On Sun, Aug 07, 2011, Luke Kenneth Casson Leighton wrote: > On Sun, Aug 7, 2011 at 8:29 PM, Dr. Stephen Henson <[email protected]> wrote: > > On Sun, Aug 07, 2011, Luke Kenneth Casson Leighton wrote: > > > >> > >> * standard openssl functions which set the authority key identifier > >> seem to not allow direct setting of the keyid. any clues on how to do > >> that? > >> > > > > You create an AUTHORITY_KEYID structure and populate it. Then you can call > > X509_add1_ext_i2d(). > > ahh, you're a star. > > >> > If you have a certificate issued by the same CA that would make things > >> > easier > >> > but it would still be a rather hit and miss affair. > >> > >> i'm looking for it... :) > >> > > > > The CA certificate would help too, you could use its subject DN directly. > > i believe this is a CA certificate - it's just a non-standard one, so > is preventing access to a publicly accessible published well-known > HTTPS resource. so yes i've got the subject DN. > > > You will at least know when you've got it right: the signatures will match. > > yyep, i figured that bit he he. i'm almost there. dates and serial > number are the last two fields. >
Date you should translate into the form YYMMDDHHMMSSZ (where 'Z' is the character 'Z') as it is probably in UTCTime format. Serial number is a hexdump if you just set the ASN1_INTEGER with that it should come out OK with any leading zeroes inserted automatically. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
