Emmanuel Dreyfus wrote:
Howard Chu hyc@symas.com wrote:
Though I suspect that in the 7 or so years that OpenLDAP has supported OpenSSL, many people have been confronted with this problem, read the docs, and implemented the solution and moved on to the next thing, without any fuss.
I am not sure I'm the only one that have the feeling he has lost too many time to bring the parts together for a recurrent usage that could have been better documented. Feedback from other users would be interesting.
It may just mean there is a language barrier, something that would better be served by a translation of OpenSSL docs into French.
So in your opinion, I'm basically compaining because I can't read english? This is getting rude. :-/
It seems to me that you cannot read what is plainly in front of your face, for whatever reason. The fact that you can use environment variables to augment the OpenSSL configuration file is clearly documented at the top of the OpenSSL config(5) manual page. The use of "subjectAltName" has multiple examples in the default openssl.cnf file that is bundled with every OpenSSL release. The meaning of the word "alternative" in subjectAlternativeName is plain English, and again even the OpenLDAP Admin Guide says "Additional alias names and wildcards may be present in the subjectAltName certificate extension." The FAQ-o-Matic is pretty explicit too.
http://www.openldap.org/doc/admin23/tls.html#TLS%20Certificates http://www.openldap.org/faq/index.cgi?file=185
Yet despite all the work you've put into this you've missed all of these very obvious things.
Your initial assertion that the documentation for this topic is hidden or unavailable is clearly wrong. You assertion that it is in general difficult to understand doesn't seem well supported either; googling for "subjectaltname openldap" returns hundreds of hits. So it falls to just the fact that you had a hard time understanding it.