Allow multiple entries without a Subject even if unique_subject == yes

It is quite likely for there to be multiple certificates with empty subjects, which are still distinct because of subjectAltName. Therefore we allow multiple certificates with an empty Subject even if unique_subject is set to yes. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5444)
author: Matt Caswell <matt@openssl.org> 2018-02-23 19:48:11 +0000
committer: Matt Caswell <matt@openssl.org> 2018-03-15 12:51:34 +0000
commit: 5af88441f4fb1951a0672c0c0e1979cd44acdb69 (patch)
tree: d88e289dfd03f3d3c8ca1fc6134e0303f1d196f7 /doc/man1
parent: 2cedf79474ebc7bf910980f397decfaddec7122b (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod
index 9c5af4a891..c09f98e96f 100644
--- a/doc/man1/ca.pod
+++ b/doc/man1/ca.pod
@@ -469,6 +469,10 @@ versions of OpenSSL.  However, to make CA certificate roll-over easier,
 it's recommended to use the value B<no>, especially if combined with
 the B<-selfsign> command line option.
 
+Note that it is valid in some circumstances for certificates to be created
+without any subject. In the case where there are multiple certificates without
+subjects this does not count as a duplicate. 
+
 =item B<serial>
 
 A text file containing the next serial number to use in hex. Mandatory.
author	Matt Caswell <matt@openssl.org>	2018-02-23 19:48:11 +0000
committer	Matt Caswell <matt@openssl.org>	2018-03-15 12:51:34 +0000
commit	5af88441f4fb1951a0672c0c0e1979cd44acdb69 (patch)
tree	d88e289dfd03f3d3c8ca1fc6134e0303f1d196f7 /doc/man1
parent	2cedf79474ebc7bf910980f397decfaddec7122b (diff)