"Lee Dilkie" writes: > you didn't look at the certificate fully. there is also > > RFC822 [EMAIL PROTECTED] > RFC822 [EMAIL PROTECTED] > RFC822 [EMAIL PROTECTED]
> in the Subject Alternative Name as rfc3280 requires. That is very clever of them! I have been meaning to test your cert consruction (& try it on my own Thawte account) but too many other problems have kept me from it. Despite what you say elsewhere, tho, I think this is pushing back against the standard > > attribute.... Conforming implementations generating new certificates.... > > Simultaneous inclusion of the EmailAddress attribute in the subject > > distinguished name to support legacy implementations is deprecated > > but permitted. What I wanted to try (& might eventually) is going back to the client test we did some time ago. We found that the client always ignored the extra subjectaltname entries, and so I suspect that the subject components are the ones evaluated. That construction is inconvenient for directory (and kind of nonsensical, in that many different entities for the same person are created) but it can be made to work, if publishing of certs is needed, and is better managed by non LDAP dbms. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
