Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

> > For now the ASN.1 string is not an opaque structure. > > Considering how OpenSSL design evolved, I suspect that the time may come > when this string would become opaque. Therefore, I suggest that > getter/setter functions should be added. Any thoughts about the

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

On Tue, Jun 18, 2019 at 09:51:31PM +, Blumenthal, Uri - 0553 - MITLL wrote: > > We should perhaps provide getter/setter functions for the flags, or > > perhaps even a specific function for indicating the value is a bitstring, > > and how many bits it holds. For now the ASN.1 string is not an

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

On 6/18/19, 5:44 PM, "openssl-users on behalf of Viktor Dukhovni" wrote: We should perhaps provide getter/setter functions for the flags, or perhaps even a specific function for indicating the value is a bitstring, and how many bits it holds. For now the ASN.1 string is not an

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

On Tue, Jun 18, 2019 at 02:27:30PM -0700, Lisa Matias wrote: > Sorry, I was just frustrated that the changes to OpenSSL 1.1.1 broke code > which worked for nearly 15 years, by denying access to previously > accessible C structs. Those changes are needed to make sure that future changes in the

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

Sorry, I was just frustrated that the changes to OpenSSL 1.1.1 broke code which worked for nearly 15 years, by denying access to previously accessible C structs. I was able to use OpenSSL to generate a certificate with a subject containing the x500UniqueIdentifier attribute as a pure ASN.1 BIT

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

On Tue, Jun 18, 2019 at 07:16:46AM -0700, Lisa Matias wrote: > If you look here: > > https://www.openssl.org/docs/man1.1.0/man3/X509_NAME_ENTRY_get_data.html > > It states: > > *X509_NAME_ENTRY_get_data() retrieves the field value of ne in > and ASN1_STRING structure.* Regardless of the entry

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

If you look here: https://www.openssl.org/docs/man1.1.0/man3/X509_NAME_ENTRY_get_data.html It states: *X509_NAME_ENTRY_get_data() retrieves the field value of ne in and ASN1_STRING structure.* Unfortunately this does not work for any non-string X.500 attributes such as x500UniqueIdentifer

Re: how to set flags in X509_NAME_ENTRY in OpenSSL 1.1.1

On Mon, Jun 17, 2019 at 09:19:41PM -0700, Lisa Matias wrote: > X509_NAME_ENTRY *nameEntry; > nameEntry = X509_NAME_ENTRY_create_by_NID (, nid, > derTagToVType (tag), buffer, bufferLength); > *nameEntry->value->flags = specifiedFlags;* Can you be a bit more explicit about