Kiyoshi Watanabe wrote: > > Dear All, > > I am writing a code to add my private extension. For the extesion id, > where I should look at and add it? Each standard extension has the id > like NID_basic_constraints. > > If I want to write this, > ex = X509V3_EXT_conf_nid(NULL, NULL,NID_my_private_extensin, > "My Test Extension"); > > Which file I need to add my id? Or any temporaril function to add it ? > > Sorry if this question is asked many times. >
It has been asked a few times. The apparent simplicity of the high level API hides a lot of things going on under the hood. The actual string you pass to X509V3_EXT_conf_nid is translated to a C structure by one function then the DER encoded extension by another. If you just want a simple string extension then you can create an "alias" which is effetively saying an extension is identical to another except it has a different object ID. The nid you create corresponds to an ASN1 OBJECT IDENTIFIER which can be dynamically created with OBJ_create(). There's some info in doc/openssl.txt but some of it has been changed with the new ASN1 code. The d2i/i2d/free/new functions have been superseded by an ASN1_ITEM structure. In outline for a simple string you'd create a NID with OBJ_create() and and alias using X509V3_EXT_add_alias(). A suitable string extension to use as an alias is NID_netscape_comment. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]