client certs with no subjectName only SAN
rsalz at akamai.com
Fri Aug 16 11:58:37 UTC 2019
> In the same paragraph, the sentence before the one you're quoting says "If the subject field contains an empty sequence, then the issuing CA MUST include a subjectAltName extension that is marked as critical."
> It's not possible to have a missing subject name in a certificate, the field is not OPTIONAL.
You are of course correct. Thanks Erwann. (He has forgotten more about ASN1 than I ever knew :)
More information about the openssl-users