On Sat, 25 Oct 2003 [EMAIL PROTECTED] wrote: I'm sorry this has taken so long, but the "rt" tab on the home page had escaped my notice, so I didn't know where to send the change. :-)
> I'm working on a project that is using X509 certs for custom uses. As a > part of this, I've experimented with teaching openssl about new OIDs, and > about new X509 extensions. I've found out some stuff I'd like to share. [snip] > Second, I have written a simple module, like the ASN.1 oid module, that > will load extension aliases. It's a config file interface for > X509V3_EXT_add_alias(), and takes a section with entries as: > > name_needing_extension_method = extension_name_to_alias > > or: > > wasabi_extension = nsBaseUrl > > to give the "wasabi_extension" OID the same extension method as nsBaseUrl. Attached please find the diff of my work on this. I am interested in adjusting the diff if necessary to help get it merged into OpenSSL. The diff has been lightly edited to remove internal CVS tags that I added to our copy of these files but which I don't expect OpenSSL to want. Known deficiencies: 1) No documentation changes 2) No error handling. I do not know how the error code infrastructure works, so I was not able to add return codes for errors in this routine. Also, I'm working in a project where we cvs import OpenSSL releases. If I were to regenerate the error includes files, our source administrator would hate me. 3) I don't know what ASN1 types the different extensions use, and thus what this change would let new extensions ues. It would be nice if the "common" ASN1 types were available for extensions to grab onto. Like V_ASN1_INTEGER, V_ASN1_OBJECT (I think), V_ASN1_UTF8STRING, and ASN1_GENERALIZEDTIME. And probalby more. I'd be happy to help code extension code for these guys, but I might get lost in some of the twists & turns of the different libraries. Mainly I'm a bit confused by all the different i2d, i2a, i2s, i2r, and such. Thoughts? Take care, Bill ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
