CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2023/12/16 05:56:20
Modified files:
lib/libcrypto/asn1: a_strnid.c
lib/libcrypto/man: ASN1_STRING_TABLE_get.3
Log message:
Annotate incorrect value for ub_email_address
The ub_email_address upper bound, 128, returned for NID_pkcs9_emailAddress,
doesn't match the PKCS#9 specification where it is 255. This was adjusted
in RFC 5280:
The ASN.1 modules in Appendix A are unchanged from RFC 3280, except
that ub-emailaddress-length was changed from 128 to 255 in order to
align with PKCS #9 [RFC2985].
Nobody seems to have noticed so far, so leave it at an XXX and a BUGS
entry for now. It also clearly has the wrong name.
Another mystery is why the RFCs suffix some upper bounds with length, but
not others. Also, OpenSSL chose to be inconsistent with that, because
inconsistency is one of the few things this library is really good at.
