[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: Bug? Openssl ca ignores attributes without notice
From: Holger Reif <Holger.Reif () smartring ! de>
Date: 1999-07-28 14:28:25
[Download RAW message or body]
Kaur Virunurm schrieb:
>
> I agree with your philosophy, mr. Reif: the CA has certainly
> the authority to decide what to include in the cert, but:
>
> > Wether there should be a big flash "Hey, the user wants to
> > trick you into something!" is another question.
>
> That's it, but not only. Right now, the person behind the CA is displayed
> a request and prompted 'sign this!', and then something _else_ is signed.
> This is what I consider a bug!
Okay, this is a inconsistency. As Steve pointed out,
this is (among others to be reworked) real soon now (tm).
Perhaps a more short term fix that only displays the
*new* attributes that go into the cert...
Means just moving the
for (i=0; i<X509_NAME_entry_count(name); i++) loop starting
in line 1480 down after policy stuff had been checked
(just before the "if(preserve)" clause...)
BTW Shouldn't the person approving signature wonder what this
unique id is there?
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 Holger.Reif@SmartRing.de
D-99091 Erfurt WWW.SmartRing.de
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic