Mark Reynolds via RT wrote:
> This is a bug report for OpenSSL version 0.9.8e. The top level summary is that
> misconfigured certificates with a bogus Issuer field are processed as if the field
> was valid.
>
> The Issuer should have an attribute of commonName (OID 2.5.4.3) and a value
> of some kind of string (e.g. T61String). If instead it has a bogus attribute, such
> as the obsolete OID 2.5.4.2, the command openssl x509 -in badcert.pem -inform PEM -noout -text
> should report that the certificate has no issuer. Instead it reports an issuer
> containing the literal string "2.5.4.2" followed by the string value of this OID.
> This seems like a clear violation of RFC3280 to me.


I don't see how not having a commonName is a violation of RFC 3280. I
would really like to agree with you, but I know there are roots in the
wild that don't have a CN field. I may have missed some text in the RFC
- could you reference a specific section? I agree it's 'best practice'
but I think some CA's don't follow that practice...
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org