Emmanuel Dreyfus wrote:
Howard Chu <hyc(a)symas.com> wrote:
> Though I suspect that in the 7
> or so years that OpenLDAP has supported OpenSSL, many people have been
> confronted with this problem, read the docs, and implemented the solution and
> moved on to the next thing, without any fuss.
I am not sure I'm the only one that have the feeling he has lost too
many time to bring the parts together for a recurrent usage that could
have been better documented. Feedback from other users would be
interesting.
> It may just mean there is a language barrier, something that would better be
> served by a translation of OpenSSL docs into French.
So in your opinion, I'm basically compaining because I can't read
english? This is getting rude. :-/
It seems to me that you cannot read what is plainly in front of your face, for
whatever reason. The fact that you can use environment variables to augment the
OpenSSL configuration file is clearly documented at the top of the OpenSSL
config(5) manual page. The use of "subjectAltName" has multiple examples in the
default openssl.cnf file that is bundled with every OpenSSL release. The
meaning of the word "alternative" in subjectAlternativeName is plain English,
and again even the OpenLDAP Admin Guide says "Additional alias names and
wildcards may be present in the subjectAltName certificate extension." The
FAQ-o-Matic is pretty explicit too.
http://www.openldap.org/doc/admin23/tls.html#TLS%20Certificates
http://www.openldap.org/faq/index.cgi?file=185
Yet despite all the work you've put into this you've missed all of these very
obvious things.
Your initial assertion that the documentation for this topic is hidden or
unavailable is clearly wrong. You assertion that it is in general difficult to
understand doesn't seem well supported either; googling for "subjectaltname
openldap" returns hundreds of hits. So it falls to just the fact that you had a
hard time understanding it.
--
-- Howard Chu
Chief Architect, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
http://www.openldap.org/project/