Eliot Lear <[email protected]> wrote: > I have no objection. My only caution is that otherName is poorly > supported in the open source tool sets, but that is something we could > conceivably work on.
I disagree!
otherName is adequately supported (if poorly documented) in openssl.cnf for our
purposes.
Creating otherName SAN extensions from library interface is fully supported.
The openssl x509 -text output program does not know how to format arbitrary
otherName text, so it just says <unsupported>.
Here is an proprietary otherName that I created awhile ago, implemented in ruby:
# the OID: 1.3.6.1.4.1.46930.1 is a Private Enterprise Number OID:
# iso.org.dod.internet.private.enterprise . SANDELMAN=46930 . 1
@idevid.add_extension(extension_factory.create_extension(
"subjectAltName",
sprintf("otherName:1.3.6.1.4.1.46930.1;UTF8:%s",
self.sanitized_eui64),
false))
The hardest part was figuring out the ";UTF8:" part, as I had to read the C
code underneath to learn how that worked.
(false, is I think, whether it is critical)
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
