for (i = 0; i < num; i++) {
cnf = sk_CONF_VALUE_value(nval, i);
- if (!ossl_v3_name_cmp(cnf->name, "email")
+ if (ossl_v3_name_cmp(cnf->name, "email") == 0
&& cnf->value && strcmp(cnf->value, "copy") == 0) {
if (!copy_email(ctx, gens, 0))
goto err;
- } else if (!ossl_v3_name_cmp(cnf->name, "email")
+ } else if (ossl_v3_name_cmp(cnf->name, "email") == 0
&& cnf->value && strcmp(cnf->value, "move") == 0) {
if (!copy_email(ctx, gens, 1))
goto err;
return 0;
}
/* Find the subject name */
- if (ctx->subject_cert)
- nm = X509_get_subject_name(ctx->subject_cert);
- else
- nm = X509_REQ_get_subject_name(ctx->subject_req);
+ nm = ctx->subject_cert != NULL ?
+ X509_get_subject_name(ctx->subject_cert) :
+ X509_REQ_get_subject_name(ctx->subject_req);
/* Now add any email address(es) to STACK */
while ((i = X509_NAME_get_index_by_NID(nm,
certification request, or certificate revocation list, respectively.
When constructing the subject key identifier of a certificate by computing a
hash value of its public key, the public key is taken from I<subject> or I<req>.
+Similarly, when constructing subject alternative names from any email addresses
+contained in a subject DN, the subject DN is taken from I<subject> or I<req>.
If I<subject> or I<crl> is provided, I<issuer> should point to its issuer,
for instance to help generating an authority key identifier extension.
Note that if I<subject> is provided, I<issuer> may be the same as I<subject>,
and B<otherName>.
The syntax of each is described in the following paragraphs.
-The B<email> option has a special C<copy> value, which will automatically
-include any email addresses contained in the certificate subject name in
-the extension.
+The B<email> option has two special values.
+C<copy> will automatically include any email addresses
+contained in the certificate subject name in the extension.
+C<move> will automatically move any email addresses
+from the certificate subject name to the extension.
The IP address used in the B<IP> option can be in either IPv4 or IPv6 format.