summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/random.3
diff options
context:
space:
mode:
authortb <>2025-07-01 06:46:39 +0000
committertb <>2025-07-01 06:46:39 +0000
commit9503d6ced5738f84fb45b1da3bdb9db4f7db4fc3 (patch)
tree6feef260a9528776ed1649d160bffbd99a8e3ad0 /src/lib/libc/stdlib/random.3
parentb4547e972ef9a339486e56625399a1d7a9fa22e5 (diff)
downloadopenbsd-9503d6ced5738f84fb45b1da3bdb9db4f7db4fc3.tar.gz
openbsd-9503d6ced5738f84fb45b1da3bdb9db4f7db4fc3.tar.bz2
openbsd-9503d6ced5738f84fb45b1da3bdb9db4f7db4fc3.zip
X509_print: emit UIDs unless X509_FLAG_NO_IDS is set
issuerUID and subjectUID are a curiosity introduced in X.509v2 before extensions were a thing. Their purpose is to help distinguishing certs with identical subject. They are rarely used and are MUST NOT use in the CA/BF baseline requirements. They do occasionally show up in test certificates and it is confusing that openssl x509 silently ignores them. Their encoding also makes them relatively hard to spot in the output of asn1 parsing tools. The output is identical to OpenSSL < 3 and BoringSSL, but due to some weird tweaks added leading up to OpenSSL 3 their output is no longer compatible with that. It is not entirely correct anyway. Since it is a (not further specified) bit string, you shouldn't be ignoring its unused bits... The X509_FLAG_NO_IDS flag has no effect for CSRs. discussed with beck ok job kenjiro (on an earlier version)
Diffstat (limited to 'src/lib/libc/stdlib/random.3')
0 files changed, 0 insertions, 0 deletions