>>How are you going to handle multiple OUs? In the case where a certificate
>>contains 4 multiple OUs but a user DN only contains one of those 4?
Shouldn't the user DN exactly match the "subject" field from the cert?
If not, when and why not?
>> I search in LDAP just by e-mail, and I compare the whole certificate byte
>> to byte with the client one, to check if they're same cert.
>We need to be more flexible about this though - not everybody will be
>putting 'email' in their certificates, etc.
Put "email" in how? As an RDN (gosh, I hope not!) or some other way?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]