Hi, regarding my yesterday's post to enable the apps x509 and req to work with empty subject DNs (as permitted, even suggested by PKIX for certs with non-human subjects), I found another problem that I'm going to do something about now. The ca tool depends on the subject DN when using the index.txt database [crypto/txt_db]. This is a problem. Please, I appreciate if someone would let me know if what I'm suggesting is a big mistake:
I suggest defining a configuration file option index_on= where one can choose if indexing should use the hashed subject DN or some other id. I would recommend that indexing be by public key, namely subjectKeyIdentifier. The keyid is the one essential thing that's every cert has. I'll dive into this again, uh. Will find the dependency upon the txt_db code and hopefully I can hack this in with a few moderate changes. regards -Gunther ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
