Bonjour, Le 15 avr. 2016 à 08:22, Ryan Sleevi <[email protected]<mailto:[email protected]>> a écrit :
On Thu, Apr 14, 2016 at 10:28 PM, Peter Bowen <[email protected]<mailto:[email protected]>> wrote: I know at least some platforms had issues with empty subject names. That's a good point. For example, OS X has this limitation: a leaf certificate with an empty distinguished name, but has subjectAlternativeNames as a non-critical extension will be rejected. Which is in line with X.509 2012 edition, and RFC5280 (it has been so since RFC2459). Similarly, a leaf certificate that asserts the CA bit with an empty subject will also be rejected, unless it's flagged as accepted that the leaf can be a CA (mostly, this arises with self-signed certs). Again, this is correct behavior, and is not a limitation. Cordialement, Erwann Abalea
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
