# Problem Description
openssl req/ca (version 0.9.6) with configuration
subjectAltName=email:copy
issuerAltName=issuer:copy
generates certificates with empty an empty GeneralNames sequences
in alternative names if the subject has no email address or the
issuer has no alternative name:
748 30 9: SEQUENCE {
750 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18)
755 04 2: OCTET STRING, encapsulates {
757 30 0: SEQUENCE {}
: }
: }
RFC 2459 (page 34) requires
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
Any Parser generated from this ASN.1-Description will choke
on such empty sequences. For example, keytool fails with
"keytool error: java.lang.Exception: Failed to parse input"
RFC 2459 (page 33) says, the sequence MUST contain at least
one entry, if the extension is present.
# Application
/opt/IBMJava2-13/bin/keytool
# Self Test Report
OpenSSL self-test report:
OpenSSL version: 0.9.6
Last change: In ssl23_get_client_hello, generate an
error message wh...
OS (uname): Linux pcweb 2.2.14-5.0 #1 Tue Mar 7 21:07:39
EST 2000 i686 unknown
OS (config): i686-whatever-linux2
Target (default): ??
Target: linux-elf
Compiler: gcc version egcs-2.91.66 19990314/Linux
(egcs-1.1.2 release)
Test passed.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
