On Fri, 15 Oct 2004 19:46:20 -0500, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote: > At 12:17 PM 10/15/2004, Madhusudan Mathihalli wrote: > >Hi, > > > > The current mod_ssl uses X509_NAME_oneline to get a one-line ASCII > >format of the DN. This however, is not compliant with the RFC - > >checkout http://www.openssl.org/support/faq.html#USER13. > > Could you do us all a small flavor, give us examples of what > the SSL_*_DN would contain with the old and new formats? >
Sure.. The current format is: SSL_CLIENT_S_DN: /C=US/ST=CA/L=Cupertino/O=ABC, XYZ/OU=Apache/CN=madhu In the new format, I'd expect it to be (please note that i have not yet implemented - so, I might be wrong on the exact format): SSL_CLIENT_S_DN: CN=madhu,OU=Apache,O=ABC \,XYZ,L=Cupertino,ST=CA,C=US The RFC (http://www.faqs.org/rfcs/rfc2253.html) has some more examples. Thanks -Madhu