Kaur Virunurm schrieb:
>
> I agree with your philosophy, mr. Reif: the CA has certainly
> the authority to decide what to include in the cert, but:
>
> > Wether there should be a big flash "Hey, the user wants to
> > trick you into something!" is another question.
>
> That's it, but not only. Right now, the person behind the CA is displayed
> a request and prompted 'sign this!', and then something _else_ is signed.
> This is what I consider a bug!
Okay, this is a inconsistency. As Steve pointed out,
this is (among others to be reworked) real soon now (tm).
Perhaps a more short term fix that only displays the
*new* attributes that go into the cert...
Means just moving the
for (i=0; i<X509_NAME_entry_count(name); i++) loop starting
in line 1480 down after policy stuff had been checked
(just before the "if(preserve)" clause...)
BTW Shouldn't the person approving signature wonder what this
unique id is there?
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt WWW.SmartRing.de
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
