[EMAIL PROTECTED] wrote:
>
> The internet draft <draft-ietf-pkix-qc-01.txt> from August 6, suggests the
> use of dnQualifier in the subject distinguished name (Object identifier:
> 2.5.4.46).
Well the point of objects.h is to include the more common attributes not
every possible object you could find there.
> This attribute is not included in Objects.h
> Is it possible to include this attribute in future releases of OpenSSL ?
>
Possibly, I'm looking into the attribute handling at present.
> In the mean time, is there a "workaround" to allow using this attribute when
> generating certificate requests or will I have to wait for all OpenSSL files
> to be updated.
>
There is a standard way to include objects with 'req' and some other
utilities like 'ca'. If you look in openssl.cnf then you will see a
line:
oid_section = new_oids
this is a section where non standard objects can be added. So if you
have a line:
dnQualifier=2.5.46
you can then use 'dnQualifier' just as if it was a standard attribute.
The only difference is that the PKIX says dnQualifier must be a
PrintableString: OpenSSL will use other types if the supplied
dnQualifier contains characters which aren't permitted in
PrintableString.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
