Marco Colombo wrote:
So it seems its usage is deprecated. If you are to code a patch, you
may look into the alternative name(s). Those are standard v3 extensions.
As I understand it, comforming applications should look there in order
to find email addresses (of type rfc822Name). Of course, since yo
Kevin P. Fleming wrote:
Marco Colombo wrote:
What field is that, exaclty? v3 extension?
I'm not sure... it's in the OpenSSL headers files as
"NID_pkcs9_emailAddress".
Oh, I know nothing of OpenSSL API. It seems too me (but I'm not sure)
it's the emailAddress attribute in the DN. Some time ago I d
Marco Colombo wrote:
What field is that, exaclty? v3 extension?
I'm not sure... it's in the OpenSSL headers files as
"NID_pkcs9_emailAddress".
Anyway, the goal of authentication is to identify users not email
addresses. The whole idea of using certs is broken, unless you use
the cert itself. No C
On Thu, 24 Feb 2005, Kevin P. Fleming wrote:
I'm working on a webmail system using client certificates for authentication.
I have Cyrus IMAP working fine with Cyrus SASL and "AUTH=EXTERNAL" after
negotiating TLS... the IMAP daemon authenticate the user properly.
However, it chooses the CN from th
I'm working on a webmail system using client certificates for
authentication.
I have Cyrus IMAP working fine with Cyrus SASL and "AUTH=EXTERNAL" after
negotiating TLS... the IMAP daemon authenticate the user properly.
However, it chooses the CN from the client cert as the authentication
identi