1.OU or OU.1 ?
Salz, Rich
rsalz at akamai.com
Sat Mar 21 13:46:56 UTC 2020
Argh. Thanks for the detailed explanation.
It seems to me that if I add suffixes ".nnn" support to auto_info() than we can move xxx.field to deprecated at some point?
On 3/20/20, 10:45 PM, "Richard Levitte" <levitte at openssl.org> wrote:
The correct answer is, it depends. This is an unfortunate
evolutionary artefact, and is governed by very different pieces of
code.
The config.pod example revolves around subject names and the config
for 'openssl req'. The code that uses this is the function
auto_info(), found in apps/req.c.
The x509v3_config.pod example revolves around X.509 v3 extensions, and
the config for those is used by diverse functions in crypto/x509v3/
(1.1.1) or crypto/x509/ (masterand upcoming 3.0), and ultimately, the
key name comparison is done by name_cmp(), found in v3_utl.c.
So both manuals are correct. Unfortunately...
Cheers,
Richard
On Fri, 20 Mar 2020 22:12:08 +0100,
Salz, Rich via openssl-users wrote:
>
>
> The doc/man5/config.pod file says to use
>
> 1.OU = “My first OU”
>
> 2.OU = “My second OU”
>
> But doc/man5/x509v3_config.pod says to append the numeric, as in
>
> email.1 = steve at here
>
> email.2 = steve at there
>
> I believe the second form is correct. Can anyone confirm?
>
>
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-users
mailing list