On Wed, Jul 07, 2004, Federico Sacerdoti wrote: > Thank you for your reply. > > The 64-char limit imposed by the RFC makes sense now, thank you. As for my > goal, it is simply to encode extra data in the DN. I do not care exactly how > this is done, as long as my string is present somehow. > > When you say "You can legally have multiple CN fields", I interpret this to > mean the CN can look like: > > CN=name/XX=y/XY=z > > Of course this is still restricted by the 64 character limit. Is there an > easy method to add my fields to the DN, even in an unstructured way? >
What I mean is you can have: CN=first bit,CN=second bit, CN=third bit,... Each indicidual CN component has the 64 character limit. You also don't have to use the CN component name there are several others you can use which don't have such length restrictions. It may be however that the DN isn't the best place to put such data and something like subjectAlternativeName would be more appropriate. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
