Dr Stephen Henson wrote:
>
> Erwann ABALEA wrote:
> >
> >
> > Here they are. You'll find 2 SET root CA certificates, I don't exactly
> > know which one is really used by the SET world.
> >
>
> That certificate also contains a PKIX extension that I wanted to support
> at some point but I didn't have a sample: thanks!
>
> > I just tried the modifications I just talked about, and I still have the
> > same result. First of all, the perl script seems to have a bug with
> > leading 0s, because I have to modify the resulting obj_dat.h, adding a
> > 0x00, a length count on another line, and eventually an offset for the
> > OIDs defined after this one.
> >
> > Even with this modification, I still see the OID instead of the
> > corresponding LN (2.23.42.7.0, instead of "X509v3 SET Hashed Root Key").
> >
>
> Heres a preliminary conclusion. The perl script does have a bug which
> I'm still investigating. I'll give more info when I have a fix.
>
> It is possible however to add the object dynamically with OBJ_create and
> it has no problems.
>
> If you manually want to fix up the obj_dat.h file then this will work
> also. Since the file contains offsets into the lvalues array if you
> insert the extra '0' anywhere but the end then you'll break it. What you
> also need to do is modify the nid_objs array. The fourth value (before
> the &(lvalues[xxx]) stuff) is a length parameter so you will need to
> increase that to account for the extra zero. With this modifcation the
> new OID is now recognised. This doesn't help much but at least it shows
> that its only the perl script at fault.
I think you'll find this is the fix, or at least part of it:
Index: obj_dat.pl
===================================================================
RCS file: /e/openssl/cvs/openssl/crypto/objects/obj_dat.pl,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 obj_dat.pl
--- obj_dat.pl 1998/12/21 10:52:32 1.1.1.1
+++ obj_dat.pl 1999/02/13 14:03:19
@@ -252,8 +252,9 @@
$ret.=pack("C*",$a[0]*40+$a[1]);
shift @a;
shift @a;
- while ($_=shift(@a))
+ while (defined $a[0])
{
+ $_=shift(@a);
@r=();
$t=0;
while ($_ >= 128)
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
