Re: [openssl-users] Displaying subjectAtlName othername content
On 14/08/2017 21:38, Robert Moskowitz wrote: On 08/14/2017 03:28 PM, Jakob Bohm wrote: On 14/08/2017 20:55, Robert Moskowitz wrote: On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote: ➢ Is there anyway to display the basic ASN.1 structure here so I can see what was stored in the cert? openssl asn1parse Humpf. I looked at that a few times and did not see the obvious. Sigh. So some progress. using -i and got: 573:d=5 hl=2 l= 3 prim: OBJECT:X509v3 Subject Alternative Name 578:d=5 hl=2 l= 29 prim: OCTET STRING [HEX DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304 Added -strparse 578 and got: 0:d=0 hl=2 l= 27 cons: SEQUENCE 2:d=1 hl=2 l= 25 cons: cont [ 0 ] 4:d=2 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.8.4 14:d=2 hl=2 l= 13 cons: cont [ 0 ] 16:d=3 hl=2 l= 11 cons:SEQUENCE 18:d=4 hl=2 l= 3 prim: OBJECT:1.2.3.4 23:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:01020304 Since I don't know that SubjectAltName content will always start at 578, I have to do the asn1parse in two steps. It is a start... Try using dumpasn1.c by Peter Gutmann instead, it has nicer output and automatically descends into these structures. However it requires that you convert from Base64 to binary before calling it. And build your own version of openssl! I am too far behind on this and other work to invest more time building my own modules. Sigh. Thanks, though. Perhaps get to it later. dumpasn1.c is a useful ready-to-use tool that just needs a trivial compile from a single file to a program for your computer type. It has saved me a lot of time over the years. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Displaying subjectAtlName othername content
On 08/14/2017 03:28 PM, Jakob Bohm wrote: On 14/08/2017 20:55, Robert Moskowitz wrote: On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote: ➢ Is there anyway to display the basic ASN.1 structure here so I can see what was stored in the cert? openssl asn1parse Humpf. I looked at that a few times and did not see the obvious. Sigh. So some progress. using -i and got: 573:d=5 hl=2 l= 3 prim: OBJECT:X509v3 Subject Alternative Name 578:d=5 hl=2 l= 29 prim: OCTET STRING [HEX DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304 Added -strparse 578 and got: 0:d=0 hl=2 l= 27 cons: SEQUENCE 2:d=1 hl=2 l= 25 cons: cont [ 0 ] 4:d=2 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.8.4 14:d=2 hl=2 l= 13 cons: cont [ 0 ] 16:d=3 hl=2 l= 11 cons:SEQUENCE 18:d=4 hl=2 l= 3 prim: OBJECT:1.2.3.4 23:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:01020304 Since I don't know that SubjectAltName content will always start at 578, I have to do the asn1parse in two steps. It is a start... Try using dumpasn1.c by Peter Gutmann instead, it has nicer output and automatically descends into these structures. However it requires that you convert from Base64 to binary before calling it. And build your own version of openssl! I am too far behind on this and other work to invest more time building my own modules. Sigh. Thanks, though. Perhaps get to it later. Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Displaying subjectAtlName othername content
On 14/08/2017 20:55, Robert Moskowitz wrote: On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote: ➢ Is there anyway to display the basic ASN.1 structure here so I can see what was stored in the cert? openssl asn1parse Humpf. I looked at that a few times and did not see the obvious. Sigh. So some progress. using -i and got: 573:d=5 hl=2 l= 3 prim: OBJECT:X509v3 Subject Alternative Name 578:d=5 hl=2 l= 29 prim: OCTET STRING [HEX DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304 Added -strparse 578 and got: 0:d=0 hl=2 l= 27 cons: SEQUENCE 2:d=1 hl=2 l= 25 cons: cont [ 0 ] 4:d=2 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.8.4 14:d=2 hl=2 l= 13 cons: cont [ 0 ] 16:d=3 hl=2 l= 11 cons:SEQUENCE 18:d=4 hl=2 l= 3 prim: OBJECT:1.2.3.4 23:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:01020304 Since I don't know that SubjectAltName content will always start at 578, I have to do the asn1parse in two steps. It is a start... Try using dumpasn1.c by Peter Gutmann instead, it has nicer output and automatically descends into these structures. However it requires that you convert from Base64 to binary before calling it. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Displaying subjectAtlName othername content
On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote: ➢ Is there anyway to display the basic ASN.1 structure here so I can see what was stored in the cert? openssl asn1parse Humpf. I looked at that a few times and did not see the obvious. Sigh. So some progress. using -i and got: 573:d=5 hl=2 l= 3 prim: OBJECT:X509v3 Subject Alternative Name 578:d=5 hl=2 l= 29 prim: OCTET STRING [HEX DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304 Added -strparse 578 and got: 0:d=0 hl=2 l= 27 cons: SEQUENCE 2:d=1 hl=2 l= 25 cons: cont [ 0 ] 4:d=2 hl=2 l= 8 prim: OBJECT:1.3.6.1.5.5.7.8.4 14:d=2 hl=2 l= 13 cons: cont [ 0 ] 16:d=3 hl=2 l= 11 cons:SEQUENCE 18:d=4 hl=2 l= 3 prim: OBJECT:1.2.3.4 23:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:01020304 Since I don't know that SubjectAltName content will always start at 578, I have to do the asn1parse in two steps. It is a start... Again, Thanks Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Displaying subjectAtlName othername content
➢ Is there anyway to display the basic ASN.1 structure here so I can see what was stored in the cert? openssl asn1parse -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
