From: Bear Giles <[EMAIL PROTECTED]> bear> What I'm ultimately trying to support is database functions to bear> convert between tables and X.509 subjects. I expect this will bear> be a set of functions like: bear> bear> x509name_set_field_string (x509name *name, text *field, text *value, bear> int *pos);
What about the following functions (found in asn1.h)? ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsignedchar *in, int inlen, int inform, int nid); ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask, unsigned long flags) void ASN1_STRING_TABLE_cleanup(void); The first of them seems to do what you want to do (but you will have to give it the field value in form of a NID, which you can get with OBJ_txt2nid()). bear> As for domainComponent in particular, the RFC clearly limits it bear> to 64 octets, and the DNS system has component limits of either bear> 64 or 128 octets. So in this particular case a limit is bear> appropriate. More generally, if the RFC limits the size of any bear> NID, the code should probably enforce it. I couldn't agree more. If I remember this evening, I'll check through RFC2459 (and others, if someone makes suggestions) and insert the limits I find. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-733-72 88 11 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Software Engineer, GemPlus: http://www.gemplus.com/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]