Thanks Dr. Henson, So that leaves me with some more questions.
What is the new_oids section supposed to be used for? Because it looks like I just add a name=oid and then for simple strings, add the extension as name=<whatever> the man pages refer to this as well. That is my confusion. My initial try at this syntax "1.2.3.4 = ASN1:UTF8:This is a block of text" failed my first time (before I posted for help) because I didn't add the ASN1, but even that attempt was more of a shot in the dark. Anyway, I corrected it and it works and I can try some other sequences. Oil On Mon, Jul 14, 2008 at 3:35 PM, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > On Mon, Jul 14, 2008, Oil Supply wrote: > >> On Mon, Jul 14, 2008 at 1:51 PM, Patrick Patterson >> <[EMAIL PROTECTED]> wrote: >> > <snip> >> >> #This is the extension I want to add >> >> fooname=this is a block of text >> >> basicConstraints = CA:true >> >> keyUsage = cRLSign, keyCertSign >> >> [ crl_ext ] >> >> authorityKeyIdentifier=keyid:always,issuer:always >> > >> > What is fooname? What is the encoding? An extension is represented (in the >> > simplest form), as an OID (that identifies which extension it is, and a >> > value >> > that is encoded as per the RFC (or other document) rules for that >> > extension. >> > >> > So, for instance, if fooname is an extension that corresponds to the >> > OID '1.2.3.4', and it is of value UTF8String, then I think that the right >> > way >> > to encode it could be: 1.2.3.4 = UTF8:This is a block of text >> >> Hi Pat. According to the docs and what I read, this should just "work". :) >> > > Well whatever docs they are it wont ;-) > > OpenSSL has no idea how to process "fooname" or the value. > >> In this case, fooname is just a string. I am starting simple to get >> the syntax down, then I will tackle other types. So I am not trying >> anything fancy. I did try your suggestion if trying using the bare OID >> but got the same error. > > The correct syntax for that example is: > > 1.2.3.4 = ASN1:UTF8:This is a block of text > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
