>Currently V3 extension support is almost absent.
We've done almost all of what you're suggesting:
typedef struct x509_extension_method_st
{
int nid;
void (*clear)();
int (*get_bool)(); // used if extn is ASN1_BIT_STRING
int (*set_bool)();
int (*get_str)(); // used if extn is ASN1_STRING or array of them
int (*set_str)();
char *(*get_struct)(); // used if extn is constructed type
int (*set_struct)();
ASN1_OCTET_STRING *(*a2i)();
int (*i2a)();
} X509_EXTENSION_METHOD;
We've integrated this into the X509 code (i.e., for Certs and CRL's), as
well as
the req and ca apps. For example, here's a snippet from a config file:
[ gto_root_extensions ]
keyUsage = critical|nonRepudiation|digitalSignature|keyCertSign
certificatePolicies =
critical,2.16.840.1.113731.99999.2.1,cps,http://www.gto.com/cps
basicConstraints = critical,TRUE
authorityInfoAccess = id-ad-ocspResponder,http://www.gto.com/ocspv1
(We've got a good chunk, but not all, of the PKIX extensions implemented.)
We'd love to see this code adopted by the project. We've held back from
being public
before because we were waiting to hear back from Eric -- we wanted to avoid
version
and architecture skew. But since things are open right now...
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]