In message <[EMAIL PROTECTED]> on Mon, 17 Nov 2003 23:55:59 +1100, "Steven Reddie"
<[EMAIL PROTECTED]> said:
smr> So this sounds like a limitation of our software rather than an
smr> OpenSSL by-design issue?
smr>
smr> I've been told that when the EE certificate in question was
smr> issued that t
On Mon, Nov 17, 2003, Steven Reddie wrote:
> So this sounds like a limitation of our software rather than an OpenSSL
> by-design issue?
>
> I've been told that when the EE certificate in question was issued that the
> CA's subject DN was copied to the EE's issuer DN and "flipped" on the way; I
>
inal Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Monday, 17 November 2003 11:42 PM
To: [EMAIL PROTECTED]
Subject: Re: Ordering of components of subject/issuer DN
On Mon, Nov 17, 2003, Steven Reddie wrote:
>
> I have come across a
On Mon, Nov 17, 2003, Steven Reddie wrote:
>
> I have come across a certificate that chokes our software which uses
> OpenSSL. I haven't dug very deep yet, but was hoping that someone could
> tell me about any ordering rules for the DN's.
>
> openssl asn1parse on the cert produces the dump be
>
> You're right, the ordering you see is quite unusual.
It is not *that* unusual. It happens when you
try to setup a CA with openssl while reading
the x509 -text output in an LDAP sense.
X501: Each initial sub-sequence if the name of an object is also
the name of an object. The sequence of obj
In message <[EMAIL PROTECTED]> on Mon, 17 Nov 2003 22:16:45 +1100, "Steven Reddie"
<[EMAIL PROTECTED]> said:
smr> I have come across a certificate that chokes our software which
smr> uses OpenSSL. I haven't dug very deep yet, but was hoping that
smr> someone could tell me about any ordering rule