> In the same paragraph, the sentence before the one you're quoting says "If the subject field contains an empty sequence, then the issuing CA MUST include a subjectAltName extension that is marked as critical."
>
I will run another test today and see if it is as easy as claimed to
flag SAN critical.
>> It's not possible to have a missing subject name in a certificate, the field is not OPTIONAL.
I was wondering more the construction of the cert when 'no
subjectName'. You confirmed that the object is there. Probably length
0. I will have to look at that asnparse listing more critically.
>
> You are of course correct. Thanks Erwann. (He has forgotten more about ASN1 than I ever knew :)
>
Why I ask, perhaps seemingly dumb questions, here. Those that really
know the stuff are still around.
I learned enough ASN1 to get by with x.509 and snmp and have forgotten
much of what I learned ~20 years ago. I do have an iana enterprise
number that I used in some of my OID proposals in both way back then.
The failing read access really bites.
thanks both of you.
More information about the openssl-users
mailing list