Make unique_subject default to "no" #5451

mattcaswell · 2018-02-23T15:22:56Z

The ca man page recommends that the "unique_subject" config parameter should be set to "no", but the default is "yes". It is set to "yes" for "compatibility with older (pre 0.9.8) versions of OpenSSL".

For 1.2.0 we should change the default.

Also see the discussion in #5444.

levitte · 2018-02-23T16:09:43Z

I would like to take this one step further; abolish unique_subject, make it always possible to have multiple instances of the same.

mattcaswell added the 1.2.0 label Feb 23, 2018

mattcaswell added this to the 1.2.0 milestone Feb 23, 2018

mattcaswell mentioned this issue Feb 23, 2018

Fix ca crash (attempt 2) #5444

Closed

richsalz modified the milestones: 1.2.0, Post 1.1.0 May 6, 2018

richsalz added after 1.1.1 and removed after 1.1.1 labels May 6, 2018

richsalz modified the milestones: Post 1.1.0, Assessed May 6, 2018

mattcaswell mentioned this issue Jun 12, 2018

Revise DSA_sign_setup() API #6464

Closed

mspncp removed the after 1.1.1 label Oct 25, 2019

t8m added branch: master Merge to master branch triaged: feature The issue/pr requests/adds a feature labels Jun 21, 2021

t8m modified the milestones: Assessed, Post 3.0.0 Jun 21, 2021

tobhe mentioned this issue Nov 17, 2023

ikectl should safely handle existing certificates openiked/openiked-portable#125

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make unique_subject default to "no" #5451

Make unique_subject default to "no" #5451

mattcaswell commented Feb 23, 2018 •

edited by levitte

levitte commented Feb 23, 2018

Make unique_subject default to "no" #5451

Make unique_subject default to "no" #5451

Comments

mattcaswell commented Feb 23, 2018 • edited by levitte

levitte commented Feb 23, 2018

mattcaswell commented Feb 23, 2018 •

edited by levitte