On Thu, Jun 18, 2015 at 11:49 AM, Jan Pazdziora <jpazdzi...@redhat.com> wrote: > > I'd appreciate any comments about suitability of such change, as well > as the implementation. Specifically, I'm not sure if people will > prefer the generic and currently proposed > > SSL_CLIENT_SAN_otherName_n > > which gets any value of otherName type, or perhaps going with > > SSL_CLIENT_SAN_UPN_n > > and checking the OID just for the UPNs. Based on that decision I plan > to then respin the patch with documentation changes included.
I think a more generic way would to have something like SSL_CLIENT_OID_<oid>_n, so that we wouldn't have to add a new field each time. In this case, that would be: SSL_CLIENT_OID_1.3.6.1.4.1.311.20.2.3_n. Regards, Yann.
