Is there a way to specify the old behavior? (I'm collecting as much information as I can on current practice and putting it all together -- the overloading of 'authorityKeyIdentifier' is only part of the problem with current X.509 practice, and that overloading creates a situation where software makers introduce incompatible changes -- I've got logging software and log processing software that relies on the former, serial functionality.)
-Kyle H On 2/25/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > On Sun, Feb 26, 2006, Georg Lohrer wrote: > > > > > Even if I create an explicit serial-file it won't be used for the 'req' > > command (tested with strace). > > > > Any ideas what I'm doing wrong? Or is the man-page wrong? > > > > The manual page needs updating. It now uses a random serial number unless a > serial number is given explicitly. This was to reduce the chance of duplicate > issuer names and serial numbers. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
