UID in subj args - bug?

Robert Moskowitz rgm at htt-consult.com
Thu Jul 6 23:45:09 UTC 2023

On 7/6/23 19:37, Viktor Dukhovni wrote:
> On Thu, Jul 06, 2023 at 06:23:46PM -0400, Robert Moskowitz wrote:
>> So adding to [ policy_loose ]
>> UID                  = optional
>> and it works.  Sigh.
> Good to hear things work as expected/intended.
>> But I still want a list of the types!  For example UID above works. What
>> about Userid?  I misspelled serialNumber (had serialnumber) and it threw
>> that back with an error.  So there IS a list somewhere, even if it is
>> deep in the code.
>    https://datatracker.ietf.org/doc/html/rfc5280#section-
>      Name ::= CHOICE { rdnSequence  RDNSequence }

I have spent some hours plowing through 5280 to figure this out.

> Welcome to the world of X.509 where anything goes, and nobody knows
> what's going on...

Ain't that the truth!

Well perhaps at IETF117 I can corner someones that can point me to the clue.

For now it seems that you put something into the policy section.  If it 
does not throw an error, you are good.

or good enough.


More information about the openssl-users mailing list