If the email address is moved from the subject to the subject alternate name,

the subject in the certificate would differ from the subject in the index file,
which has quite bad concequences.
PR: 180

diff --git a/apps/ca.c b/apps/ca.c
index 322956de57103012605acbd49a6e7e75fbe732e3..f97910b89f43964c648877a8264ec77a31e13211 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2089,9 +2089,8 @@ again2:
                        }
                }
 
-       row[DB_name]=X509_NAME_oneline(dn_subject,NULL,0);
        row[DB_serial]=BN_bn2hex(serial);
-       if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+       if (row[DB_serial] == NULL)
                {
                BIO_printf(bio_err,"Memory allocation failure\n");
                goto err;
@@ -2304,10 +2303,10 @@ again2:
 
        /* row[DB_serial] done already */
        row[DB_file]=(char *)OPENSSL_malloc(8);
-       /* row[DB_name] done already */
+       row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
 
        if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
-               (row[DB_file] == NULL))
+               (row[DB_file] == NULL) || (row[DB_name] == NULL))
                {
                BIO_printf(bio_err,"Memory allocation failure\n");
                goto err;