Re: subjectAltName=email:move

Richard Levitte - VMS Whacker Fri, 21 Nov 2003 01:30:39 -0800

In message <[EMAIL PROTECTED]> on Thu, 20 Nov 2003 19:56:23 -0700, Joseph Bruni 
<[EMAIL PROTECTED]> said:


jbruni> I've been trying to get the "subjectAltName=email:move" directive to 
jbruni> work in the "ca" command with no luck, so I think this might be a bug.
jbruni> 
jbruni> It seems that the only way I can get this to work is to manually set 
jbruni> the line in the CA section to something like:
jbruni> 
jbruni> subjectAltName=email:[EMAIL PROTECTED]
jbruni> 
jbruni> This isn't very flexible if I must edit this file for every cert. I 
jbruni> want to sign.
jbruni> 
jbruni> If I try to use either the "move" or "copy" options, the
jbruni> X509v3 Subject Alternative Name: extension ends up being
jbruni> <EMPTY>.

Where do you expect the email address to come from?  The email:copy
and email:move are designed to copy or move an email address found in
the subject RDN with the attribute type emailAddress.  So basically,
if you have a subject DN that looks like this:

  C=SE, L= Stockholm, CN=Richard Levitte, [EMAIL PROTECTED]

... the following can be expected:

  1. with subjectAltName=email:copy:

     "[EMAIL PROTECTED]" in an email subjectAltName.
     Subject is unchanged.

  1. with subjectAltName=email:move:

     "[EMAIL PROTECTED]" in an email subjectAltName.
     Subject is now C=SE, L= Stockholm, CN=Richard Levitte


jbruni> I have tried to get this to work two different ways: the first
jbruni> with the subjectAltName in the DN, and the second in the
jbruni> attributes section of the CSR.

Uhmm, subjectAltName has no business being inside any DN.  It's a
certificate extension, pure and simple.

-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
You don't have to be rich, a $10 donation is appreciated!

-- 
Richard Levitte   \ Tunnlandsvägen 3  \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Re: subjectAltName=email:move

Reply via email to