Re: client certs with no subjectName only SAN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Robert Moskowitz <rgm@xxxxxxxxxxxxxxx>, "openssl-users@xxxxxxxxxxx" <openssl-users@xxxxxxxxxxx>
Subject: Re: client certs with no subjectName only SAN
From: "Salz, Rich via openssl-users" <openssl-users@xxxxxxxxxxx>
Date: Thu, 15 Aug 2019 20:13:19 +0000
Accept-language: en-US
In-reply-to: <7d1d818c-d21c-c506-a9fd-c546fb2c3b68@htt-consult.com>
References: <7d1d818c-d21c-c506-a9fd-c546fb2c3b68@htt-consult.com>
Reply-to: "Salz, Rich" <rsalz@xxxxxxxxxx>
User-agent: Microsoft-MacOutlook/10.1c.0.190812

subjectAltName is rarely marked as critical; sec 4.2.1.6 of PKIX says "SHOULD mark subjectAltName as non-critical"

I can believe that OpenSSL doesn't support empty subjectName's.  An empty one, with no relative disintuished name components, is not the same as not present.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Follow-Ups:
- Re: client certs with no subjectName only SAN
  - From: Viktor Dukhovni
- Re: client certs with no subjectName only SAN
  - From: Erwann Abalea via openssl-users
- Re: client certs with no subjectName only SAN
  - From: Robert Moskowitz

References:
- client certs with no subjectName only SAN
  - From: Robert Moskowitz

Prev by Date: client certs with no subjectName only SAN
Next by Date: Re: client certs with no subjectName only SAN
Previous by thread: client certs with no subjectName only SAN
Next by thread: Re: client certs with no subjectName only SAN
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Security] [Bugtraq] [Linux] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]

Powered by Linux