Steve,
X509_NAME_add_entry_by_NID() is not available in OpenSSL-0.9.4 and I'm
limited
to using OpenSSL-0.9.4 for this project.
Since the subject name I'm trying to build is always built from a valid
X500 directory name, is it safe to assume V_ASN1_PRINTABLESTRING as the
type?
Thanks for the hint regarding the ip address.
-Dave
-----Original Message-----
From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 06, 2000 12:33 PM
To: [EMAIL PROTECTED]
Subject: Re: Bad certificate request.
David Ahrens wrote:
>
> Hi,
>
> I'm using openssl to generate a certificate request.
> When I try to build the subject name from a given DN, there are problems
> with the DER encoding.
>
> I've attached a code fragment and the resulting PEM encoded certificate
> request.
>
Not sure why you've commented out X509_NAME_add_entry_by_NID() it
normally does the messing around with string types automatically. The
ASN1_PRINTABLE_type() stuff doesn't always get the type right and
doesn't use BMPStrings and UTF8Strings.
Otherwise your encoding of the IP address is incorrect. It isn't the
string representation of the IP address it is in binary form. There's an
example of conversion in crypto/x509v3/v3_alt.c
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
