UID in subj args - bug?

Robert Moskowitz rgm at htt-consult.com
Thu Jul 6 17:15:52 UTC 2023

That I saw.

What I am looking for is a listing of the DN types allowed.  Full names 
and abbreviations.


Does not provide such a listing nor pointer to such.

On 7/6/23 12:26, Viktor Dukhovni wrote:
> On Thu, Jul 06, 2023 at 12:07:00PM -0400, Robert Moskowitz wrote:
>> And why I just hit it with serialNumber....
>> I am not finding a listing of these field types in the docs.  Can you
>> give me a pointer?
> >From the ca(1) manpage:
>      The policy section consists of a set of variables corresponding to
>      certificate DN fields. If the value is "match" then the field value
>      must match the same field in the CA certificate. If the value is
>      "supplied" then it must be present. If the value is "optional" then
>      it may be present. Any fields not mentioned in the policy section
>      are silently deleted, unless the -preserveDN option is set but this
>      can be regarded more of a quirk than intended behaviour.

More information about the openssl-users mailing list