summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorDmitry Belyavskiy <beldmit@gmail.com>2019-08-21 17:36:10 +0200
committerDmitry Belyavskiy <beldmit@gmail.com>2020-08-26 13:04:17 +0200
commita0188e284e4a34d4e03eeaa4f09a97ed787a848b (patch)
tree2db083aac12ea013dfe26465c0f1fd8b8b2078b3 /doc
parentAdd NID_id_on_SmtpUTF8Mailbox to table of X.509 attributes (diff)
downloadopenssl-a0188e284e4a34d4e03eeaa4f09a97ed787a848b.tar.xz
openssl-a0188e284e4a34d4e03eeaa4f09a97ed787a848b.zip
RFC 8398: documentation
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9654)
Diffstat (limited to 'doc')
-rw-r--r--doc/man3/X509_check_host.pod8
-rw-r--r--doc/man5/x509v3_config.pod9
2 files changed, 15 insertions, 2 deletions
diff --git a/doc/man3/X509_check_host.pod b/doc/man3/X509_check_host.pod
index b541901c00..23476a81df 100644
--- a/doc/man3/X509_check_host.pod
+++ b/doc/man3/X509_check_host.pod
@@ -48,9 +48,13 @@ is responsible for freeing the peername via OPENSSL_free() when it
is no longer needed.
X509_check_email() checks if the certificate matches the specified
-email B<address>. Only the mailbox syntax of RFC 822 is supported,
+email B<address>. The mailbox syntax of RFC 822 is supported,
comments are not allowed, and no attempt is made to normalize quoted
-characters. The B<addresslen> argument must be the number of
+characters. The mailbox syntax of RFC 6531 is supported for
+SmtpUTF8Mailbox address in subjectAltName according to RFC 8398,
+with similar limitations as for RFC 822 syntax, and no attempt
+is made to convert from A-label to U-label before comparison.
+The B<addresslen> argument must be the number of
characters in the address string or zero in which case the length
is calculated with strlen(B<address>).
diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod
index a16f862bae..c2dfac1acf 100644
--- a/doc/man5/x509v3_config.pod
+++ b/doc/man5/x509v3_config.pod
@@ -241,6 +241,15 @@ Examples:
OU = My Unit
CN = My Name
+Non-ASCII Email Address conforming the syntax defined in Section 3.3 of RFC 6531
+are provided as otherName.SmtpUTF8Mailbox. According to RFC 8398, the email
+address should be provided as UTF8String. To enforce the valid representation in
+the certificate, the SmtpUTF8Mailbox should be provided as follows
+
+ subjectAltName=@alts
+ [alts]
+ otherName = 1.3.6.1.5.5.7.8.9;FORMAT:UTF8,UTF8String:医生@大学.example.com
+
=head2 Issuer Alternative Name
This extension supports most of the options of subject alternative name;