UID in subj args - bug?
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Jul 6 16:26:46 UTC 2023
On Thu, Jul 06, 2023 at 12:07:00PM -0400, Robert Moskowitz wrote:
> And why I just hit it with serialNumber....
>
> I am not finding a listing of these field types in the docs. Can you
> give me a pointer?
>From the ca(1) manpage:
POLICY FORMAT
The policy section consists of a set of variables corresponding to
certificate DN fields. If the value is "match" then the field value
must match the same field in the CA certificate. If the value is
"supplied" then it must be present. If the value is "optional" then
it may be present. Any fields not mentioned in the policy section
are silently deleted, unless the -preserveDN option is set but this
can be regarded more of a quirk than intended behaviour.
--
Viktor.
More information about the openssl-users
mailing list