1.OU or OU.1 ?

Salz, Rich rsalz at akamai.com
Sat Mar 21 13:46:56 UTC 2020

Argh.  Thanks for the detailed explanation.

It seems to me that if I add suffixes ".nnn" support to auto_info() than we can move xxx.field to deprecated at some point?

On 3/20/20, 10:45 PM, "Richard Levitte" <levitte at openssl.org> wrote:

    The correct answer is, it depends.  This is an unfortunate
    evolutionary artefact, and is governed by very different pieces of
    The config.pod example revolves around subject names and the config
    for 'openssl req'.  The code that uses this is the function
    auto_info(), found in apps/req.c.
    The x509v3_config.pod example revolves around X.509 v3 extensions, and
    the config for those is used by diverse functions in crypto/x509v3/
    (1.1.1) or crypto/x509/ (masterand upcoming 3.0), and ultimately, the
    key name comparison is done by name_cmp(), found in v3_utl.c.
    So both manuals are correct.  Unfortunately...
    On Fri, 20 Mar 2020 22:12:08 +0100,
    Salz, Rich via openssl-users wrote:
    > The doc/man5/config.pod file says to use
    >                 1.OU = “My first OU”
    >                 2.OU = “My second OU”
    > But doc/man5/x509v3_config.pod says to append the numeric, as in
    >                 email.1 = steve at here
    >                 email.2 = steve at there
    > I believe the second form is correct.  Can anyone confirm?
    Richard Levitte         levitte at openssl.org
    OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-users mailing list