UID in subj args - bug?
Robert Moskowitz
rgm at htt-consult.com
Thu Jul 6 17:15:52 UTC 2023
That I saw.
What I am looking for is a listing of the DN types allowed. Full names
and abbreviations.
https://www.openssl.org/docs/man3.0/man5/x509v3_config.html
Does not provide such a listing nor pointer to such.
On 7/6/23 12:26, Viktor Dukhovni wrote:
> On Thu, Jul 06, 2023 at 12:07:00PM -0400, Robert Moskowitz wrote:
>
>> And why I just hit it with serialNumber....
>>
>> I am not finding a listing of these field types in the docs. Can you
>> give me a pointer?
> >From the ca(1) manpage:
>
> POLICY FORMAT
>
> The policy section consists of a set of variables corresponding to
> certificate DN fields. If the value is "match" then the field value
> must match the same field in the CA certificate. If the value is
> "supplied" then it must be present. If the value is "optional" then
> it may be present. Any fields not mentioned in the policy section
> are silently deleted, unless the -preserveDN option is set but this
> can be regarded more of a quirk than intended behaviour.
>
More information about the openssl-users
mailing list