__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
Stephen Henson via RT wrote:
That isn't what RFC3280 says:
Conforming implementations generating new certificates with
electronic mail addresses MUST use the rfc822Name in the subject
alternative name field (section 4.2.1.7) to describe such identities.
This isn't a DN component
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
Hi,
I checked the new 0.9.7e and it still contains the CRL generation bug
(means, it still uses MD5 if SHA1 was configured in openssl.cnf). The
patch in RT works for 0.9.7e too. The only message is the following one:
Hunk #1 succeeded at 1410 (offset -134 lines).
This means that the position
Hi,
nobody reacts, so I file this as a bug to RT.
Perhaps uid was commented in OpenSSL 0.9.6 because uid was illegally
used as shortname for x500UniqueIdentifier. This was corrected in 0.9.7
but perhaps the real uid was forgotten.
Michael
Hi,
I added support for multivalued RDNs to -subj in ca.c. I added this
support to req.c too. Nevertheless it was tested with openssl ca. The
new code can be activated with the switch -multivalue-rdn. If the switch
is too long then please reduce it to something like -multirdn.
The diffs were
Hi,
I tried to set sha1 for openssl ca -gencrl but it doesn't work. I
checked the source code (0.9.8 and 0.9.7) and found that the req section
in apps/ca.c contains the following lines:
lines 1012-1017:
if ((md == NULL) ((md=NCONF_get_string(conf,
section,ENV_DEFAULT_MD)) ==
Hi,
I tried to output the extensions without a title:
X509V3_extensions_print (out, NULL, ci-extensions, 0, 0);
The code fails because of the following:
1. title is empty -- indent will not be incremented
2. if (BIO_printf(bp,%*s,indent, ) = 0) return 0;
This printf tries to print an
Hi,
the fingerprint option in apps/crl.c is not documented in 0.9.7a if the
online help is used. The simple patch is attached.
Best regards
Michael
--
---
Michael Bell Email: [EMAIL PROTECTED]
ZE Computer- und
Hi,
I discovered that -setalias in apps/x509.c is tested twice. It's not a
real bug but it is unnecessary. I use 0.9.7a.
Best regards
Michael
--
---
Michael Bell Email: [EMAIL PROTECTED]
ZE Computer- und
Dr. Stephen Henson wrote:
An early version of the code is now in 0.9.8-dev. Check out the docs in
ASN1_generate_nconf(3) and doc/openssl.txt .
Thanks a lot. It looks great. One question - I checked
crypto/objects/objects.txt and see that the OIDs for Microsoft's
smartcardlogin are still not
Hi,
I used -nameopt with openssl req and the options will be ignored if req
is used with -text. I checked the code of req.c and wrote some patches.
I used the function set_cert_ex in apps/apps.c because the options are
nearly the same and a non-existing option causes no errors or wrong
Hi,
I checked the code in crypto/evp/evp_test.c and it looks like sstrsep do
the same like strsep on Linux. So perhaps it was a typo and the code was
only tested under Linux.
I used sstrsep insteed of strsep. OpenSSL compiles and make test
succeed. The patch is like follows:
Richard Levitte via RT schrieb:
Please resend a patch that is generated using one of the options -u
(unified context diff, which is prefered) or -c (context diff).
Ok, I used diff -u.
Michael
--
---
Michael Bell
16 matches
Mail list logo