Lutz Jaenicke schrieb: > > On Sun, Apr 28, 2002 at 08:07:43PM +0100, Dr S N Henson wrote: > > However a new FAQ entry might be in order or possibly changing the > > default display options so that the old behaviour is no longer the > > default and adding a "-nameopt old" option is explicitly needed instead. > > -nameopt compat shall retain compatibility. > Hmm, make "oneline" the new default? Or rather leave it "as is" and just > add it to the FAQ. Robert Joop and Michael Bell, active in discussing > DN issues, are with the OpenCA project. It should be possible for them > to catch the problem by using an appropriate command line flag when > calling "openssl x509".
I think the FAQ entry is enough. If you set a new default then you can surprise many small scripts and their users. The flag -nameopt is a good solution. The only problem for the future is the support of this flag in all the other tools (especially ca and req have problems with their option -subj). I found a small problem with -nameopt RFC2253: The X509v3 Authority Key Identifier doesn't use -nameopt for DirName. Is this DN stored as a string? Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]