Yay, this is awesome, thank you! I think the current branch will definitely
need splitting, most likely I will submit the changes in three separate
PRs: the types first (in `x509.extensions` on Python side and in
`x509::extensions` on the Rust side), then the parsing, then the encoding
(this implem
As much as I hate ASN.1 (also shared by people on the ASN.1 committee
back then), you got to love how easy it is to add things in ASN.1.
Perhaps one of the first "Object Oriented Data Model"?
On 10/30/24 10:04, Paul Kehrer via Cryptography-dev wrote:
Re-sending to list since I accidentally sent
Re-sending to list since I accidentally sent this solely to Oleg! Sorry about that Oleg.-PaulOn Oct 30, 2024, at 7:02 AM, Paul Kehrer wrote:We would be willing to take support for this since it’s just some asn.1 definitions and there’s a specification associated with it. If the diff is larger tha
Well, to some extent certificates are suppose to be public. But then I
often deal with those that are kept out of the public's view...
It looks like this is an ITU standard from at least 2010. Unfortunately
the dump is not showing the actual OID for the "Professional Information
or basis for
I hope I won't be fired for publishing the certificates out in the wild :-)
so I'll try to black out the unrelated parts. BIO print:
```
openssl x509 -in certfile -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: XXX (0xXXX)
Signature Algorithm: sha256WithR
Can you do a print out of such a cert with say:
openssl x509 -in whatever.pem -text -noout
?
And perhaps an ASN.1 dump:
openssl asn1parse -i -in whatever.pem
I am curious as to what this extension looks like. It is not in rfc5280
and wonder if it was ever published in an rfc (which is the
Is there a published spec that defines the ASN.1 syntax for these extensions
(maybe from BSI)? We generally like to have a specification that we can use as
a source of truth. For x509 I don’t have any objection to adding this assuming
a spec exists.
-Paul
> On Oct 29, 2024, at 6:54 PM, Oleg Hö
Dear devs,
there is an X509 extension named `Admissions`, supported e.g. by OpenSSL (
https://docs.openssl.org/master/man3/ADMISSIONS/) and BouncyCastle (
https://people.eecs.berkeley.edu/~jonah/bc/index.html?org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.html).
Would you be interested in `cry
