Hi,
when using apps/ca.c to sign certificate requests, the contents of the
certificate is printed.
The contents of the X509v3 extension "Subject Alternative Name" is however
not printed, so that the information (which is also part of the signed
certificate) is not verified by the issuer before before signing.
(I just started experimenting with dNSName usage and don't feel confident
enough to already provide a patch myself).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
