If the email address is moved from the subject to the subject alternate name,

the subject in the certificate would differ from the subject in the index file,
which has quite bad concequences.
PR: 180

diff --git a/apps/ca.c b/apps/ca.c
index cbb1a0529355094d014f8b5e7832ee6496f278d6..ad02e0072b98718f3d64ea3113707c021a0fe875 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2094,9 +2094,8 @@ again2:
                        }
                }
 
-       row[DB_name]=X509_NAME_oneline(dn_subject,NULL,0);
        row[DB_serial]=BN_bn2hex(serial);
-       if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+       if (row[DB_serial] == NULL)
                {
                BIO_printf(bio_err,"Memory allocation failure\n");
                goto err;
@@ -2319,10 +2318,10 @@ again2:
 
        /* row[DB_serial] done already */
        row[DB_file]=(char *)OPENSSL_malloc(8);
-       /* row[DB_name] done already */
+       row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
 
        if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
-               (row[DB_file] == NULL))
+               (row[DB_file] == NULL) || (row[DB_name] == NULL))
                {
                BIO_printf(bio_err,"Memory allocation failure\n");
                goto err;