[openssl.org #269] [PATCH] Support for Subject Directory Attributes redux
This patch is a replacement for RT/openssl.org: Ticket #237. Please
retract Ticket #237.
The following patch provides basic support for Subject Directory
Attributes, which are defined in the x509 spec (RFC 2459), but are
currently unsupported by OpenSSL. openssl.cnf entries for Subject
Directory Attributes should be formed as follows:
subjectDirectoryAttribute = type:type-objectname, \
value:value-objectname|DER:hexstring
Example:
subjectDirectoryAttributes = type:corestreet,value:DER:3081cd3081ca3081ca...
An OID for Corestreet Credential Validation has also been added to
provide support for Dr. Silvio Micali's certificate validation mechanism.
The follow diff is relative to the 9/03/02 snapshot.
Index: crypto/objects/obj_dat.h
===
RCS file:
/home/jhartford/projects/openssl/cvs/openssl/crypto/objects/obj_dat.h,v
retrieving revision 1.62
diff -c -r1.62 obj_dat.h
*** crypto/objects/obj_dat.h2002/08/02 12:28:33 1.62
--- crypto/objects/obj_dat.h2002/09/04 18:01:32
***
*** 62,73
* [including the GNU Public Licence.]
*/
! #define NUM_NID 716
! #define NUM_SN 711
! #define NUM_LN 711
! #define NUM_OBJ 685
! static unsigned char lvalues[4849]={
0x00,/* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
--- 62,73
* [including the GNU Public Licence.]
*/
! #define NUM_NID 718
! #define NUM_SN 713
! #define NUM_LN 713
! #define NUM_OBJ 687
! static unsigned char lvalues[4860]={
0x00,/* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
***
*** 753,758
--- 753,760
0x67,0x2B,0x0D,0x04,0x0A,/* [4833]
OBJ_wap_wsg_idm_ecid_wtls10 */
0x67,0x2B,0x0D,0x04,0x0B,/* [4838]
OBJ_wap_wsg_idm_ecid_wtls11 */
0x67,0x2B,0x0D,0x04,0x0C,/* [4843]
OBJ_wap_wsg_idm_ecid_wtls12 */
+ 0x55,0x1D,0x09, /* [4848]
OBJ_subject_directory_attributes */
+ 0x2B,0x06,0x01,0x04,0x01,0xE0,0x35,0x01, /* [4851] OBJ_corestreet */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
***
*** 1873,1878
--- 1875,1884
NID_wap_wsg_idm_ecid_wtls11,5,(lvalues[4838]),0},
{wap-wsg-idm-ecid-wtls12,wap-wsg-idm-ecid-wtls12,
NID_wap_wsg_idm_ecid_wtls12,5,(lvalues[4843]),0},
+ {subjectDirectoryAttributes,Subject Directory Attributes,
+ NID_subject_directory_attributes,3,(lvalues[4848]),0},
+ {corestreet,Corestreet Credential Validation,NID_corestreet,8,
+ (lvalues[4851]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
***
*** 2054,2059
--- 2060,2066
(nid_objs[130]),/* clientAuth */
(nid_objs[131]),/* codeSigning */
(nid_objs[50]),/* contentType */
+ (nid_objs[717]),/* corestreet */
(nid_objs[53]),/* countersignature */
(nid_objs[153]),/* crlBag */
(nid_objs[103]),/* crlDistributionPoints */
***
*** 2555,2560
--- 2562,2568
(nid_objs[496]),/* singleLevelQuality */
(nid_objs[387]),/* snmpv2 */
(nid_objs[85]),/* subjectAltName */
+ (nid_objs[716]),/* subjectDirectoryAttributes */
(nid_objs[398]),/* subjectInfoAccess */
(nid_objs[82]),/* subjectKeyIdentifier */
(nid_objs[498]),/* subtreeMaximumQuality */
***
*** 2598,2603
--- 2606,2612
(nid_objs[285]),/* Biometric Info */
(nid_objs[179]),/* CA Issuers */
(nid_objs[131]),/* Code Signing */
+ (nid_objs[717]),/* Corestreet Credential Validation */
(nid_objs[382]),/* Directory */
(nid_objs[392]),/* Domain */
(nid_objs[132]),/* E-mail Protection */
***
*** 2662,2667
--- 2671,2677
(nid_objs[386]),/* Security */
(nid_objs[394]),/* Selected Attribute Types */
(nid_objs[143]),/* Strong Extranet ID */
+ (nid_objs[716]),/* Subject Directory Attributes */
(nid_objs[398]),/* Subject Information Access */
(nid_objs[130]),/* TLS Web Client Authentication */
(nid_objs[129]),/* TLS Web Server Authentication */
***
*** 3309,3316
(nid_objs[434]),/* OBJ_data 0 9 */
(nid_objs[181]),/* OBJ_iso 1 */
(nid_objs[182]),/* OBJ_member_body 1 2 */
- (nid_objs[379]),/* OBJ_org 1 3 */
(nid_objs[527]),/* OBJ_identified_organization 1 3 */
(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */
(nid_objs[11]),/* OBJ_X500 2 5 */
(nid_objs[380]),/* OBJ_dod 1 3 6 */
--- 3319,3326
(nid_objs[434]),/* OBJ_data 0 9 */
(nid_objs[181]),/* OBJ_iso 1 */
(nid_objs[182]),/* OBJ_member_body
[openssl.org #237] [PATCH] Support for Subject Directory Attributes
The following patch provides basic support for Subject Directory
Attributes, which are defined in the x509 spec (RFC 2459), but are
currently unsupported by OpenSSL. In this patch, Subject Directory
Attributes are parsed like Authority Information Access.
An OID for Corestreet Credential Validation has also been added to
provide support for Dr. Silvio Micali's certificate validation mechanism.
The follow diff is relative to the 8/15/02 snapshot.
Index: crypto/objects/obj_dat.h
===
RCS file:
/home/jhartford/projects/openssl/cvs/openssl/crypto/objects/obj_dat.h,v
retrieving revision 1.62
diff -c -b -r1.62 obj_dat.h
*** crypto/objects/obj_dat.h2002/08/02 12:28:33 1.62
--- crypto/objects/obj_dat.h2002/08/19 19:44:30
***
*** 62,73
* [including the GNU Public Licence.]
*/
! #define NUM_NID 716
! #define NUM_SN 711
! #define NUM_LN 711
! #define NUM_OBJ 685
! static unsigned char lvalues[4849]={
0x00,/* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
--- 62,73
* [including the GNU Public Licence.]
*/
! #define NUM_NID 718
! #define NUM_SN 713
! #define NUM_LN 713
! #define NUM_OBJ 687
! static unsigned char lvalues[4860]={
0x00,/* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
***
*** 753,758
--- 753,760
0x67,0x2B,0x0D,0x04,0x0A,/* [4833]
OBJ_wap_wsg_idm_ecid_wtls10 */
0x67,0x2B,0x0D,0x04,0x0B,/* [4838]
OBJ_wap_wsg_idm_ecid_wtls11 */
0x67,0x2B,0x0D,0x04,0x0C,/* [4843]
OBJ_wap_wsg_idm_ecid_wtls12 */
+ 0x55,0x1D,0x09, /* [4848]
OBJ_subject_directory_attribute */
+ 0x2B,0x06,0x01,0x04,0x01,0xE0,0x35,0x01, /* [4851] OBJ_corestreet */
};
static ASN1_OBJECT nid_objs[NUM_NID]={
***
*** 1873,1878
--- 1875,1884
NID_wap_wsg_idm_ecid_wtls11,5,(lvalues[4838]),0},
{wap-wsg-idm-ecid-wtls12,wap-wsg-idm-ecid-wtls12,
NID_wap_wsg_idm_ecid_wtls12,5,(lvalues[4843]),0},
+ {subjectDirectoryAttribute,Subject Directory Attribute,
+ NID_subject_directory_attribute,3,(lvalues[4848]),0},
+ {corestreet,Corestreet Credential Validation,NID_corestreet,8,
+ (lvalues[4851]),0},
};
static ASN1_OBJECT *sn_objs[NUM_SN]={
***
*** 2054,2059
--- 2060,2066
(nid_objs[130]),/* clientAuth */
(nid_objs[131]),/* codeSigning */
(nid_objs[50]),/* contentType */
+ (nid_objs[717]),/* corestreet */
(nid_objs[53]),/* countersignature */
(nid_objs[153]),/* crlBag */
(nid_objs[103]),/* crlDistributionPoints */
***
*** 2555,2560
--- 2562,2568
(nid_objs[496]),/* singleLevelQuality */
(nid_objs[387]),/* snmpv2 */
(nid_objs[85]),/* subjectAltName */
+ (nid_objs[716]),/* subjectDirectoryAttribute */
(nid_objs[398]),/* subjectInfoAccess */
(nid_objs[82]),/* subjectKeyIdentifier */
(nid_objs[498]),/* subtreeMaximumQuality */
***
*** 2598,2603
--- 2606,2612
(nid_objs[285]),/* Biometric Info */
(nid_objs[179]),/* CA Issuers */
(nid_objs[131]),/* Code Signing */
+ (nid_objs[717]),/* Corestreet Credential Validation */
(nid_objs[382]),/* Directory */
(nid_objs[392]),/* Domain */
(nid_objs[132]),/* E-mail Protection */
***
*** 2662,2667
--- 2671,2677
(nid_objs[386]),/* Security */
(nid_objs[394]),/* Selected Attribute Types */
(nid_objs[143]),/* Strong Extranet ID */
+ (nid_objs[716]),/* Subject Directory Attribute */
(nid_objs[398]),/* Subject Information Access */
(nid_objs[130]),/* TLS Web Client Authentication */
(nid_objs[129]),/* TLS Web Server Authentication */
***
*** 3309,3316
(nid_objs[434]),/* OBJ_data 0 9 */
(nid_objs[181]),/* OBJ_iso 1 */
(nid_objs[182]),/* OBJ_member_body 1 2 */
- (nid_objs[379]),/* OBJ_org 1 3 */
(nid_objs[527]),/* OBJ_identified_organization 1 3 */
(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */
(nid_objs[11]),/* OBJ_X500 2 5 */
(nid_objs[380]),/* OBJ_dod 1 3 6 */
--- 3319,3326
(nid_objs[434]),/* OBJ_data 0 9 */
(nid_objs[181]),/* OBJ_iso 1 */
(nid_objs[182]),/* OBJ_member_body 1 2 */
(nid_objs[527]),/* OBJ_identified_organization 1 3 */
+ (nid_objs[379]),/* OBJ_org 1 3 */
(nid_objs[393]),/* OBJ_joint_iso_ccitt 2 */
(nid_objs[11]),/* OBJ_X500 2 5 */
(nid_objs[380]),/*
