On 02-03-19 23:05:52 CET, Dr S N Henson wrote:
> I can't see how that can happen. The ca command only passes the issuing
> CA certificate to the extension routines. It does not have access to any
> other CA certificate. It fills in the authority key identifier by
> extracting the issuer name of th
the explanation of the -utf8 option doesn't make sense, does it?
http://www.openssl.org/docs/apps/req.html";>
-utf8
this option causes field values to be interpreted as UTF8 strings, by default they
are interpreted as ASCII. This means that the field values, whether prompted from a
termina
On 02-03-25 18:03:56 CET, Stephen Sprunk wrote:
> Thus spake Robert Joop:
> > the explanation of the -utf8 option doesn't make sense, does it?
> I think the document means "8-bit characters in an unspecified code
> page" instead of ASCII; however, there's no
On 02-03-26 12:09:59 CET, Robert Joop wrote:
> On 02-03-25 18:03:56 CET, Stephen Sprunk wrote:
> > Here's the more interesting question: why do we have a switch for
> > UTF-8 encoding, instead of determining it from the user's locale?
>
> what is the canonical wa
On 02-03-26 15:01:37 CET, George Rogers wrote:
> Have you guys forgotten that the client and server are on different ends of
> the
> wire? Which end of the wire is going to use the certificate? Which end of
> the
> wire is creating the certificate? The switch has to be there to allow
> creat
i sent this to -users a few days ago, but perhaps the people who know
the answer only hang around on -dev...?
rj
--- Begin Message ---
when i create a client certificate using a mozilla browser, a CGI script
generates an SPKAC file for use with `openssl ca -spkac infile`.
the DN then becomes of
On 02-04-16 11:02:58 CEST, Howard Chu wrote:
> the order of everything. Certificates are specified in X.509 and are
> properly
> a part of the X.500 family, and the X.500 DN syntax is clearly specified.
the syntax is clearly specified, but the only thing that i could find
about the RDN order is i
On 02-04-16 10:51:31 CEST, Howard Chu wrote:
> At its core, LDAP is simply a different front-end for the X.500 information
> model. A DN is a name that uniquely identifies an object in the X.500 name
> space. Practically speaking, a DN is a DN. In pure X.500, DNs are specified
> to be big-endian,
On 02-04-16 16:49:25 CEST, Richard Levitte - VMS Whacker wrote:
> BTW, thinking about it, I'm not sure why this discussion acme up at
> all. Certificates are often stored as attributes of a record (eh,
> terminology isn't a strength of mine, so if "record" isn't the proper
> term, please pardon m
the DN handling in openssl seems to be a little uneven.
getting special characters in seems to be no problem when using the
interactive interface (at least when 'special' restricts itself to the
ASCII characters with special syntactic function).
but as soon as it comes to looking at the result, t
41:35 CEST, Robert Joop wrote:
> On 02-04-16 19:04:41 CEST, Michael Bell wrote:
> > The only bad detail is now "openssl -subj" which use a DN with ","
> > inside but the order is the one from X.500.
>
> looking at last night's snap, apps/req.c, build_sub
`x509 -noout -text` prints inconsistent output.
...> openssl x509 -noout -text -in old.pem | grep Issuer:
Issuer: [EMAIL PROTECTED], CN=CA UCO, O=Universidad de Cordoba, C=ES
...> openssl x509 -noout -text -in new.pem | grep Issuer:
Issuer: C=ES, O=Universidad de Cordoba, CN=AC [E
i've discovered that `req -nameopt` is implemented but undocumented.
`req -subject` is implemented and documented in the usage, but not in
the manual.
`crl -nameopt` was not implemented, i quickly hacked it in (we want a
sane output format for openca), patch is attached.
documentation should be
lly ca and req have problems with their option
> > > -subj).
> >
> > Robert Joop sent a patch last week (not applied, yet). Does it solve the
> > problems you mention?
>
> The problem which I mean is more general. The parser of the value which
> is passed to openss
On 02-04-29 10:33:10 CEST, Michael Bell wrote:
> I found a small problem with -nameopt RFC2253:
>
> The X509v3 Authority Key Identifier doesn't use -nameopt for DirName. Is
> this DN stored as a string?
it depends on what you mean by string.
it is stored as an OCTET STRING that contains an ASN.1
On 02-06-05 15:43:45 CEST, Rich Salz wrote:
> Richard Levitte via RT wrote:
> >Can I assume that sed exists and works properly? dirname can be
> >coded like this:
>
> > echo $$i | sed -e 's|[^/]*$||' -e 's|/$||'
>
> "dirname foo" returns "." which the above doesn't catch.
> I can only think
On 00-07-11 23:25:44 MET DST, Richard Levitte - VMS Whacker wrote:
> From: Robert Joop <[EMAIL PROTECTED]>
>
> Please try the latest snapshot and see if that helps. No guarantees,
> though...
>
>
> rj> OpenSSL version: 0.9.5a
> rj> Last change: Make
17 matches
Mail list logo
