Use the right OID and type for `CountryName` RDN in RDN sequence.

oxidecomputer / pki-playground

Tool for generating non-trivial X.509 certificate chains

Mozilla Public License 2.0

29 stars 2 forks source link

Use the right OID and type for `CountryName` RDN in RDN sequence. #100

Closed flihp closed 6 months ago

flihp commented 6 months ago

this resolves #99

flihp commented 6 months ago

My eyes scanned over this error in openssl x509 text output so many times ... C= and CN= is only one character different. And openssl verify will gladly accept 'RDNSequences` w/ duplicate attributes so long as they match their parent. I only found this after writing the verification code by hand :sweat_smile:.