Re: [Openca-Users] Description Object

Wed, 30 Oct 2002 05:47:44 -0800 

Hi,

I think it is better if I don't ask who designed this specification ;-)

CALinux wrote:


The stucture of this object must be:
   Common Name=<surname>/<name>/<fiscal code>/<certs identifier by OpenCA>
All fields of common name must be codified with character set of
PrintableString
This is a problem because the serial can only be added in crypto-utils.lib during the issuing of the cert. The only way to do this is the following (in the function libIssueCertificate):

- parsing the subject
- append the serialnumber to the cn
- overwrite the subject

This is simple but I don't think that we will implement this in the normal OpenCA because there is an extra attribute for every field in this common name. An additional comment:

1. common name: 64 bytes (see RFC 2459)
2. population of italy: 58.000.000 --> >=7 bytes
3. fiscal code: 16 bytes (from example)
4. number of slashes "/": 3
------------------------------------
Names can only be 38 characters long.

I think you have a problem because you only need one russian immigrant to crash this law :)

  Description="C=<surname>/N=<name>/D=<date's birth>[/R=<job role>]
The string, result of binding of the four field, must be codified with
character set of BMPString.
This string is really simple to build. You must only escape the slashes "/". The problem is that OpenSSL masks BMPString. So If you don't modify the file crypto/asn1/a_strnid.c and don't change ASN1_STRING_TABLE tbl_standard then you only get a description as PrintableString.

Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to