There's no way to replace an OpenSSL::X509::Name entry. #94
Comments
evilsocket
changed the title
|
I'm afraid a method like dn = OpenSSL::X509::Certificate.new(File.read("/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem")).subject
pp dn.to_a #=>
[["C", "US", 19],
["O", "VeriSign, Inc.", 19],
["OU", "VeriSign Trust Network", 19],
["OU", "(c) 2006 VeriSign, Inc. - For authorized use only", 19],
["CN", "VeriSign Class 3 Public Primary Certification Authority - G5", 19]]
dn.replace_entry("OU", "Test Unit") # which existing OU attribute will be replaced?If you don't care about multi-valued RDN, you can convert into an array by |
|
what about an optional "index" parameter (default to -1 as in the current implementation) for the add_entry method? |
|
The ability to specify the position to insert would be a good addition for completeness. I'll do this for the next version. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Given a
OpenSSL::X509::Nameobject, there's only anadd_entrymethod to manipulate its entries, but this method will always append due to the-1argument specified here.If the object already contains an entry with the specified name, the method should instead find its index and replace it, otherwise the new appended entry won't be visible from browsers for instance, as they only get the first entry with a given name.
Ideally, a new
set_entryorreplace_entrymethod would be needed.Ref. to the issue where this behaviour was highlighted this.
The text was updated successfully, but these errors were encountered: