On 8/16/19 7:58 AM, Salz, Rich wrote:
In the same paragraph, the sentence before the one you're quoting says "If the subject field contains an empty sequence, then the issuing CA MUST include a subjectAltName extension that is marked as critical."
I will run another test today and see if it is as easy as claimed to flag SAN critical.
It's not possible to have a missing subject name in a certificate, the field is not OPTIONAL.
I was wondering more the construction of the cert when 'no subjectName'. You confirmed that the object is there. Probably length 0. I will have to look at that asnparse listing more critically.
You are of course correct. Thanks Erwann. (He has forgotten more about ASN1 than I ever knew :)
Why I ask, perhaps seemingly dumb questions, here. Those that really know the stuff are still around.
I learned enough ASN1 to get by with x.509 and snmp and have forgotten much of what I learned ~20 years ago. I do have an iana enterprise number that I used in some of my OID proposals in both way back then.
The failing read access really bites. thanks both of you.
