On Wed, 10 Nov 1999 21:25:05 +0100, "Rene G. Eberhard" wrote:
> > On Sun, 07 Nov 1999 12:10:35 +0100, "Rene G. Eberhard" wrote:
> > > Cewl Mail.
> > > Can you please describe your problem a bit more detailed =)?
> > >
> > > BTW: It is not allowed to have more than one CN.
> >
> > It is - see X.500 et al - but do you mean perhaps that OpenSSL can't
> > handle entering them?
>
> Yes, it is allowed to have more than one CN. What I wonder is what
> the option "ca -preserveDN" really does.
> The order of the RDN's are (in my opinion) essential. Hopefully
They absolutely are, because they describe a DIT traversal from ROOT to
the entry.
> the RDN's aren't sorted alphabetically =).
Perhaps it is to do with sorting of multi-AVA RDNs.
eg <cn=Chris Ridd+uid=cjr,o=MessagingDirect,c=CA>
Although the AVAs are strictly unordered in the ASN.1 and BER, in DER
they must be ordered in a particular way (sorted by OID or something.)
Just guessing of course, but perhaps preserveDN prevents this sorting
from occuring, in case some broken software out there relied on the
original ordering.
Cheers,
Chris
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
