Subject Attribute Email has no known NID, skipped
Hi,
I try to create a certificate request with OpenSSL 0.9.7b
openssl req -subj
"/C=DE/ST=Nordrheinwestfalen/L=Oberhausen/O=ABCGmbH/OU=Internet/CN=User
/[EMAIL PROTECTED]"
or ... /[EMAIL PROTECTED]
This should be correct, because objects.h define
#define SN_pkcs9_emailAddress "Email"
#define LN_pkcs9_emailAddress "emailAddress"
When I use "Email" I get the Error Message: "Subject Attribute Email has no
known NID, skipped"
When I use "emailAddress" the certificate request is for the subject
C=DE, ST=Nordrheinwestfalen, L=Oberhausen, O=ABCGmbH, OU=Internet,
CN=User/[EMAIL PROTECTED]
("/emailAddress" is considered part of the CN)
Is this a known bug or am I doing something wrong?
Christian Barmala
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Subject Attribute Email has no known NID, skipped
Hi Stephen,
thank you for your fast reply.
- Original Message -
From: "Dr. Stephen Henson" <[EMAIL PROTECTED]>
Sent: Sunday, August 31, 2003 3:30 PM
> > When I use "Email" I get the Error Message: "Subject Attribute Email has
no
> > known NID, skipped"
>
> I think that is a bug...
Good to know that I don't have to search for the error on my side any
longer.
> > When I use "emailAddress" the certificate request is for the subject
> > C=DE, ST=Nordrheinwestfalen, L=Oberhausen, O=ABCGmbH, OU=Internet,
> > CN=User/[EMAIL PROTECTED]
> > ("/emailAddress" is considered part of the CN)
> >
> It isn't part of the CN, that's just how its displayed: read the FAQ.
http://www.openssl.org/support/faq.html doesn't contain the string "email"
and only one instance of "CN", which covers a different topic.
http://www.openssl.org/support/faq.html#USER13 also covers a different
topic.
However since you told me that it's just an odd display, I generated a
certificate from that request and it contained the correct DN.
"Case closed" :-)
Thank you,
Christian
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Subject Attribute Email has no known NID, skipped
On Sun, Aug 31, 2003, Christian Barmala wrote:
> Hi Stephen,
>
> thank you for your fast reply.
>
> - Original Message -
> From: "Dr. Stephen Henson" <[EMAIL PROTECTED]>
> Sent: Sunday, August 31, 2003 3:30 PM
>
> > > When I use "Email" I get the Error Message: "Subject Attribute Email has
> no
> > > known NID, skipped"
> >
> > I think that is a bug...
>
> Good to know that I don't have to search for the error on my side any
> longer.
>
Email has been deleted as a short name in objects.txt between 0.9.6 and 0.9.7,
I'll checkthe logs to see the reason.
>
> > > When I use "emailAddress" the certificate request is for the subject
> > > C=DE, ST=Nordrheinwestfalen, L=Oberhausen, O=ABCGmbH, OU=Internet,
> > > CN=User/[EMAIL PROTECTED]
> > > ("/emailAddress" is considered part of the CN)
> > >
> > It isn't part of the CN, that's just how its displayed: read the FAQ.
>
> http://www.openssl.org/support/faq.html doesn't contain the string "email"
> and only one instance of "CN", which covers a different topic.
> http://www.openssl.org/support/faq.html#USER13 also covers a different
> topic.
>
#13 is actually the right topic. That odd email display is a symptom of the
"old behaviour". Though it could be clearer.
-nameopt oneline or -nameopt multiline produces a more sensible output.
Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Subject Attribute Email has no known NID, skipped
On Sun, Aug 31, 2003, Christian Barmala wrote:
> Hi,
>
> I try to create a certificate request with OpenSSL 0.9.7b
>
> openssl req -subj
> "/C=DE/ST=Nordrheinwestfalen/L=Oberhausen/O=ABCGmbH/OU=Internet/CN=User
> /[EMAIL PROTECTED]"
> or ... /[EMAIL PROTECTED]
>
> This should be correct, because objects.h define
> #define SN_pkcs9_emailAddress "Email"
> #define LN_pkcs9_emailAddress "emailAddress"
>
> When I use "Email" I get the Error Message: "Subject Attribute Email has no
> known NID, skipped"
I think that is a bug...
> When I use "emailAddress" the certificate request is for the subject
> C=DE, ST=Nordrheinwestfalen, L=Oberhausen, O=ABCGmbH, OU=Internet,
> CN=User/[EMAIL PROTECTED]
> ("/emailAddress" is considered part of the CN)
>
It isn't part of the CN, that's just how its displayed: read the FAQ.
Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: Subject Attribute Email has no known NID, skipped
Dr. Stephen Henson wrote: On Sun, Aug 31, 2003, Christian Barmala wrote: Hi Stephen, thank you for your fast reply. - Original Message - From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> Sent: Sunday, August 31, 2003 3:30 PM When I use "Email" I get the Error Message: "Subject Attribute Email has no known NID, skipped" I think that is a bug... Good to know that I don't have to search for the error on my side any longer. Email has been deleted as a short name in objects.txt between 0.9.6 and 0.9.7, I'll checkthe logs to see the reason. Email was deleted because it was not found in the standards. All RFCs use emailAddress and not email as the name of the PKCS#9 emailaddress. There is the attribute "mail" too but this is a rfc822Mailbox and not a PKCS#9 emailaddress. Don't ask me for the differences. We only checked the standards and used their terminology. Best regards Michael -- --- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und MedienserviceTel.: +49 (0)30-2093 2482 (Computing Centre)Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
