Erwann ABALEA wrote:
>
>
> Here they are. You'll find 2 SET root CA certificates, I don't exactly
> know which one is really used by the SET world.
>
That certificate also contains a PKIX extension that I wanted to support
at some point but I didn't have a sample: thanks!
> I just tried the modifications I just talked about, and I still have the
> same result. First of all, the perl script seems to have a bug with
> leading 0s, because I have to modify the resulting obj_dat.h, adding a
> 0x00, a length count on another line, and eventually an offset for the
> OIDs defined after this one.
>
> Even with this modification, I still see the OID instead of the
> corresponding LN (2.23.42.7.0, instead of "X509v3 SET Hashed Root Key").
>
Heres a preliminary conclusion. The perl script does have a bug which
I'm still investigating. I'll give more info when I have a fix.
It is possible however to add the object dynamically with OBJ_create and
it has no problems.
If you manually want to fix up the obj_dat.h file then this will work
also. Since the file contains offsets into the lvalues array if you
insert the extra '0' anywhere but the end then you'll break it. What you
also need to do is modify the nid_objs array. The fourth value (before
the &(lvalues[xxx]) stuff) is a length parameter so you will need to
increase that to account for the extra zero. With this modifcation the
new OID is now recognised. This doesn't help much but at least it shows
that its only the perl script at fault.
Steve.
--
Dr Stephen N. Henson. UK based freelance Cryptographic Consultant.
For info see homepage at http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED]
NOTE NEW (13/12/98) PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
