Hi Martin, thanks for your suggestion :) After writing the email, I think that I found the correct way to do it. By using the following:
ASN1_ITEM_TEMPLATE(CRMF_REQ) =
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, requests,
CRMF_CERT_REQ_MESSAGE)
ASN1_ITEM_TEMPLATE_END(CRMF_REQ)
I still can not load the request issued by NSS browser. Can you load it ? Do you
know what the format is ? I attach it to this email. I definitely do not
understand
what happens. In detail:
0-The ASN1 dump is as follows:
0:d=0 hl=4 l= 477 cons: SEQUENCE
4:d=1 hl=4 l= 473 cons: SEQUENCE
8:d=2 hl=4 l= 407 cons: SEQUENCE
12:d=3 hl=2 l= 4 prim: INTEGER :4D7A150A
18:d=3 hl=4 l= 355 cons: SEQUENCE
22:d=4 hl=2 l= 1 prim: cont [ 0 ]
25:d=4 hl=2 l= 89 cons: cont [ 5 ]
27:d=5 hl=2 l= 87 cons: SEQUENCE
[...]
116:d=4 hl=3 l= 240 cons: cont [ 6 ]
119:d=5 hl=3 l= 168 cons: SEQUENCE
122:d=6 hl=2 l= 7 prim: OBJECT :dsaEncryption
131:d=6 hl=3 l= 156 cons: SEQUENCE
[...]
359:d=4 hl=2 l= 16 cons: cont [ 9 ]
361:d=5 hl=2 l= 14 cons: SEQUENCE
363:d=6 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
368:d=6 hl=2 l= 1 prim: BOOLEAN :255
371:d=6 hl=2 l= 4 prim: OCTET STRING
[...]
419:d=2 hl=2 l= 60 cons: cont [ 1 ]
421:d=3 hl=2 l= 9 cons: SEQUENCE
423:d=4 hl=2 l= 7 prim: OBJECT :dsaWithSHA1
432:d=3 hl=2 l= 47 prim: BIT STRING
2-There should be an INTEGER (certReqId) and a CertTemplate, but then if
this is the case what heck is the prim [0] (which I suppose should be
the serial number) empty (at 22) ?
3-Than the later [5] (at 25) is, correctly, a Name, I suppose. Is this
a valid coding ? Am I totally wrong ?
Instead of parsing the Name as the subject, my program interprets it as
issuer (should be tagged as [3]), and I get the following error:
2896:error:0D0780AA:asn1 encoding routines:ASN1_ITEM_EX_D2I:illegal options on item
template:tasn_dec.c:192:Type=X509_NAME_INTERNAL
2896:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:tasn_dec.c:737:Field=issuer, Type=CERT_TEMPLATE
2896:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:tasn_dec.c:751:Field=certTemplate, Type=CRMF_CERT_REQUEST
2896:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:tasn_dec.c:751:Field=certReq, Type=CRMF_CERT_REQ_MESSAGE
2896:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:tasn_dec.c:712:
2896:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: Any idea here ? Later, Max Martin Peylo wrote:
Hi Massimiliano,
I don't know if that's the best solution, but it worked for me that way:
in crmf.h:
typedef struct crmf_certreqmsg_st
{
»·······CRMF_CERTREQUEST *certReq;
»·······CRMF_PROOFOFPOSSESION *popo; /* 0 */
»·······CRMF_ATTRIBUTETYPEANDVALUE *regInfo; /* 1 */
} CRMF_CERTREQMSG;
DECLARE_ASN1_FUNCTIONS(CRMF_CERTREQMSG)
DECLARE_STACK_OF(CRMF_CERTREQMSG) /* CertReqMessages */
DECLARE_ASN1_SET_OF(CRMF_CERTREQMSG) /* CertReqMessages */
in crmf_asn.c:
ASN1_SEQUENCE(CRMF_CERTREQMSG) = {
»·······ASN1_SIMPLE(CRMF_CERTREQMSG, certReq, CRMF_CERTREQUEST),
»·······ASN1_IMP_OPT(CRMF_CERTREQMSG, popo, CRMF_PROOFOFPOSSESION, 0),
»·······ASN1_IMP_SEQUENCE_OF_OPT(CRMF_CERTREQMSG, regInfo,
CRMF_ATTRIBUTETYPEANDVALUE, 1)
} ASN1_SEQUENCE_END(CRMF_CERTREQMSG)
IMPLEMENT_ASN1_FUNCTIONS(CRMF_CERTREQMSG)
I needed it for CMP. In order to use the "CertReqMessages", I am doing:
In cmp.h:
typedef struct cmp_pkibody_st
{
»·······int type;
»·······union{
»·······»·······STACK_OF(CRMF_CERTREQMSG) *ir; /* 0 */
...
In cmp_asn.c:
ASN1_CHOICE(CMP_PKIBODY) = {
»·······ASN1_EXP_SEQUENCE_OF(CMP_PKIBODY, value.ir, CRMF_CERTREQMSG, 0),
...
There might be other ways to do it - the OpenSSL ASN.1 documentation
seems to be not complete - but it works fine that way.
As there are not many things to use CRMF for: what are you
implementing? Do you know my code to use CMP with OpenSSL? You can
obtain the full code including the snippets I pasted above from
<http://www.izac.de/cmp>.
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063 Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
