Re: [openssl-users] QcStatements with OpenSSL (C++)?
thanks :) But can you explain how i got the concrete data like QCStatement? Because there is no defined structure in OpenSSL like for example CRLDistributionPoints. So which structure and functions i have to use, to get the matching data? QCStatement ::= SEQUENCE { statementId QC-STATEMENT.&Id({SupportedStatements}), statementInfo QC-STATEMENT.&Type ({SupportedStatements}{@statementId}) OPTIONAL } thanks again! Von: openssl-users im Auftrag von lists Gesendet: Mittwoch, 26. April 2017 17:06:58 An: openssl-users@openssl.org Betreff: Re: [openssl-users] QcStatements with OpenSSL (C++)? On 04/17/2017 06:40 PM, Matthias Ballreich wrote: Hi there, can OpenSSL pasre QcStatement X509v3 Extension btw. Did OpenSSL Support these? Any Piece of example Code of how can i parse the data? To my knowledge, there is direct support for the qcStatements, you must parse it yourself. I asked for some help on the list more or less a month ago, I was trying to develop the required structures but apparently I got lost in the OpenSSL macro jungle, finally I had to quit working on it. What you can do is search for specific statements of interest to you (there are quite a bit) by parsing the attribute. Get the attribute NID of the object in the extension and see if it matches the NID of qcStatements: oneObj = X509_EXTENSION_get_object(oneExt); objnid = OBJ_obj2nid(theObj); if (objnid == NID_qcStatements) { printf("DEBUG:ext:GOTCHA!:this is qcStatements!\n"); } you then extract the data from the object and parse it. For the moment I have this ugly quick way of doing it, for instance for a simple one: #define UC_id_etsi_qcs_QcCompliance "0.4.0.1862.1.1" if (strstr(extdump, UC_id_etsi_qcs_QcCompliance) == NULL) { printf("INFO:QcCompliance:no:\n"); } else { printf("INFO:QcCompliance:yes:\n"); } Thanks Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] QcStatements with OpenSSL (C++)?
On 04/17/2017 06:40 PM, Matthias Ballreich wrote: Hi there, can OpenSSL pasre QcStatement X509v3 Extension btw. Did OpenSSL Support these? Any Piece of example Code of how can i parse the data? To my knowledge, there is direct support for the qcStatements, you must parse it yourself. I asked for some help on the list more or less a month ago, I was trying to develop the required structures but apparently I got lost in the OpenSSL macro jungle, finally I had to quit working on it. What you can do is search for specific statements of interest to you (there are quite a bit) by parsing the attribute. Get the attribute NID of the object in the extension and see if it matches the NID of qcStatements: oneObj = X509_EXTENSION_get_object(oneExt); objnid = OBJ_obj2nid(theObj); if (objnid == NID_qcStatements) { printf("DEBUG:ext:GOTCHA!:this is qcStatements!\n"); } you then extract the data from the object and parse it. For the moment I have this ugly quick way of doing it, for instance for a simple one: #define UC_id_etsi_qcs_QcCompliance "0.4.0.1862.1.1" if (strstr(extdump, UC_id_etsi_qcs_QcCompliance) == NULL) { printf("INFO:QcCompliance:no:\n"); } else { printf("INFO:QcCompliance:yes:\n"); } Thanks Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] QcStatements with OpenSSL (C++)?
Hi there, can OpenSSL pasre QcStatement X509v3 Extension btw. Did OpenSSL Support these? Any Piece of example Code of how can i parse the data? Thanks Matthias -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
qcStatements extension support in OpenSSL
Hi there, I was wondering whether there are any news on the support of "qcStatements" X.509 v3 certificate private extension in OpenSSL. The ASN.1 syntax for this extension is quite straight forward so perhaps some one has already implemented this or at least it is pending somewhere in the queue for new release? The easiest solution to work with would be to allow the configuration of the extension from the OpenSSL configuration file, something perhaps similar to the following: qcStatements = critical,qcCompliance,qcSyntaxVersion1 or qcStatements = critical,1.3.6.1.5.5.7.11.1,0.4.0.1862.1.1 whereby the qcCompliance would represent the ETSI statement of compliance object identifier [id-etsi-qcs-QcCompliance: 0.4.0.1862.1.1] and qcSyntaxVersion1 [id-qcs-pkixQCSyntax-v1: 1.3.6.1.5.5.7.11.1] - the object identifier for compliance with RFC 3039 Qualified Certificates Profile syntax. Obviously the above represents the simplified scenario, without extending the qcStatements sequence to optional "statementInfo" and also without consideration of the version 2 of the profile (as defined in RFC 3739) but nonetheless it would be very useful and helpful for the community I believe. Does any one have any thoughts on this or perhaps a ready to go implementation? I have searched mailing lists and groups but had no luck in finding any useful information other than the fact, that many people asked similar questions in the past years - but there was no response... Thanks, E. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
qcStatements
Hello guys, I'm stuck in defining qcStatements in certificates. Does anyone know how to define it in openssl.conf ? I will be very thankfull for any information. Regards, Max __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
QcStatements
I am trying to generate a certificate with QcStatements. I add in openssl.cnf this line qcStatements = critical,DER:30:21:30:08:06:06:04:00:8E:46:01:01:30:08:06:06:04:00:8E:46:01:01:30:0B:06:06:04:00:8E:46:01:03:02:01:OA DER encoded Qstatements with qcEuCompliance, QcEuLimitValue and QcEuRetentionPeriod When i want to sign my certificate, i have this error Error Loading extension section x509v3_ext_QualifClasse3+ 21798:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_QualifClasse3+ name=email_in_dn 21798:error:22071071:X509 V3 routines:string_to_hex:illegal hex digit:v3_utl.c:434: 21798:error:22074074:X509 V3 routines:V3_GENERIC_EXTENSION:extension value error:v3_conf.c:264:value=30:21:30:08:06:06:04:00:8E:46:01:01:30:08:06:06:04:00:8E:46:01:01:30:0B:06:06:04:00:8E:46:01:03:02:01:OA unable to write 'random state' When i try to sign with a shorter QCstatements only with QCEuCompliance, its works fine. Have you an idea ? Thanks in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
howto put id-etsi-qcs-QcCompliance in qcStatements
Hi, I was wondering how to put the id-etsi-qcs-QcCompliance statement (OID 0.4.0.1862.1.1) in a certificate under qcStatements in a certificate. Is it possible to do so using openssl.cnf? If not, does anyone know how i should put it in DER? Thanks in advance, Eelse-jan __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: qcStatements
Hi, In 0.9.6d, the qcStatement oid is already recognized. If I put the qcStatement in req section, then it goes in the subject of the cetificate, and I don't want that. I want it to be a regular x509 v3 extension. I can do this with qcStatements = DER:XX:XX:XX:XX... in [user_cert] section, which I use by the '-extensions user_cert' command line parameter, where XX are hexadecimal values, but then I must provide my statement in DER format, and this is not very "user-friendly" for me, and I am not very sure about the exact form that the statement must have... - Original Message - From: "Averroes" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 06, 2002 3:06 PM Subject: Re: qcStatements > Hi Jasmin, > > Yes, > > put in the oid section: > > qcStatements= 1.3.6.1.5.5.7.1.3 > > then in req section as commonName, countryName, etc. > > Regards > > > Jasmin Djipanov wrote: > > > Does anyone know how to configure openssl.cnf to include the 'qcStatements' > > extension in a user certificate? > > > > Thanks... > > > > __ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List[EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > #-- > Averroes > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: qcStatements
Hi Jasmin, Yes, put in the oid section: qcStatements= 1.3.6.1.5.5.7.1.3 then in req section as commonName, countryName, etc. Regards Jasmin Djipanov wrote: > Does anyone know how to configure openssl.cnf to include the 'qcStatements' > extension in a user certificate? > > Thanks... > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] #-- Averroes __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
qcStatements
Does anyone know how to configure openssl.cnf to include the 'qcStatements' extension in a user certificate? Thanks... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
qcStatements
Hello everyone, I am trying to use qcStatements with the x509 application. The object exists in the object defenition, but i don't seem to be able to use it in the extensions mechanism. Has anyone got a clue ? Thank you, Benjamin Hille __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]