"Dr. Stephen Henson" <[EMAIL PROTECTED]> writes: > > Creating a random OID is a bad idea. You should get a number assigned for your > organisation and use a subtree of that. > > See: > > http://www.iana.org/cgi-bin/enterprise.pl > > If you, for example were allocated the number 9999 you could then use any OID > starting with 1.3.6.1.4.1.9999 such as 1.3.6.1.4.1.9999.1 >
yes, that's right. i forgot to include this in the "document" and i noticed it after sending it. you had already told this to me before in a previous post. thanks! > > Adding unstructured data to an extension is a violation of the various > standards. What you need to do instead is to add an encoded structure. > > In many cases all that is wanted is a simple string. The easiest way to handle > that is to create an 'alias' to an already existing extension such as Netscape > comment which already uses a string. For example with: > > X509V3_ext_add_alias(NID_netscape_comment, new_oid); > > After this call the new oid behaves in the same way as Netscape comment and > the standard calls for extension creation can be used in doc/openssl.txt > > An alternative technique would be to make use of the mini ASN1 compiler in > OpenSSL 0.9.8, this allows the standard configuration files to be used in a > human readable syntax. For example: > > 1.3.6.1.4.1.9999.1 = ASN1:IA5String:My Extension Value > > Some people will not like the idea of using a development version of OpenSSL > in such a way so instead 0.9.8 can be used to just generate the encoding and > use that in a stable version of OpenSSL such as 0.9.7. > ok. thanks for the advice! i'll take this into account. and modify both, my code and the document. i thought, that showing how to add extensions by code (what i needed) could be useful to someone. that's why i wrote that. when i have a little time, i'd like to recopilate all kind of examples and document them as i've done with this one. then put all of them in a web site... may be a wiki, so people can add examples in a cooperative way. i don't know if anyone would be interested. best regards, aleix ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
