From 17e2c77a7747981cc2470749b5e02b981df72188 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Lutz=20J=C3=A4nicke?= Date: Mon, 29 Apr 2002 16:01:41 +0000 Subject: [PATCH] Add information about -nameopt option for x509. --- FAQ | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/FAQ b/FAQ index 1932f72433..8b53581c5a 100644 --- a/FAQ +++ b/FAQ @@ -29,6 +29,7 @@ OpenSSL - Frequently Asked Questions * Why can't I use OpenSSL certificates with SSL client authentication? * Why does my browser give a warning about a mismatched hostname? * How do I install a CA certificate into a browser? +* Why is OpenSSL x509 DN output not conformant to RFC2253? [BUILD] Questions about building and testing OpenSSL @@ -343,6 +344,13 @@ DO NOT DO THIS! This command will give away your CAs private key and reduces its security to zero: allowing anyone to forge certificates in whatever name they choose. +* Why is OpenSSL x509 DN output not conformant to RFC2253? + +The ways to print out the oneline format of the DN (Distinguished Name) have +been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex() +interface, the "-nameopt" option could be introduded. See the manual +page of the "openssl x509" commandline tool for details. The old behaviour +has however been left as default for the sake of compatibility. [BUILD] ======================================================================= -- 2.25.1