Issuer must have commonName?
Mark Reynolds via RT wrote:[color=blue]
> This is a bug report for OpenSSL version 0.9.8e. The top level summary is that
> misconfigured certificates with a bogus Issuer field are processed as if the field
> was valid.
> The Issuer should have an attribute of commonName (OID 188.8.131.52) and a value
> of some kind of string (e.g. T61String). If instead it has a bogus attribute, such
> as the obsolete OID 184.108.40.206, the command openssl x509 -in badcert.pem -inform PEM -noout -text
> should report that the certificate has no issuer. Instead it reports an issuer
> containing the literal string "220.127.116.11" followed by the string value of this OID.
> This seems like a clear violation of RFC3280 to me.[/color]
I don't see how not having a commonName is a violation of RFC 3280. I
would really like to agree with you, but I know there are roots in the
wild that don't have a CN field. I may have missed some text in the RFC
- could you reference a specific section? I agree it's 'best practice'
but I think some CA's don't follow that practice...
OpenSSL Project [url]http://www.openssl.org[/url]
Development Mailing List [email]firstname.lastname@example.org[/email]
Automated List Manager [email]email@example.com[/email]