On Thu, 25 May 2006, Jonathan Siegle wrote: > Tony Finch said the following on 5/25/06 8:08 AM: > > > > Has anyone written a straightforward description of how to generate a > > proper XMPP cert with all of the id-on-xmppAddr stuff using OpenSSL? > > You can put whatever OIDs in the csr. The CA will determine if it will honor > what you have requested. > > Open up your openssl.cnf file and look for the new_oids section. They have an > example there too. Oh and look at the man page for req. It has lots of > examples of OIDs.
But how do you get OpenSSL to represent the JID as "a UTF8String within an otherName entity inside the subjectAltName"? (RFC 3920 section 5.1 point 8) Also, how do you write XMPP server or client code using OpenSSL to check certificates using the id-on-xmppAddr? Tony. -- f.a.n.finch <[EMAIL PROTECTED]> http://dotat.at/ DOVER WIGHT PORTLAND PLYMOUTH NORTH BISCAY: SOUTHWEST 5 TO 7, PERHAPS GALE 8 LATER IN DOVER AND WIGHT. RAIN OR DRIZZLE. MODERATE WITH FOG PATCHES.
