artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7e5cfbe) | patch
Disallow issuer and subject unique identifiers
authorjob <job@openbsd.org>
Sat, 15 Apr 2023 00:39:08 +0000 (00:39 +0000)
committerjob <job@openbsd.org>
Sat, 15 Apr 2023 00:39:08 +0000 (00:39 +0000)
commit4cf8d64cecce96df17fa5ad4a396e5ea88ad9b1f
treebf5169442d97920b3dceebeccbc32e01681c3a2etree | snapshot
parent7e5cfbef7d2d3b664889e482cdaace656879fe58commit | diff
Disallow issuer and subject unique identifiers

In 1992, the ITU-T - through X.509 version 2 - introduced subject and
issuer unique identifier fields to handle the possibility of reuse
of subject and/or issuer names over time. However, the standing
recommendation is that names not be reused for different entities and
that Internet certificates not make use of unique identifiers.
Conforming RPKI CAs will never issue certificates with unique identifiers.

OK tb@ claudio@
usr.sbin/rpki-client/cert.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim