On Fri, Nov 11, 2005, Dr. Stephen Henson wrote:
> On Fri, Nov 11, 2005, Katie Lucas wrote:
>
> >
> >
> > We're creating custom extensions, so I went off and registered us an
> > OID under {2.25} to use. It's a UUID OID, so it's quite a long
> > numerical string.
> >
> > I can create and sign certificates with the extensions in, and load
> > the certificates and pull extensions out by OID and everything seems fine
> > until I print them using "openssl x509"
> >
> > It says;
> >
> > X509v3 extensions:
> > 2.25.2782250267.1:
> > ..foo1
> >
> > Now, "foo1" is the testvalue I'm putting in. 2.25 is the right root
> > for the tree, .1 is the value under our domain. However "2782250267"
> > isn't our OID...
> >
> > Our OID, is 30 digits long and starts "14141...6731". Is there
> > something in the x509 printing system that's truncating them? (which
> > is not a major issue) [The number looks like it could be the 32 lsbs?]
> >
> >
> > Or is it being truncated when being inserted into the certificate?
> > (Which would be an issue, since we could get clashes..)
> >
>
> Can you send me the certificate with the OID in it?
>
No need, I've checked the routines involved and they *do* truncate the OID
values. They've been around since the SSLeay days an so far no one has needed
OIDs with numerical values that don't fit in an unsigned long value.
I'll look into updating them.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
