[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: Bug? Openssl ca ignores attributes without notice
From:       Holger Reif <Holger.Reif () smartring ! de>
Date:       1999-07-28 14:28:25
[Download RAW message or body]

Kaur Virunurm schrieb:
> 
> I agree with your philosophy, mr. Reif: the CA has certainly
> the authority to decide what to include in the cert, but:
> 
> > Wether there should be a big flash "Hey, the user wants to
> > trick you into something!" is another question.
> 
> That's it, but not only. Right now, the person behind the CA is displayed
> a request and prompted 'sign this!', and then something _else_ is signed.
> This is what I consider a bug!

Okay, this is a inconsistency. As Steve pointed out,
this is (among others to be reworked) real soon now (tm).
Perhaps a more short term fix that only displays the 
*new* attributes that go into the cert...

Means just moving the 	
for (i=0; i<X509_NAME_entry_count(name); i++) loop starting
in line 1480 down after policy stuff had been checked
(just before the "if(preserve)" clause...)

BTW Shouldn't the person approving signature wonder what this
unique id is there?

-- 
Holger Reif                  Tel.: +49 361 74707-0
SmartRing GmbH               Fax.: +49 361 7470720
Europaplatz 5             Holger.Reif@SmartRing.de
D-99091 Erfurt                    WWW.SmartRing.de
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org

[prev in list] [next in list] [prev in thread] [next in thread]