UID in subj args - bug?

Viktor Dukhovni openssl-users at dukhovni.org
Thu Jul 6 16:26:46 UTC 2023

On Thu, Jul 06, 2023 at 12:07:00PM -0400, Robert Moskowitz wrote:

> And why I just hit it with serialNumber....
> I am not finding a listing of these field types in the docs.  Can you 
> give me a pointer?

>From the ca(1) manpage:


    The policy section consists of a set of variables corresponding to
    certificate DN fields. If the value is "match" then the field value
    must match the same field in the CA certificate. If the value is
    "supplied" then it must be present. If the value is "optional" then
    it may be present. Any fields not mentioned in the policy section
    are silently deleted, unless the -preserveDN option is set but this
    can be regarded more of a quirk than intended behaviour.


More information about the openssl-users mailing list