The correct answer is, it depends. This is an unfortunate evolutionary artefact, and is governed by very different pieces of code. The config.pod example revolves around subject names and the config for 'openssl req'. The code that uses this is the function auto_info(), found in apps/req.c. The x509v3_config.pod example revolves around X.509 v3 extensions, and the config for those is used by diverse functions in crypto/x509v3/ (1.1.1) or crypto/x509/ (masterand upcoming 3.0), and ultimately, the key name comparison is done by name_cmp(), found in v3_utl.c. So both manuals are correct. Unfortunately... Cheers, Richard On Fri, 20 Mar 2020 22:12:08 +0100, Salz, Rich via openssl-users wrote: > > > The doc/man5/config.pod file says to use > > 1.OU = “My first OU” > > 2.OU = “My second OU” > > But doc/man5/x509v3_config.pod says to append the numeric, as in > > email.1 = steve@here > > email.2 = steve@there > > I believe the second form is correct. Can anyone confirm? > > -- Richard Levitte levitte@xxxxxxxxxxx OpenSSL Project http://www.openssl.org/~levitte/
