[steve - Thu Jan 30 20:44:34 2003]: > [[EMAIL PROTECTED] - Thu Jan 30 20:06:27 2003]: > > > > > > > What do you mean the DER option in 0.9.7? Do I modify > > the IP address to DER and put it in the config file? > > > > subjectAltName=IP:DER:<DER encoding of IPv6 address> > > > > Is there some examples of doing this? > > > > I did say it wasn't particularly easy didn't I? > > You have to manually work out the encoding or use the 0.9.8 asn1parse > to > do it for you. If you *only* want one entry in subjectAltName then you > can do: > > subjectAltName=DER:87:10:00:01:02:03:04:05:06:07:08:09:0A:0B:0C:0D:0E:0F > > where you change those last 16 hex values 00-0F to whatever the IPv6 > address is. The 87:10 bit are the implicit tag 7 and length 0x10 > bytes. >
Oops, sorry that isn't correct. You need an outer SEQUENCE OF wrapper as well. The correct form is: subjectAltName=DER:30:12:87:10:00:01:02:03:04:05:06:07:08:09:0A:0B:0C:0D:0E:0F this will show up in current versions of OpenSSL as <invalid>. I'll shortly add support which will make 0.9.8-dev correctly display this and permit the more standard IPv6 formats to be used. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
