From: Bear Giles <[EMAIL PROTECTED]>
bear> What I'm ultimately trying to support is database functions to
bear> convert between tables and X.509 subjects. I expect this will
bear> be a set of functions like:
bear>
bear> x509name_set_field_string (x509name *name, text *field, text *value,
bear> int *pos);
What about the following functions (found in asn1.h)?
ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsignedchar *in,
int inlen, int inform, int nid);
ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
int ASN1_STRING_TABLE_add(int nid,
long minsize, long maxsize, unsigned long mask,
unsigned long flags)
void ASN1_STRING_TABLE_cleanup(void);
The first of them seems to do what you want to do (but you will have
to give it the field value in form of a NID, which you can get with
OBJ_txt2nid()).
bear> As for domainComponent in particular, the RFC clearly limits it
bear> to 64 octets, and the DNS system has component limits of either
bear> 64 or 128 octets. So in this particular case a limit is
bear> appropriate. More generally, if the RFC limits the size of any
bear> NID, the code should probably enforce it.
I couldn't agree more. If I remember this evening, I'll check through
RFC2459 (and others, if someone makes suggestions) and insert the
limits I find.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
