[openssl.org #798] Adding fieldName_required to req command (TSU NOTIFICATION)

Wed, 17 Dec 2003 00:41:38 -0800 

US Export TSU appears at end of message

Richard and I have been having some disucssion on openssl-users.  The 
attached diffs add (and document!) two new features to apps/req.c; the 
first is adding a flag:
        -nohelp         don't provide chatty help text
The second, adds a features to the config used by req.  If there is an 
entrie like:
        fieldName_required = yes
for either the DN section or the attributes section, then fieldName is 
mandatory, and the user must enter a value.

Here is a sample run showing the edited help text and the required fields:

> Generating a 1024 bit RSA private key
> ....................++++++
> ....++++++
> writing new private key to '/opt/xkms/openssl/xkms-ca/key.pem'
> Enter PEM pass phrase:
> Verifying - Enter PEM pass phrase:
> -----
> You are about to be asked for information about the name to be used
> in the certificate request.  Default values are shown in [like this];
> and may be empty.  To accept the default, hit return. To leave a field
> blank (if optional), hit return; or (if there's a default value), type
> a period and then hit return.
> -----
> *Country Code []:US
> *Organization Name []:
>   Required field
> *Organization Name []:foo
>  Organizational Unit (i.e., department) []:
>  Common Name (i.e., name of person or server) [XKMS Service]:
>  Email Address [rsalz]:

Note the (common practice) of marking required fields with an asterisk.

In email discussion, Richard expressed a preference for understanding 
the "policy" section of a config file, and using that to determine if a 
particular RDN was required or not.  I decided not to make that change 
because my patch also allows attributes to be marked as required, 
something you can't do with the policy idea.

Hope you find this useful and accept it.
        /r$

SUBMISSION TYPE: TSU
SUBMITTED BY: Rich Salz
SUBMITTED FOR: self
POINT OF CONTACT: [EMAIL PROTECTED]
PHONE and/or FAX: 617 864 0455
MANUFACTURER: n/a
PRODUCT NAME/MODEL #: OpenSSL 0.9.7 and related
ECCN: 5D00
NOTIFICATION: See attachments.
-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to