RE: Question on Extensions

Jamshid Shoghli Thu, 11 Jan 2001 12:27:52 -0800
I am new to open-ssl. If I hack my own function to encode otherName and
return an X509_EXTENSION, how could I put this into the certificate? How
does X509V3_EXT_i2d do it?

Thanks, jim

> -----Original Message-----
> From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 10, 2001 5:53 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Question on Extensions
> 
> 
> Jamshid Shoghli wrote:
> > 
> > Hi,
> > I have a simple question. If I want to add the 
> subjectAltName extension to a
> > certificate, what would be the last parameter for the call:
> > 
> > ex = X509V3_EXT_conf_nid(NULL, NULL, NID_subject_alt_name, ????);
> > 
> > Within the otherName, I want to put a specific OID and an 
> asn.1 sequence
> > (not just a string). Are there any examples around?
> > 
> 
> Well you can't use that function then because the ASCII form of
> subjectAltName doesn't support otherName.
> 
> What you need to do is to use the X509V3_EXT_i2d() function 
> and manually
> fill in the structure. Unfortunately this means working out or
> generating the encoding and adding this to an ASN1_TYPE stucture.
> 
> You could write some ASN1 code in OpenSSL to generate the encoding but
> that's likely to be painful to do for anything but the simplest
> structures. Even if you do do that it will be obsolete by 
> OpenSSL 0.9.7
> because the whole ASN1 code has been rewritten partially because this
> kind of thing is so painful to do...
> 
> Steve.
> -- 
> Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED] 
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the   OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: Question on Extensions

Reply via email to
