With this patch, instead of the subjectAltName getting
"othername:unsupported" it will be something like
"othername:UPN<[EMAIL PROTECTED]"
Nice when working with ceritifcates from CAC cards.
--- openssl-0.9.8d.orig/crypto/x509v3/v3_alt.c 2005-07-26 16:55:17.000000000
-0400
+++ openssl-0.9.8d/crypto/x509v3/v3_alt.c 2006-10-18 15:32:03.896938824
-0400
@@ -106,7 +106,31 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X
switch (gen->type)
{
case GEN_OTHERNAME:
- X509V3_add_value("othername","<unsupported>", &ret);
+ if (NID_ms_upn == OBJ_obj2nid(gen->d.otherName->type_id))
+ {
+ // i2t_ASN1_OBJECT(oline, 256, gen->d.otherName->type_id);
+ if (gen->d.otherName->value->type == V_ASN1_UTF8STRING)
+ {
+ if (gen->d.otherName->value->value.utf8string->length < 255)
+ {
+
sprintf(&oline[0],"UPN<%s>",gen->d.otherName->value->value.utf8string->data);
+ }
+ else
+ {
+ strcpy(oline,"UPN undisplayable");
+ }
+ //printf("%s <%s>",oline,pFoo->value.utf8string->data);
+ }
+ else
+ {
+ strcpy(&oline[0],"UPN value not UTF8");
+ }
+ }
+ else
+ {
+ strcpy(&oline[0],"<unsupported>");
+ }
+ X509V3_add_value("othername",oline, &ret);
break;
case GEN_X400:
@@ -175,7 +199,21 @@ int GENERAL_NAME_print(BIO *out, GENERAL
switch (gen->type)
{
case GEN_OTHERNAME:
+ if (NID_ms_upn == OBJ_obj2nid(gen->d.otherName->type_id))
+ {
+ if (gen->d.otherName->value->type == V_ASN1_UTF8STRING)
+ {
+
BIO_printf(out,"othername:UPN<%s>",gen->d.otherName->value->value.utf8string->data);
+ }
+ else
+ {
+ BIO_printf(out,"othername:UPN value not UTF8");
+ }
+ }
+ else
+ {
BIO_printf(out, "othername:<unsupported>");
+ }
break;
case GEN_X400:
