On July 14, 2008 03:35:22 pm Dr. Stephen Henson wrote: > On Mon, Jul 14, 2008, Oil Supply wrote: > > On Mon, Jul 14, 2008 at 1:51 PM, Patrick Patterson > > > > <[EMAIL PROTECTED]> wrote: > > > <snip> > > > > > >> #This is the extension I want to add > > >> fooname=this is a block of text > > >> basicConstraints = CA:true > > >> keyUsage = cRLSign, keyCertSign > > >> [ crl_ext ] > > >> authorityKeyIdentifier=keyid:always,issuer:always > > > > > > What is fooname? What is the encoding? An extension is represented (in > > > the simplest form), as an OID (that identifies which extension it is, > > > and a value that is encoded as per the RFC (or other document) rules > > > for that extension. > > > > > > So, for instance, if fooname is an extension that corresponds to the > > > OID '1.2.3.4', and it is of value UTF8String, then I think that the > > > right way to encode it could be: 1.2.3.4 = UTF8:This is a block of text > > > > Hi Pat. According to the docs and what I read, this should just "work". > > :) > > Well whatever docs they are it wont ;-) > > OpenSSL has no idea how to process "fooname" or the value. > > > In this case, fooname is just a string. I am starting simple to get > > the syntax down, then I will tackle other types. So I am not trying > > anything fancy. I did try your suggestion if trying using the bare OID > > but got the same error. > > The correct syntax for that example is: > > 1.2.3.4 = ASN1:UTF8:This is a block of text > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED]
-- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
