From: Dmitry Belyavskiy Date: Wed, 21 Aug 2019 15:36:10 +0000 (+0300) Subject: RFC 8398: documentation X-Git-Tag: openssl-3.0.0-alpha7~478 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a0188e284e4a34d4e03eeaa4f09a97ed787a848b;p=thirdparty%2Fopenssl.git RFC 8398: documentation Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9654) --- diff --git a/doc/man3/X509_check_host.pod b/doc/man3/X509_check_host.pod index b541901c005..23476a81dfd 100644 --- a/doc/man3/X509_check_host.pod +++ b/doc/man3/X509_check_host.pod @@ -48,9 +48,13 @@ is responsible for freeing the peername via OPENSSL_free() when it is no longer needed. X509_check_email() checks if the certificate matches the specified -email B
. Only the mailbox syntax of RFC 822 is supported, +email B
. The mailbox syntax of RFC 822 is supported, comments are not allowed, and no attempt is made to normalize quoted -characters. The B argument must be the number of +characters. The mailbox syntax of RFC 6531 is supported for +SmtpUTF8Mailbox address in subjectAltName according to RFC 8398, +with similar limitations as for RFC 822 syntax, and no attempt +is made to convert from A-label to U-label before comparison. +The B argument must be the number of characters in the address string or zero in which case the length is calculated with strlen(B
). diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod index a16f862bae0..c2dfac1acf6 100644 --- a/doc/man5/x509v3_config.pod +++ b/doc/man5/x509v3_config.pod @@ -241,6 +241,15 @@ Examples: OU = My Unit CN = My Name +Non-ASCII Email Address conforming the syntax defined in Section 3.3 of RFC 6531 +are provided as otherName.SmtpUTF8Mailbox. According to RFC 8398, the email +address should be provided as UTF8String. To enforce the valid representation in +the certificate, the SmtpUTF8Mailbox should be provided as follows + + subjectAltName=@alts + [alts] + otherName = 1.3.6.1.5.5.7.8.9;FORMAT:UTF8,UTF8String:医生@大学.example.com + =head2 Issuer Alternative Name This extension supports most of the options of subject alternative name;