In message <[EMAIL PROTECTED]> on Wed, 10 Dec 2003 14:57:36 -0500, Rich Salz <[EMAIL
PROTECTED]> said:
rsalz> I was surprised that if I had something like:
rsalz> countryCode_min = 2
rsalz> in my config, that the "req" command didn't require the RDN to be
rsalz> specified. How do folks feel about a "_required" suffix to handle this?
rsalz> countryCode_required = yes
rsalz> I know that this really depends on the policy of the CA, but since we
rsalz> support min/max it makes sense to be able to say something's required,
rsalz> too. I also have code that adds this to the attribute section. Should
rsalz> I send it to RT (and US export address?)
Uhmm, so you want to create something that could be in contradiction
with what's written in the policy section (did you look there?)? And
in case of contradiction, what takes priority, the _required setting
or the policy setting?
To me, the following:
[ policy_whatever ]
coutryName = optional
#...
[ req_distinguished_name ]
coutryName_min = 2
coutryName_max = 2
means that countryName is optional, but IF given, it must be a minimum
of two characters.
I'd rather that behavior be kept, i.e. I would personally reject your
idea above.
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
You don't have to be rich, a $10 donation is appreciated!
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
