serialNumber with openssl ca

Fri, 15 Mar 2002 06:03:24 -0800 

Hi,

I wrote the same mail to openssl-users too but nobody answers. So I
write again and attach the diffs.

I used "openssl ca -subj ...".

If I used serialNumber in the DN then OpenSSL reports the following:

The Subject's Distinguished Name is as follows
serialNumber          :PRINTABLE:'02'
commonName            :PRINTABLE:'ra.hu-berlin.de'
organizationalUnitName:PRINTABLE:'Trustcenter'
organizationName      :PRINTABLE:'Humboldt-Universitaet zu Berlin'
countryName           :PRINTABLE:'DE'
Certificate is to be certified until Mar  7 14:38:38 2003 GMT (365 days)

Now you can see the output of openssl x509 -text:

Subject: SN=02, CN=ra.hu-berlin.de, OU=Trustcenter,
O=Humboldt-Universitaet zu Berlin, C=DE

There are three files which are using definitions which are not conform
to the standards:

crypto/objects/objects.h
crypto/objects/obj_dat.h
crypto/objects/obj_mac.h

The use SN_surname and SN_serialNumber (SN == Short Name?).

SN_serialNumber "SN"
SN_surname      "S"

This is not conform to the definitions in the LDAP-schemes. Can you fix
this or change the output in another way to match the LDAP-schemes? If
it is a too big change then is it possible to introduce some new
#defines
which are conform to the standard so that the output of -text is a
usable DN? I attached the fixes for the headerfiles.

>From OpenLDAP 2.0.x

attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) SUP name )
attributetype ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )

So serialNumber has no short name but a long name is better than a DN
which conflicts with a standard (or the functions must use LN_*).

Cheers, Michael
-- 
-------------------------------------------------------------------
Michael Bell                   Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter     Email:  [EMAIL PROTECTED]
Humboldt-University of Berlin  Tel.: +49 (0)30-2093 2482
Unter den Linden 6             Fax:  +49 (0)30-2093 2959
10099 Berlin
Germany                                       http://www.openca.org
746c746
< {"S","surname",NID_surname,3,&(lvalues[538]),0},
---
> {"SN","surname",NID_surname,3,&(lvalues[538]),0},
753c753
< {"SN","serialNumber",NID_serialNumber,3,&(lvalues[555]),0},
---
> {"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[555]),0},

1827c1827
< #define SN_surname            "S"
---
> #define SN_surname            "SN"
1832c1832
< #define SN_serialNumber               "SN"
---
> #define SN_serialNumber               "serialNumber"

545c545
< #define SN_surname                    "S"
---
> #define SN_surname                    "SN"
570c570
< #define SN_serialNumber                       "SN"
---
> #define SN_serialNumber                       "serialNumber"

Reply via email to