client certs with no subjectName only SAN

Salz, Rich rsalz at
Fri Aug 16 11:58:37 UTC 2019

>    In the same paragraph, the sentence before the one you're quoting says "If the subject field contains an empty sequence, then the issuing CA MUST include a subjectAltName extension that is marked as critical."
>    It's not possible to have a missing subject name in a certificate, the field is not OPTIONAL.
You are of course correct.  Thanks Erwann.  (He has forgotten more about ASN1 than I ever knew :)

More information about the openssl-users mailing list