problems with X.509 certs + KDE 3.1 + KMail ??

Bernhard Reiter bernhard@intevation.de
Fri Feb 7 17:00:02 2003 

--gw4vLALk08fVJy3V
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

There are several options to openssl.
It really is complex and I'm not an expert.


On Wed, Feb 05, 2003 at 06:33:22PM +0100, Zdenek Pizl wrote:
> Some thing are strange. I can verify an email signed by my coleauge,=20
> but with "Warning: No mail address is stored in the certificate
> used for signing, so we cannot compare it to the sender's address
> <user@systinet.com>"
>=20
> The certificate has been signed (as KMail that I'm using said) by:
> "Message was signed by CN=3DCommon User,L=3DCambridge,ST=3DMassachusetts,=
OU=3DNetworks,O=3DSystinet,C=3DUS,(EMail=3Duser@systinet.com) with key 0x56=
1A409FD99593A3."
> It is strange because I see the email there :)
>=20

This is fine:

The SPHINX specification (and others)
requires the e-mail-address to be in the extention like
            X509v3 Subject Alternative Name:=20
                email:bernhard@intevation.de

Modern openssl version can create this,
my openssl.conf contains sections like:
	# This stuff is for subjectAltName and issuerAltname.
	# Import the email address.
	#subjectAltName=3Demail:move
	# An alternative to produce certificates that aren't
	# deprecated according to PKIX.

	subjectAltName=3Demail:intevation@intevation.de,URI:http://intevation.net
	issuerAltName=3Demail:intevation@intevation.de,URI:http://intevation.net


> Oh yes, another message found on log console:
> "gpgmeplug isEmailInCertificate called with parameter FINGERPRINT being E=
MPTY".

I'm not entirely sure about this one.

> Could you help me to solve this? When I asked how was the certificate cre=
ated,
> the answer was "by openSSL" ...

You probably have to dig into the PKIX specs=20
and then ask on the openssl list on how to create these best.

--gw4vLALk08fVJy3V
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE+Q9gih9ag3dpKERYRAnQpAJ0V8e6FdrsaH9FCDnxwPMYGfodjXwCgo3Y5
+ccFmv5cI7+GUKNkzoPzSHA=
=Y3Rw
-----END PGP SIGNATURE-----

--gw4vLALk08fVJy3V--