Well... I think it's more a case of OpenSSL and LDAP using *different* mechanisms for string encoding. LDAP reverses the RDN sequence (making it conform to RFC 2253), while OpenSSL (and this goes back to SSLeay) does not.
I don't think you could really claim that there was an "X.500 order" at all, rendering the correctness issue moot, since X.500 (AFAIK) never uses string representations of DNs. The only standardized mechanism for string encoding DNs I am aware of is that of RFC 2253, or LDAP. OpenSSL currently does not conform to it. //oscar Howard Chu wrote: > There is no bug, unless you consider LDAP itself a bug. Yes, LDAP uses the > opposite order from X.500. OpenSSL is using the correct (X.500) order. > > Just as an aside, OpenLDAP 2.1 supports X.500 DNs. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
