diff options
author | Matt Caswell <matt@openssl.org> | 2018-02-23 19:48:11 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-03-15 12:51:34 +0000 |
commit | 5af88441f4fb1951a0672c0c0e1979cd44acdb69 (patch) | |
tree | d88e289dfd03f3d3c8ca1fc6134e0303f1d196f7 /doc | |
parent | 2cedf79474ebc7bf910980f397decfaddec7122b (diff) |
Allow multiple entries without a Subject even if unique_subject == yes
It is quite likely for there to be multiple certificates with empty
subjects, which are still distinct because of subjectAltName. Therefore
we allow multiple certificates with an empty Subject even if
unique_subject is set to yes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5444)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/ca.pod | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod index 9c5af4a891..c09f98e96f 100644 --- a/doc/man1/ca.pod +++ b/doc/man1/ca.pod @@ -469,6 +469,10 @@ versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value B<no>, especially if combined with the B<-selfsign> command line option. +Note that it is valid in some circumstances for certificates to be created +without any subject. In the case where there are multiple certificates without +subjects this does not count as a duplicate. + =item B<serial> A text file containing the next serial number to use in hex. Mandatory. |