Hi, I'm looking into extensions attributes of certificate requests. This is my conclusion:
There are two ways of adding custom extensions to a CSR in openssl: - Alias an extension to another. This gives the properties of an existing extension to the custom extension. - Implement the full knowledge of the extension to encode/decode it and plug it into openssl (compile it into my app and link it with openssl and provide the new extension to openssl with X509V3_EXT_METHOD struct and X509V3_EXT_add) Both methods require prior knowledge of the extension so what openssl means with 'Arbitrary extensions' can never be arbitrary to a developer, i.e. I need full knowledge of all 'received' extensions. openssl can of course handle all standard extensions. Is this correctly understood? Thanks! -- View this message in context: http://www.nabble.com/Simple%28-%29-yes-no-confirmation-of-my-assumptions-please-tp24011649p24011649.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
