On 30/9/03 10:55 pm, Paul Bearer <[EMAIL PROTECTED]> wrote:
OK, and it turns out that the extension value really *is* encapsulated inside an OCTET STRING. (Typical X.509 brokenness.)
Your value isn't actually a SubjectAltName extension, it is an Extensions
structure, which is a SEQUENCE OF (ie array of) Extension, the array only
containing one extension - a SubjectAltName. So to decode you need to do it
in two steps. The first step is to decode and get the array of Extension,
and the second step is to decode each Extension. Using Norbert's x509decode
script as a basis, this seems to work:
my $exts = $asn->find("Extensions"); my $san = $asn->find("SubjectAltName");
my $e = $exts->decode($binSan);
# So we look at the first extension, and decode that as a SubjectAltName.
# Ideally we'd check $e->[0]->{extnID} against '2.5.29.17' first..
my $s = $san->decode($e->[0]->{extnValue});
Ug, I hate that you have todo that. I was hoping we could do
extnValue [UNIVERSAL 4] EXPLICIT ANY DEFINED BY extnID
But that causes a parse error as it is expecting the tag to have the constructor bit set :(
Maybe I could add an extension so we can write
extnValue [UNIVERSAL 4] CONTAINING ANY DEFINED BY extnID
Which is identical to explicit, but does not set the constructor bit
Graham.
