subject:"\[openssl.org #237\] \[PATCH\] Support for Subject Directory Attributes"

[openssl.org #237] [PATCH] Support for Subject Directory Attributes

2002-11-14 Thread Stephen Henson via RT


[[EMAIL PROTECTED] - Thu Sep  5 09:23:59 2002]:

> 
> This patch is a replacement for RT/openssl.org: Ticket #237.  Please
> retract Ticket #237.
> 
> The following patch provides basic support for Subject Directory
> Attributes, which are defined in the x509 spec (RFC 2459), but are
> currently unsupported by OpenSSL.  openssl.cnf entries for Subject
> Directory Attributes should be formed as follows:
> 
> subjectDirectoryAttribute = type:, \
> value:>
> 
> Example:
> 
> subjectDirectoryAttributes =
>type:corestreet,value:DER:3081cd3081ca3081ca...
> 
> An OID for "Corestreet Credential Validation" has also been added to
> provide support for Dr. Silvio Micali's certificate validation
>mechanism.
> 
> The follow diff is relative to the 9/03/02 snapshot.
> 
> 

The new ASN1 generator in OpenSSL 0.9.8 should be able to do this using
a human readable syntax.

See ASN1_generate_nconf(3) and doc/openssl.txt in 0.9.8

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #237] [PATCH] Support for Subject Directory Attributes

2002-08-21 Thread Stephen Henson via RT



[[EMAIL PROTECTED] - Wed Aug 21 22:21:34 2002]:

> The following patch provides basic support for Subject Directory
> Attributes, which are defined in the x509 spec (RFC 2459), but are
> currently unsupported by OpenSSL.  In this patch, Subject Directory
> Attributes are parsed like Authority Information Access.
> 
> An OID for "Corestreet Credential Validation" has also been added to
> provide support for Dr. Silvio Micali's certificate validation
> mechanism.
> 
> The follow diff is relative to the 8/15/02 snapshot.
> 
> 

Do you have an example of a certificate containing this extension, that
is one
not generated by OpenSSL? 

There are a number of areas of this patch which I'm not sure about, the
ASN1 code
doesn't seem to match the description in RFC2459 and the extension of
GENERAL_NAME for example.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #237] [PATCH] Support for Subject Directory Attributes

2002-08-21 Thread joe hartford via RT



The following patch provides basic support for Subject Directory 
Attributes, which are defined in the x509 spec (RFC 2459), but are 
currently unsupported by OpenSSL.  In this patch, Subject Directory 
Attributes are parsed like Authority Information Access.

An OID for "Corestreet Credential Validation" has also been added to 
provide support for Dr. Silvio Micali's certificate validation mechanism.

The follow diff is relative to the 8/15/02 snapshot.


Index: crypto/objects/obj_dat.h
===
RCS file: 
/home/jhartford/projects/openssl/cvs/openssl/crypto/objects/obj_dat.h,v
retrieving revision 1.62
diff -c -b -r1.62 obj_dat.h
*** crypto/objects/obj_dat.h2002/08/02 12:28:33 1.62
--- crypto/objects/obj_dat.h2002/08/19 19:44:30
***
*** 62,73 
   * [including the GNU Public Licence.]
   */

! #define NUM_NID 716
! #define NUM_SN 711
! #define NUM_LN 711
! #define NUM_OBJ 685

! static unsigned char lvalues[4849]={
  0x00,/* [  0] OBJ_undef */
  0x2A,0x86,0x48,0x86,0xF7,0x0D,   /* [  1] OBJ_rsadsi */
  0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,  /* [  7] OBJ_pkcs */
--- 62,73 
   * [including the GNU Public Licence.]
   */

! #define NUM_NID 718
! #define NUM_SN 713
! #define NUM_LN 713
! #define NUM_OBJ 687

! static unsigned char lvalues[4860]={
  0x00,/* [  0] OBJ_undef */
  0x2A,0x86,0x48,0x86,0xF7,0x0D,   /* [  1] OBJ_rsadsi */
  0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,  /* [  7] OBJ_pkcs */
***
*** 753,758 
--- 753,760 
  0x67,0x2B,0x0D,0x04,0x0A,/* [4833] 
OBJ_wap_wsg_idm_ecid_wtls10 */
  0x67,0x2B,0x0D,0x04,0x0B,/* [4838] 
OBJ_wap_wsg_idm_ecid_wtls11 */
  0x67,0x2B,0x0D,0x04,0x0C,/* [4843] 
OBJ_wap_wsg_idm_ecid_wtls12 */
+ 0x55,0x1D,0x09,  /* [4848] 
OBJ_subject_directory_attribute */
+ 0x2B,0x06,0x01,0x04,0x01,0xE0,0x35,0x01, /* [4851] OBJ_corestreet */
  };

  static ASN1_OBJECT nid_objs[NUM_NID]={
***
*** 1873,1878 
--- 1875,1884 
NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4838]),0},
  {"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12",
NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4843]),0},
+ {"subjectDirectoryAttribute","Subject Directory Attribute",
+   NID_subject_directory_attribute,3,&(lvalues[4848]),0},
+ {"corestreet","Corestreet Credential Validation",NID_corestreet,8,
+   &(lvalues[4851]),0},
  };

  static ASN1_OBJECT *sn_objs[NUM_SN]={
***
*** 2054,2059 
--- 2060,2066 
  &(nid_objs[130]),/* "clientAuth" */
  &(nid_objs[131]),/* "codeSigning" */
  &(nid_objs[50]),/* "contentType" */
+ &(nid_objs[717]),/* "corestreet" */
  &(nid_objs[53]),/* "countersignature" */
  &(nid_objs[153]),/* "crlBag" */
  &(nid_objs[103]),/* "crlDistributionPoints" */
***
*** 2555,2560 
--- 2562,2568 
  &(nid_objs[496]),/* "singleLevelQuality" */
  &(nid_objs[387]),/* "snmpv2" */
  &(nid_objs[85]),/* "subjectAltName" */
+ &(nid_objs[716]),/* "subjectDirectoryAttribute" */
  &(nid_objs[398]),/* "subjectInfoAccess" */
  &(nid_objs[82]),/* "subjectKeyIdentifier" */
  &(nid_objs[498]),/* "subtreeMaximumQuality" */
***
*** 2598,2603 
--- 2606,2612 
  &(nid_objs[285]),/* "Biometric Info" */
  &(nid_objs[179]),/* "CA Issuers" */
  &(nid_objs[131]),/* "Code Signing" */
+ &(nid_objs[717]),/* "Corestreet Credential Validation" */
  &(nid_objs[382]),/* "Directory" */
  &(nid_objs[392]),/* "Domain" */
  &(nid_objs[132]),/* "E-mail Protection" */
***
*** 2662,2667 
--- 2671,2677 
  &(nid_objs[386]),/* "Security" */
  &(nid_objs[394]),/* "Selected Attribute Types" */
  &(nid_objs[143]),/* "Strong Extranet ID" */
+ &(nid_objs[716]),/* "Subject Directory Attribute" */
  &(nid_objs[398]),/* "Subject Information Access" */
  &(nid_objs[130]),/* "TLS Web Client Authentication" */
  &(nid_objs[129]),/* "TLS Web Server Authentication" */
***
*** 3309,3316 
  &(nid_objs[434]),/* OBJ_data 0 9 */
  &(nid_objs[181]),/* OBJ_iso  1 */
  &(nid_objs[182]),/* OBJ_member_body  1 2 */
- &(nid_objs[379]),/* OBJ_org  1 3 */
  &(nid_objs[527]),/* OBJ_identified_organization  1 3 */
  &(nid_objs[393]),/* OBJ_joint_iso_ccitt  2 */
  &(nid_objs[11]),/* OBJ_X500 2 5 */
  &(nid_objs[380]),/* OBJ_dod  1 3 6 */
--- 3319,3326 
  &(nid_objs[434]),/* OBJ_data 0 9 */
  &(nid_objs[181]),/* OBJ_iso  1 */
  &(nid_objs[182]),/* OBJ_member_body  1 2 */
  &(nid_objs[527]),/* OBJ_identified_organization  1 3 */
+ &(nid_objs[379]),/* OBJ_org  1 3 */
  &(nid_objs[393]),/* OBJ_joint_

[openssl.org #237] [PATCH] Support for Subject Directory Attributes

[openssl.org #237] [PATCH] Support for Subject Directory Attributes

[openssl.org #237] [PATCH] Support for Subject Directory Attributes

3 matches

Site Navigation

Mail list logo

Footer information