I just came across some significant change between openssl 0.9.6 and openssl 0.9.7 (at least I compared openssl 0.9.6k and 0.9.7c): When I print a DN containing an Email-Address using OpenSSL 0.9.6, it says something like
C=DE/O=.../OU=.../CN=www.foo.com/[EMAIL PROTECTED]
Using 0.9.7, the output is:
C=DE/O=.../OU=.../CN=www.foo.com/[EMAIL PROTECTED]
I guess this will be a problem for all applications that obiously use the output of OpenSSL, for example apache (with the option FakeBasicAuth, which requires the Distinguished Names in a password-file) and obviously the GRID-software globus (which requires signing-policy-files for each CA-certificate).
Is this already known (and documented somewhere)? Was this change made to adapt to any standards or were there other reasons?
Cheers, Olaf
-- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
Treffen Sie uns auf dem DFN-CERT Workshop
http://www.dfn-cert.de/events/ws/2004/
3. und 4. Februar 2004, Hamburg______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
