Rich Salz wrote:
>
> Any consensus from the core folks on this?
>
> On Wed, 31 Mar 1999 [EMAIL PROTECTED] wrote:
>
> > X509_NAME_oneline takes an X509 name and returns
> > it as a set of slash-separated components:
> > [EMAIL PROTECTED]
> > X509_NAME_print tries to turn it into a comma-separated
> > list:
> > c=us, o=certco, [EMAIL PROTECTED]
> > The problem is that it's test for "are we about to hit
> > another RDN" is a hack (line 376-382 of t_x509.c) that
> > looks for /X= or /XX= where X is an uppercase ASCII
> > letter. And, of course /email fails.
> >
> > It's a problem because there are certs (old[?] Verisign
> > certs, if I recall correctly) that have "[EMAIL PROTECTED]" as
> > the value of the CN
> > component!
> >
> > It seems to me that a good solution is to have both
> > functions call down to a common print function that
> > gets a "syntax" switch. I'd be willing to write
> > that if there's interest.
Ideally I'd like a much cleverer X509_NAME_print that can, for example,
give a more readable indented output with one option that looks
something like this:
commonName: Steve Henson
organisation: OpenSSL group
and various other options would give the standard or comma delimited
version.
There are various other problems with X509_NAME_print as well: it
doesn't handle UTF8Strings (well it wouldn't: they've only recently been
added) or BMPStrings (which have been about a bit longer). I'd say it
needs a bit of an overhaul at some point.
I'll look into it.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
